10-31-13 | Blog Post
The Adobe hack originally reported earlier this month turns out to have affected 38 million total users, including financial and personal account data. Adobe claims the 2.9 initially reported had their credit cardholder data compromised, while the additional millions had their encrypted passwords stolen. In addition, a letter to Adobe customers claims that hackers may have even used their systems to decrypt some of the passwords.
While merely speculative during early investigations, it has been recently verified that the source code for Adobe ColdFusion, Acrobat, Reader, and Photoshop have been stolen and posted online. Photoshop’s source code appeared to be unencrypted, according to TheVerge.com.
As I’d originally wrote about in Source Code, Encrypted Data Stolen as 2.9 Million Affected in Adobe Breach, compromised source code is serious business since a breach of an end user product allows hackers to write new malware and viruses for said product, and use them to access sensitive/confidential corporate or personal data.
JDSupra Law News has deemed 2013 as the “Year of the Mega Breach Cybersecurity Awareness Month” due to the sheer size and litany of big-name breaches in the past few months alone – they name the seven biggest breaches of the year to include:
In addition to the New York Times, Federal Reserve, PHP.net, and many others were hacked. With healthcare, financial and pharmaceutical companies being targeted, the proliferation of high profile breaches is continuing to escalate data breach costs. The breakdown of per capita data breach costs by industry can be seen in 2013 Healthcare Data Breaches Cost 71% More Than The Average Data Breach.
What can a company or organization do to protect against the threat of an attack on their systems? Layer up with security and create a comprehensive defense in depth solution that ties together log and file monitoring, two-factor authentication, patch management, vulnerability scanning and other technical security tools that can potentially detect and prevent a data breach of proprietary or sensitive data. Weigh the cost-benefit analysis of preventative IT and the potential cost per record of a data breach in your respective industry – a little bit of good security can go a long way.