Sad state of Salestech security
Every company relies on sales and marketing SaaS to increase sales.
This is something everyone can imagine.
But let me tell you about the dark side of it.
Email access
All those CRMs only work well when integrated with your company's email system.
So even emails that were not supposed to be sent to the CRM SaaS will be.
Not only that, but to send emails on your behalf, you usually have to enable 'less secure' apps on Google Workspace, for example.
Session hijacking
To automate social network actions, e.g., sending LinkedIn messages, SaaS companies try to minimize the chances of being caught.
Do you know the most reliable way to do that?
Yes, by asking for your current session ID.
Instead of allowing automation with a clear boundary, social networks force vendors to the point of asking for your session ID.
Supply Chain Risk
If you hack these vendors, the damage can be substantial.
- Hacking a CRM company is pretty much the same as hacking the email server.
- Hacking an Automation SaaS is pretty much the same as an Account Takeover.
