As businesses begin to slowly reopen, some employees will opt to return to the office while others will skip the commute and continue to work from home. But no matter where their employees work from, it’s crucial for organizations to quickly identify, detect, respond, and recover from threats. According to a recent survey, almost two-thirds of IT leaders are investing heavily in information security and compliance to help protect remote workers from sophisticated cyber attacks.
In part two of a 3-part virtual event series, experts from Salesforce, RevCult, FairWarning, and OwnBackup recently got together to discuss how organizations using Salesforce can better understand, organize, manage, and mitigate security risks. The group was also joined by former White House CIO Theresa Payton, as she shared her thoughts on the impact of the current global crisis on cyber threats. Highlights from the event are below, along with a video clip from Theresa’s Q&A.
For an event on cybersecurity, it doesn’t get much better than hearing from an internationally renowned cybersecurity expert and former White House CIO. Theresa Payton joined OwnBackup’s Scott Cunningham for a discussion about her time at the White House, negotiating with cybercriminals on the dark web, and the importance of data resilience and recovery when faced with a cyberthreat.
In the clip below, Theresa talks about the specific things organizations should be thinking about to prepare for a cyber attack. To see the full recording of Theresa’s Q&A, click here.
“You need to be thinking about how your business continuity plan, regardless of what unplanned things happen, allows you to have a strategy for resiliency and recovery. And that will serve you very well.”
- Theresa Payton
In 2013, The NIST Cybersecurity Framework (CSF) was created and identified the five primary pillars every organization should adopt for their cybersecurity program: Identify, Protect, Detect, Respond and Recover. In his session, OwnBackup’s Chief Information Security Officer Lee Aber explains why organizations use the NIST CSF to guide their security strategy, and which CSF functions companies are increasingly focused on:
“Years ago, when you looked at organizations’ maturity levels around these 5 functions, you used to find that investments in security were around protection-driven controls, like Identify and Protect. Over the last few years I’m seeing an increased focus on the Detect, Respond and Recover functions, or the ‘resiliency functions’. And what’s interesting is that you can actually follow those trends in the investment patterns of organizations.”
- Lee Aber
Salesforce’s CTO of Security, Taher Elgamal, joined the event to share Salesforce’s approach to security and the key priorities of their security strategy. The most important pillar, according to Taher, is to “Nail the Basics”, which means implementing and enforcing basic security measures like patching cadence, authentication, authorization, and detection. Taher says:
“The vast majority of security breaches in the world come from bad or stolen passwords and from vulnerabilities that haven’t been patched. So if we manage these two things, the rest of the job is to manage the remaining 5% of the advanced threats.”
Pete Thurston has worked in the Salesforce Ecosystem for nearly 15 years and is the Chief Product & Solutions Officer at RevCult, who specialize in performing security risk assessment for companies who use Salesforce. During the event, Pete shared the top trends from those risk assessments and some of the most common security mistakes he sees companies make. Here’s one of them:
“The number one thing we see in our risk assessments is a lack of data classification- not knowing what data you have in Salesforce. We ask customers, ‘what are you doing in Salesforce?’ And they say, ‘Oh I’m doing sales and I’m doing service, a little bit of everything.’ Not knowing those data elements makes it a real struggle in terms of figuring out what security controls to prioritize.”
For the past 13 years, Verizon Enterprise Solutions has released an annual “Data Breach Investigations Report” (DBIR), which provides insights on the latest threat types across industry and geography. A former author of the report and Salesforce Security Specialist Kevin Thompson joined Mike Mason of FairWarning to discuss the most recent DBIR and its key findings. Kevin also talked about the importance of an evidence-based security strategy:
“You might think that it’s obvious that malicious insiders are going to be one of the biggest threat vectors. But as we get into the report, you’ll find that the evidence doesn’t completely back that up. Similarly, there were a number of years where everybody was concerned that mobile applications were going to be a major source of security vulnerabilities-and the data just never backed that up. So we want to make sure that we are making our risk decisions around evidence whenever we can.”
- Kevin Thompson