CRM giant Salesforce, and sales engagement platform Salesloft, recently announced that they are responding to a cyber security incident.
The security advisories issued by the company indicate that this may have resulted in unauthorised access to some customer organisations' data.
Customer relationship management and other cloud-based service models are attractive targets for threat actors. This incident is a timely reminder that any compromise may not just be a problem for the vendor; it has the potential to impact customers and users of any platform affected, bearing in mind platforms often work in conjunction with each other. While there are few details regarding the incident so far, it appears the incident originated in the Salesforce Drift application, a conversation-driven marketing platform. Drift can integrate with over 50 different platforms, meaning that the impact of this incident could be significant.
Cloud based services present the opportunity for threat actors to compromise a vast network of customer businesses, given the extent of their integration. Often, the goal is to steal personal data and demand ransom payments, failing which the personal data will be published on the dark web. This exposes data controller organisations to the risk of regulatory intervention by the UK Information Commissioner's Office, as well as individual claims for compensation from affected individuals. There is also increased risk of a direct cyber security incident involving customer companies where stolen data could be used to enhance future attacks, through phishing or otherwise. Ultimately, this type of vendor cyber security incident shifts the risk profile for customers across the supply chain and this change in risk should be managed proactively.
According to this year's Cyber security breaches survey, many organisations are not properly managing the cyber security risk posed by their supply chains. Only 14% of UK businesses reviewed the risks posed by their immediate suppliers, and only 7% considered their wider supply chain. Larger organisations tended to take a more robust approach, with 45% of large businesses reviewing the cyber security risks posed by their immediate suppliers. Even still, this means that over half of large UK businesses are not properly considering the security implications of their third-party providers.
In our previous blogs and insights, we consider what organisations should be doing to properly manage their data risks.
- Cyber attackers are shopping around for weak links in retailers' supply chains | Burness Paull
- Cyber Crime in the Trust Economy: Navigating an evolving threat landscape | Burness Paull
A cyber attack on your vendor could result in a cyber attack on you or any customer in the supply chain. It is prudent to review risk registers in relation to any known incident affecting relevant vendors and consider any immediate actions, including security audits and awareness and training for employees.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
