Salesforce recently refused to negotiate or pay a ransom after a wave of cyberattacks affected at least 39 of its customers.
Security professionals see Salesforce’s decision as a double-edged sword.
Salesforce Refuses to Pay Ransom Amid Cyberattacks on 39 Customers
MacKenzie Brown, VP at Blackpoint Cyber, said, “Salesforce’s public refusal to pay the ransom sets a precedent that discourages future extortion attempts. However, this strategy shifts the risk to their customers, who must now prepare for a potential data leak.”
Bloomberg reported on October 7 that Salesforce informed its customers it would not pay the ransom, citing “credible threat intelligence” suggesting that threat actors planned to leak the stolen data.
The threat actors, reportedly known as Scattered Lapsus$ Hunters, have targeted major companies including FedEx, Disney, Home Depot, Marriott, and Google.
Damon Small, board member at Xcape, Inc., emphasized that companies are often tempted to pay ransoms, but law enforcement and cybersecurity experts advise against negotiating with criminals.
Small said, “If an organization pays once, they are likely to pay again. It’s difficult to ensure that all remnants of malware will be removed post-payment, so this type of shake-down will continue.”
Small recommended that companies, especially those with large amounts of sensitive information, assume breaches will eventually occur and prepare through regular security assessments and staff training to recognize fraudulent emails.
Salesforce Case Highlights Need for Strong Third-Party Risk Management for SaaS Providers
Brown highlighted that Salesforce’s situation underscores the importance of comprehensive third-party risk management, particularly for SaaS providers.
Organizations should enhance their incident response plans to address potential data leaks originating from a vendor’s supply chain.
Brown added, “This is no longer about just preventing an attack on your own infrastructure. It highlights this need for third-party risk reviews as we see continued supply chain attacks hit the headlines.”
She concluded that while Salesforce’s public stance discourages funding criminal enterprises, the stolen data may still be leaked, transferring the responsibility of mitigation to customers.
