A shifting reliance on e-commerce has created challenges for retailers to customize the user experience while maintaining a strong cybersecurity posture. Stores and organizations handle a large cache of customer data when trading online, including names, phone numbers, personal email addresses, physical addresses, and financial information. The push to further streamline online shopping experiences during the pandemic vastly increased the data making its way through retailers’ networks. Retailers needed a cloud-based solution that helps e-commerce businesses create and manage their online stores and provide a seamless shopping experience for customers.
Many retailers chose Salesforce Commerce Cloud due to its scalability, personalized customer experience, order fulfillment, marketing capabilities, and development tools for developers to create custom applications to meet their business needs. Commerce Cloud is a mature and evolving product, with different versions such as Site Genesis and SFRA. With benefits comes challenges, especially with security. E-commerce sites create new points of entry for threat actors to exploit. Retail organizations are prime targets of hackers looking to access bank details or use data for phishing schemes, identity theft, or to sell on the Dark Web. An online exploit for an e-commerce site seriously undermines trust in the brand.
Application Security Is a Must for Building Trust in Your Brand
Many customers realize the benefits and ease of shopping online, and the growth of e-commerce shows no signs of slowing down. However, many e-commerce sites have hidden vulnerabilities. These increasing risks threaten to damage one of the most valuable aspects of the retail industry – the relationship between consumer and brand. In the face of a cyber-attack, retailers experience brand degradation, causing irreversible business damage.
Retailers and e-commerce businesses using Salesforce Commerce Cloud should strengthen their cybersecurity posture with a DevSecOps process that enables collaboration between developers and cybersecurity teams. One of the ways they can best invest is to use important security practices like software composition analysis (SCA), static application software testing (SAST), and unit tests, including integrating into their existing CI/CD pipeline. Ensuring Salesforce application vulnerabilities are found and mitigated resulting in improved visibility, a more effective defense, and maintaining compliance.
Security Shared Responsibility in Salesforce – Are You Doing Your Part?
Like most cloud service providers (CSPs), Salesforce uses the shared responsibility model. Although some security features cover platform-specific functions, it does not include custom code, data protection such as PII, compliance requirements, and other critical components derived from customization.
Salesforce Shared Responsibility Model
Here are some interesting facts according to a WORLDMETRICS 2024 Report:
- There was a 150% increase in targeted attacks on Salesforce platforms in 2023.
- 90% of Salesforce-enhanced customer data is considered sensitive and requires protection.
- 70% of Salesforce-related cyber insurance claims are related to data breaches.
- 85% of large enterprises using Salesforce have implemented robust cybersecurity measures.
- The average cost of a data breach in a Salesforce environment is $3.92 million.
- Salesforce downtime due to cyber incidents averages 5 hours per event.
- 95% of Salesforce breaches are a result of human error.
Salesforce Commerce Cloud users may employ a vulnerability scanning tool, but many in the marketplace lack comprehensive and in-depth security scanning capabilities. As a result, they generate substantial numbers of false positives, massively straining scarce and valuable internal resources and potentially overlooking real vulnerabilities. The DigitSec platform is tailored for Salesforce Commerce Cloud and includes specific rulesets for B2C applications.
DigitSec is a comprehensive Salesforce code and config security scanning platform that is easy to use, delivers immediate value, and provides a positive business impact. DigitSec is an ideal solution for cybersecurity teams and developers to find security vulnerabilities, recommend corrective action before deployment, and enable faster delivery of secure applications. DigitSec is the only software security scanning system that can address both Site Genesis and SFRA. DigitSec is SOC 2 Type 2 compliant, following internal best practices of security controls, policies, and procedures.
To find out how e-commerce organizations can find, correct, and mitigate risk in their Salesforce Commerce Cloud application development, visit us at www.digitsec.com or email us at sales@digitsec.com.
