In October 2025, Salesforce experienced a significant breach with hackers claiming to have stolen more than one billion data records from Salesforce’s clients. This breach evolved into a ransomware attack, as the bad actors demanded money to prevent the sensitive data from being released. However, Salesforce refused to pay, and some records were released, including records from large corporations such as Fujifilm, Gap and Vietnam Airlines.
The Salesforce breach isn’t the only event in the news; other companies, such as Google, TransUnion, and Workday, were also hit with cyberattacks in 2025. According to IBM’s 2025 Cost of Data Breach Report, the average cost of a data breach in the U.S. is $10.22 million, which is at an all-time high for all regions. With the potential for significant costs from a cybersecurity event, board members are taking notice and applying pressure to the organization’s cybersecurity staff.
When I started my IT career in the late 1990s, passwords were generally optional, and most privileged accounts were named “admin” or “administrator”, and the password was “Password123”. Despite the first computer virus, Creeper, being inadvertently launched in…
