Adobe recently announced that it was the victim of a major cyber security breach. The software specialist fessed up to having almost three million customer records – login details and credit card data included – stolen in the process. Although it looked to be a catastrophic ordeal on the surface, Adobe claims that the breach poses little risk to consumers since their data was encrypted in order to meet PCI compliance. To counter the attack, the company reset passwords and suggested that customers change them, particularly if they use those passwords for other accounts.
For Adobe’s sake, hopefully those attackers aren’t using that encryption-busting technology the NSA is reportedly using. But customer data is just the tip of the iceberg. Also lost in that breach were source codes to a number of software products, including Adobe Acrobat, ColdFusion, and Reader. As DarkReading explained, nabbing the heart of the company’s intellectual property could put the perpetrators of this cyber attack in line for a lucrative payout.
While Adobe is trying to figure out where it all went wrong, spectators are trying to access the level of damage and what it come mean for the company moving forward. For now, we’re going to focus on the lessons that can be learned from another crisis in cyber security.
1. You’re A Target
Some of the biggest fears coming out of the Adobe breach are based around what the attackers can do if they are able to bypass encryption and get their hands on the data it protects. With that said, you don’t have to be a big time software company with thousands of customers to be a target. You could operate a two-person law firm or a mom and pop liquor store – if you have data in your possession that others find valuable, consider yourself a target.
2. Threats are Constantly Evolving
There is a community built around just about everything, and hacking is no exception. Hackers often roll in tight-knit groups that share intelligence and tools they can use to make victims out of their next target. As as a result, tactics such as DDoS and malware-driven attacks have increased in effectiveness. As you read this, there is probably a group of cybercrimals passing around Adobe’s stolen goods in attempt to extract its true value.
3. Your Existing Security Practices Are Flawed
If it’s one thing the Adobe debacle and other high profile security breaches have taught us, it’s that our existing security measures can only do so much. Even with its collection of fancy firewalls, encryption software, and network security protocols, Adobe couldn’t fully protect its precious data from outsiders. The crazy thing about all this is that despite the fact that your current defense system can literally be obliterated, you need those individual components that comprise it. They provide protection against several known threats and without them, you’d be screwed!
4. It’s You Against the World
Sometimes we have to adopt a me against the world mentality, keep our guard up to a point where we refuse to let anything in. Maybe overkill on a personal level, but it’s a sound approach to take to cyber security. In this mindset, you’re more likely to devote due diligence to implementing the monitoring, detection, and prevention practices that will reduce your vulnerability. And when disaster strikes, you already have a response plan designed to minimize the damage and rapidly get your operation back at full speed.
5. It’s Not as Bad as It Seems
Adobe is merely the latest in a number of high profile security breaches to go down in 2013. LivingSocial, Drupal, and handy note-taking app Evernote are also among the well known names to be victimized in huge breaches this year alone. It’s much of the same year after year, but don’t fret, because there is hope for us yet. With a dedication to securing commonly targeted areas such as passwords and placing extra focus on risky applications like Java or anything that has to do with mobile, you can dramatically reduce your risks to the most advanced security attacks.