Why Dyre is Different and What it Means to Millions of Salesforce Users

Cloud Security, In the News, Latest Trends

Written by Michael Higashi

For organizations that handle sensitive financial information, data security is growing ever more challenging and the stakes ever higher. Major data breaches hit the headlines with alarming regularity (just think of Target, Home Depot, and the like), and their consequences are severe. We at CipherCloud have long warned that enterprises concerned with cloud data protection must take control of it themselves in order to stay safe. The Dyre malware is a clear example of why. A malware that “typically targets customers of large, well-known dyre_malware_cloud_data_security_for_salesforcefinancial institutions,” Dyre (or Dyreza) may now also be targeting users of the popular cloud CRM platform Salesforce, according to a Salesforce security alert. The malware seeks to steal user names and passwords, which hackers can then use to access user accounts. And when it comes to cloud-based CRM and other enterprise SaaS applications, which often contain a wealth of confidential customer financial information, the damage done by a single compromised account can be enormous. The Dyre situation illustrates the need for cloud data security to be a shared responsibility between the cloud service provider (CSP) and the customer. On the server side, CSPs have a duty to protect their networks and other infrastructure from external attack and to rigorously control and monitor employee access to customer accounts in order to protect customer data from insider threats. Salesforce performs these duties exceptionally well and do everything they can to earn and deserve their customers’ trust.

Download the Tech Note: Three Steps to Reduce the Risks of Account Hijacking for Cloud Applications

But cloud data security doesn’t belong only to the CSP. Just as end users must take responsibility for the strength and confidentiality of their passwords, so too must enterprises take responsibility for the protection of authentication credentials that could be used to access sensitive information in SaaS environments. CSPs like Salesforce do make sure that no one without the correct credentials accesses an account on their servers, but they cannot make sure that only authorized users have those credentials to begin with. That’s up to the enterprise.

So how can enterprises take responsibility for their SaaS account credentials?

Customer-side encryption through CipherCloud’s platform is key. Cloud-provided encryption won’t do, as hackers using credentials stolen with Dyre will be able to access and decrypt whatever data is available to the original account holder. Customer-side encryption, on the other hand, will make sure that malware and hackers never get access to those credentials in the first place. Additionally, it isn’t just enterprise end users’ credentials that must be protected, but also enterprise customer data that could be stolen and used for personal account hijacking. Here, again, CipherCloud is the key. Using granular encryption options, enterprises can strongly protect their sensitive information. Are you worried about Dyre and the impact of malware on cloud data security? Tell us what you think in the comments.

Next Stepswhite-paper-best-practices-in-securing-salesforce-cover-3d-web-193x300

Discover, Protect and Monitor your data in Salesforce. With CipherCloud for Salesforce you can:

  • Discover what your users are doing in the cloud and prevent data loss with detailed and precise visibility over all activity in Salesforce.
  • Protect your cloud data with strong encryption, tokenization, and malware protection to ensure that no unauthorized users can access sensitive information.
  • Monitor cloud usage with complete visibility over user activity and alerting on user behavior anomalies.