Keeper CEO: Workday Breach Highlights Need to Extend Cyber Defence to Third-Pary Ecosystems

Social engineering. That’s how hackers breached Workday’s defences early this August, pilfering away personal information from one of the company’s third-party customer relationship databases.

This much was admitted by Workday itself in a blog it published on Friday curiously titled “Protecting You From Social Engineering Campaigns: An Update From Workday.”

“At Workday, trust and transparency guide everything we do. We want to let you know about a recent social engineering campaign targeting many large organisations, including Workday,” the blog opened. “In this campaign, threat actors contact employees by text or phone pretending to be from human resources or IT. Their goal is to trick employees into giving up account access or their personal information.”

In the same blog, Workday also indicated there was “no indication of access to customer tenants or the data within them”—something corporate customers typically use to store the bulk of their human resources files and employees’ personal data. However, it should be noted that nowhere in the blog did the company rule out a breach of said tenants, which opens the possibility that this cyberattack could potentially be bigger than initially reported.

Third-Party Ecosystems: A Forgotten Attack Vector?

The Workday breach, in the eyes of Keeper Security CEO and Co-Founder Darren Guccione, just shows why companies need to be as vigilant in securing their third-party ecosystems as they are in protecting their primary systems. Unfortunately, companies are evidently a bit too lax when it comes to safeguarding these external integrations, and some like Workday have paid the price already.

“Even when primary systems remain intact, external integration points can serve as gateways for attackers. These third-party ecosystems often are not subjected to the same level of scrutiny and control as the internal environments,” Guccione told Cybersecurity Asia in an exclusive commentary on the Workday breach. “Attackers will therefore impersonate HR or IT personnel via phone and text to trick individuals into granting access or divulging sensitive information. Although the data accessed may appear limited, it can subsequently fuel highly targeted phishing or bespoke social engineering schemes on customers by using their own personal data.”

With social engineering becoming more and more sophisticated and believable, no thanks to Artificial Intelligence, it goes without saying that digital subterfuge and trickery will be used over and over to target whatever vectors have the least protection—and in Workday’s case, that weak link appears to be the company’s third-party ecosystems.

What Can Companies Like Workday Do?

While the situation is worrying, it is actually rectifiable if companies recognise how third-party integrations expand the cyberattack surface exponentially. This recognition, in turn, will enable businesses to take proactive steps to protect these exposed systems—including training employees to detect deepfakes, phishing, and other digital modi operandi.

“Organisations should therefore view third-party applications, vendor tools, and CRM systems as integral extension points of their own attack surface,” said Guccione. “They should restrict access to what is necessary, and implement Privileged Access Management (PAM), zero-trust architectures and zero-knowledge approaches to limit exposure. They should require all partners and third-party platforms to undergo regular security assessments and continuous monitoring. Employees should be trained with frequent simulation testing in order to raise awareness. It’s also important that organisations deploy continuous monitoring and rapid response in order to flag and attend to any unusual access.”

Business heads and key decision-makers better take note because incidents similar to Workday’s breach is more common that organisations would like to admit and will continue happening to enterprises big and small. This is why, according to Guccione, organisations must respond accordingly and appropriately.

“The Workday breach is not an isolated incident—it’s part of a broader, escalating digital threat landscape where malicious actors seek to exploit human trust, third-party tools, and misaligned legacy processes,” Guccione further pointed out. “Organisations must treat security as an enterprise-wide discipline, extending beyond the immediate perimeter, into every integration, every external vendor and every employee interaction.”