Understand Security Risk

Flower icon used to indicate that the content is for Salesforce Classic

Attention, Trailblazer!

Salesforce has two different desktop user interfaces: Lightning Experience and Salesforce Classic. This module is designed for Salesforce Classic.

You can learn about switching between interfaces, enabling Lightning Experience, and more in the Lightning Experience Basics module here on Trailhead.

Learning Objectives

After completing this unit, you’ll be able to:

Describe the ways cybercrime could hurt your company.
Name the top human behaviors that intruders exploit.
Name the most common methods criminals use to get access to information.

Cybercrime Is More About People Than Technology

Global cybercrime is on everyone’s mind, considering that we use technology all day long in our personal lives and at work. In 2015, Verizon’s Data Breach Investigation Report estimated the annual cost of global cybercrime at a whopping $100 billion.

The threat landscape is more complex than ever, and it’s never been harder or more crucial for security teams to prevent, detect, analyze, and respond to threats.

Criminals have shifted their tactics from technological attacks to targeted assaults on employees by manipulating basic human behaviors. Your company’s people are now your biggest security threat, because they present the easiest opportunities for hackers. More than ever before, every person has an impact on security regardless of their function or title.

It takes only one employee to set off a chain of events that may compromise your company’s data. This makes security part of everyone’s job. In this module, we look at some basic behaviors that every employee can adopt to help make the company more secure.

Intruders Exploit Normal Human Behaviors

Let’s talk about human nature. Criminals have learned they can exploit typical human emotions and reactions to steal credentials and infiltrate your network.

Fear: “If you don’t give me the information, I will report you to your manager.”
Trust: Authentic-looking email from your bank: “Your account has just been closed. Click here to reactivate.”
Morality: “Can you hold that office door open for me? My arm’s broken, and this package is heavy.”
Rewards: “My company is considering investing in your products. Can you answer a few questions about your organization first?”
Conformity: “Bill Stevens from Finance always gives me updates about Q2 earning, but I can’t get a hold of him. Can you help me with the report?”
Curiosity: “Wow… Check out this video of a giant snake eating a zookeeper!”

Spot Some of the Basic Methods

These entry point methods represent common techniques that cybercriminals use to prey on our humanity and get what they want.

Phishing and Malware: An attempt to acquire sensitive information, such as usernames, passwords, and credit card details, by masquerading as a trustworthy entity. This method is used to trick users into downloading software intended to damage or control a device or network.
Social Engineering: In the context of security, social engineering is the art of manipulating people into taking action or revealing confidential information.
Exploiting Public Info: Using publicly available information to help design a social engineering attack, crack a password login, or create a targeted phishing email.
Badge Surfing: Getting into a secured area, either by following a legitimate badge holder in or by somehow persuading that person to let them in.
Eavesdropping: Secretly listening in on private conversations.
Dumpster Diving: Collecting information from the recycling or trash that was not appropriately destroyed.
Installing Rogue Devices: Installing wireless routers or USB thumb drives where they can give a hacker access to a secure network.

Resources