Salesforce.com accelerates a cultural transformation
Google, Facebook, Apple, New York Times, and numerous other leading corporations across the globe have fallen victim to sophisticated cyber-attacks. In each case, employees were the unknowing entry-point into the company’s system. For Salesforce.com, the leading provider of cloud computing, the threat of a cyber-attack is particularly close to their business.
To further the transition towards cloud computing, drive product sales, and enable future growth, the company recognizes security as critical to success. With the prevalence of new cyber threats, Salesforce.com is committed to further implementing a security-first culture among both current employees and new talent. To accelerate execution of the security-first initiative, the company was challenged to shift employees’ mindsets and build strategic alignment to effectively protect property, assets, and sensitive information.
Navigating from strategy to execution, Salesforce.com aimed to create a security-first mindset among each member of the organization. The company recognized that employees must understand the role of security both internally and externally, from the customers’ perspective, while also understanding common vulnerabilities from online phishing scams to social engineering tactics and physical security threats.
To enable success, Salesforce.com partnered with BTS, a leading strategy implementation firm, to develop an interactive strategy execution program. To deliver maximum applicability and impact, BTS consultants worked closely with the company’s Trust team and cross-functional leaders to craft an experience aligned to and reflective of the key strategic priorities. The resulting 90-minute customized initiative integrated a series of experiential learning activities designed to:
Immersed in the high-impact experience, teams of cross-functional employees were given the opportunity to step outside of their traditional roles, collaborate in new ways, and explore security vulnerabilities in a risk-free environment. Assuming the role of a cyberattacker, individuals designed their own attack, and as a result, ultimately identified the basic behaviors each individual can practice to make the company more secure. By practicing execution in an interactive, competitive environment, the managers’ first-hand experience enabled them to appreciate the threat of a cyber-attack and recognize the value of the security-first initiative.
Following the cultural transformation and strategy execution initiative, participants were unknowingly subjected to penetration tests using phishing emails to measurethe effectiveness of the Detection Everywhere program. The results demonstrated the effectiveness of the experiential learning initiative in embedding a security-first culture into the organization. Detection Everywhere alumni clicked on phishing links and downloaded non-secure files at lower rates and reported security incidents at higher rates than the general population, both indicating the positive behavioral impact.
From the perspective of participating leaders, the program was highly impactful, and the results are tangible:
The successful alignment of Salesforce.com’s employees to the security-first initiative has proved instrumental in accelerating the cultural shift at every level of the organization, ultimately better protecting the company from security threats.
The successful alignment of Salesforce.com’s employees to the security-first initiative has proved instrumental in accelerating the cultural shift at every level of the organization, ultimately better protecting the company from security threats.
The positive momentum is expected to continue. Going forward, BTS will continue to serve as a strategic partner, implementing the program globally to ensure that the security-first culture is effectively embraced and the company’s property, assets and sensitive information is protected across all locations.