improved mechanisms for automatic detection of atypical actions, enriched audit logs;
Posted: Sun Jan 12, 2025 8:25 am
Security. This year, Mindbox experienced its first serious information security incident. Thanks to threat detection tools, the incident was quickly detected and contained.
How we improved platform security after the incident:
found and eliminated points where employees without access rights to sensitive data could indirectly obtain it;
changed development processes to find such points before they reach the product;
reformed the internal stockholder database
system of Mindbox roles: made rights stricter and more granular, limited access scenarios for projects, introduced a mechanism for confirming access by another employee and mandatory two-factor authentication;
implemented an internal phishing simulator;
changed the information security contractor.
In 2025 we plan to undergo audits:
ISO27001 recertification audit with transition to the 2022 version of the standard;
regular audit for compliance with Federal Law 152 and by-laws.
Community and knowledge sharing
Conference. The main event of the year is the fourth Mindbox Conference. It surpassed all previous ones in scale: 4,585 guests on site and online, 21 reports, 8 workshops, 2 discussions and the first CEO Summit offline. 74 speakers spoke, including from TSUM, Auchan, Sunlight, COZY HOME, TanukiFamily.
The conference premiered in the Mindbox Hall. It featured discussions of new platform tools that help squeeze more out of CRM channels, such as:
T—Zh shared the secrets of email newsletter deliverability;
"Petrovich", Ash, Tokio-CITY and "Erkafarm" discussed the future of mobile marketing;
Marketing experts have improved the mailing lists of the AiF. Good Heart foundation.
In addition, the conference became more useful for companies outside of retail — an entire hall was dedicated to them. It featured CRM strategies in travel, edtech, car sharing, real estate, and other industries.
How we improved platform security after the incident:
found and eliminated points where employees without access rights to sensitive data could indirectly obtain it;
changed development processes to find such points before they reach the product;
reformed the internal stockholder database
system of Mindbox roles: made rights stricter and more granular, limited access scenarios for projects, introduced a mechanism for confirming access by another employee and mandatory two-factor authentication;
implemented an internal phishing simulator;
changed the information security contractor.
In 2025 we plan to undergo audits:
ISO27001 recertification audit with transition to the 2022 version of the standard;
regular audit for compliance with Federal Law 152 and by-laws.
Community and knowledge sharing
Conference. The main event of the year is the fourth Mindbox Conference. It surpassed all previous ones in scale: 4,585 guests on site and online, 21 reports, 8 workshops, 2 discussions and the first CEO Summit offline. 74 speakers spoke, including from TSUM, Auchan, Sunlight, COZY HOME, TanukiFamily.
The conference premiered in the Mindbox Hall. It featured discussions of new platform tools that help squeeze more out of CRM channels, such as:
T—Zh shared the secrets of email newsletter deliverability;
"Petrovich", Ash, Tokio-CITY and "Erkafarm" discussed the future of mobile marketing;
Marketing experts have improved the mailing lists of the AiF. Good Heart foundation.
In addition, the conference became more useful for companies outside of retail — an entire hall was dedicated to them. It featured CRM strategies in travel, edtech, car sharing, real estate, and other industries.