This week:
While the biggest news this week was CodeInMotion.ie becoming SecureAndAssure.com (a different name, but the same focus), here are a few other stories worth mentioning:
3 – Online Safety or Censorship?
2 – Salesforce: AI = 4,000 fewer jobs
1 – Attackers are targeting your Salesforce platform
3 – Online Safety or Censorship?
“U.S. social media companies like Facebook and Instagram parent Meta have said the DSA amounts to censorship of their platforms.”
Source: Reuters
What’s the story?
The EU’s Digital Services Act (DSA) is meant to make the online environment safer in part by compelling tech giants to do more to tackle illegal content, including hate speech and child sexual abuse material.
But US tech firms and the US administration see it as a blatant attempt (to force tech firms to actually take responsibility for the crap that gets distributed by their platforms) at censorship of conservative voices.
Last week, they threatened to block any individuals working for regulators in Europe from entering the US.
This week, there’s talk of additional tariffs.
So what?
Why would anyone want to travel to the US these days anyway?
2 – Salesforce: AI = 4,000 fewer jobs
“The vision [is] about creating a new kind of teamwork between software and staff [by] positioning AI as a first responder and humans as escalation points.”
Source: TechRepublic
What’s the story?
Salesforce’s CEO recently mentioned that the organisation has cut nearly 4,000 customer service jobs by deploying AI agents to deal with the most common customer service requests. As a result, their customer service team has dropped from 9,000 people to 5,000 over the last 12 months.
So what?
The CEO does not think this is dystopian.
The young people who could have filled these 4,000 jobs as a starting point for their careers may have a different view.
In any case, this is the reality of the world we now live in.
1 – Attackers are targeting your Salesforce platform
“ShinyHunters has been targeting Salesforce customers in data theft attacks using voice phishing (vishing) since the start of the year, impacting companies such as Google, Cisco, Allianz Life, Farmers Insurance, Workday, Qantas, Adidas, Dior, Louis Vuitton, and Tiffany & Co. [and] multiple cybersecurity companies.”
Source: Bleeping Computer
What’s the story?
While Salesforce reduces its customer service team by 4,000 people, it looks like a large number of their clients are being targeted by cyber criminals.
Based on the numerous reports of breaches over the last few weeks, it sounds like the scammers are emailing and phoning Salesforce customers and fooling them into giving them access to their Salesforce data.
So what?
Scammers aren’t just trying to get their hands on usernames and passwords.
They’re also trying to fool your staff into granting them backdoor access into your cloud systems (including Microsoft365 and Salesforce).
This takes advantage of something called ‘OAuth’. If you’ve ever used a service like Calendly to allow people to book time in your work calendar (like I do here), you’re probably using OAuth.
While I don’t expect you to know much about OAuth, I hope your IT / SaaS providers do.
And I hope they’ve done something to restrict who can grant OAuth access to your data.
[If you’re not so sure you or your IT support providers are thinking about these things, maybe you need someone to perform an independent security assessment. And just to smack you in the face with a blatant sales pitch: That someone is me.]