2026 Salesforce Data Trend #2: Security Overhaul in Response to Ransomware Attacks

‍

In this blog post series, we present our seven predictions that will redefine how enterprises secure, scale, and protect their Salesforce data in 2026. This is the second blog post in the series, and you can read the first one here. Join us on January 29th when Odaseva CEO Sovan Bin will host a webinar to explain each trend in more detail, and answer audience questions. Register here.

2026 Salesforce Data Trend #2: Salesforce customers will adapt their security strategy in light of recent ransomware and OAuth attacks

‍

What: CISOs will take charge of securing Salesforce instances in 2026. In light of recent high-profile social engineering attacks and OAuth security incidents in 2025, Salesforce customers (should) by now realize they must adapt their security strategy to safeguard their most sensitive data. This will require giving more visibility to CISOs, who will adopt a risk-based approach for their organization's most sensitive data, and enhance the defense of their Salesforce API.

‍

Why: Pre-2026, many enterprise security teams didn’t have access to Salesforce, and so Salesforce Admins were responsible for Salesforce security. But that’s shifting as a direct result of the 2025 ransomware and OAuth attacks. Much like when Salesforce customers did not prioritize backups due to a misunderstanding of shared responsibility, CISOs now understand that securing Salesforce data is a critical part of their security mandate. Because of these recent high-profile breaches, CISOs will need to show the C-suite that they're managing the risk better than before, instead of asking the Admin teams to take responsibility for Salesforce data security. CISOs will collaborate with Admins to achieve this.

‍

How: CISO's will do two things to fortify their Salesforce data's security:

‍

i. CISOs will take a risk-based approach:

Instead of trying to do everything all at once, CISOs will start by identifying the most serious risks to their organization's Salesforce data, and begin securing the most critical data and connections first.  Because they will need to secure data under conditions where a malicious actor already has access to the Salesforce instance through a successful social engineering attack, they will seek solutions to store the most sensitive Salesforce data outside of Salesforce in an external vault. They will also seek the strongest encryption methods to secure Salesforce data at the highest level.

‍

ii. CISOs will enhance the security of Salesforce APIs:

Enterprises commonly partner with many third-parties that connect to their Salesforce Org via their Salesforce API. In 2025, we saw that if attackers steal the API access token, they can connect to another system to perform malicious activities. As enterprises integrate more and more cloud apps that all must communicate with each other, it increases the risk surface area because all connections will rely on a single point of failure/vulnerability. 

‍

While Salesforce is replacing Connected Apps with External Client Apps to change how to interact with Salesforce APIs, Salesforce customers will seek an additional path to elevate the API security on their end, involving adding another security layer (such as masking in front of the API, which can achieve additional protection). The result is that if an attacker steals an API access token, there is another security layer protecting the most sensitive data. Another solution will be to expose less data in Salesforce to the API so that if an access token is stolen, attackers can only access a small subset of data instead of everything. 

‍

We’ll be publishing the next trend soon, stay tuned! Don’t forget to register for our January 29th webinar, hosted by Odaseva CEO Sovan Bin, to learn more about each trend in more detail.

‍