• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Security   »   What We Can Learn from the Adobe Class Action Lawsuit

What We Can Learn from the Adobe Class Action Lawsuit

  • Posted on:April 30, 2015
  • Posted in:Security, Targeted Attacks
  • Posted by:
    Bob Corson
0

This week, Adobe announced a settlement of a class action lawsuit that was filed against them as a result of a 2013 data breach. This followed a 2014 finding that Adobe’s conduct was a contributing factor to the damages sustained by the plaintiff; namely representatives of some of the three million credit or debit card holders.

The potential for legal action is not limited to Adobe or the loss of credit card data. What we all need to consider is whether the conduct of your organization appears to be a key attribute in determining liabilities resulting from a data breach.  This is not to suggest any malice in the case of Adobe. As a former employee, I can state it is a well-run ship.  I do not have all of the facts on the case, and I am not interested in passing judgment. What I am interested in is pointing out the fact that given all the time and attention targeted attacks are being given in the media and security industry, it is time we collectively addressed some elephants in the boardroom.

To avoid being the next headline, we need to come to terms with the fact that a clear trail of evidence and action is being taken to address the problem. Security team, executives and board members must be seen as having taken ongoing and proactive steps to identify, inform and manage the risks associated with targeted attacks. To be clear, there is no silver bullet to this problem. Despite all the marketing hype around zero-days attacks, exploits and the latest threat research du jour, the sage approach is to develop an ability to detect what is designed by your adversaries to be undetectable. Looking in the same nook and cranny and expecting to find something new is at best wishful thinking. In other words, solutions designed based on yesterday are of little value to help you solve tomorrow’s problems.

Given this, should you read, hear or be told that monitoring the network equivalent of only your front door and window is enough to detect modern targeted attacks, I hope your false sense of security alarm is rattling loud and clear.  For your security teams, executives and board members to be seen as proactive and serious about addressing the unexpected risks, costs, strategic and professional impacts associated with targeted attacks, they need the ability to detect and act upon the unexpected and the unseen.  Why? Attackers are by nature unpredictable; therefore, how you detect, inform and take action must take this into account. One cannot implement a static approach, that being to merely monitor the perimeter and a few end user protocols and expect to catch a dynamic adversary.  Caveat emptor: there are organizations that espouse this storyline and claim a level of expertise as a means to support this proven false premise.

Despite what you may have read or been told, your organization needs to have a 360-degree view of all activity across all internal and external network traffic, over all 65,000 ports – and to be able to detect what is happening on over one hundred protocols. Others may have you believe that a myopic approach of monitoring only web, email and file content used by your employees is all you need. However, as previously suggested, the enemy may already be well within your gate; therefore, you need eyes everywhere.

For more insight into the need and path ahead for your executives and board members to address targeted attacks and advanced threats, I encourage you to provide them with the following resources:

 

  • Insight into the potential impacts of a targeted attack: http://www.trendmicro.ca/en-ca/boxes/videos/20141009180731.html

 

  • An opportunity to run a targeted attack simulation: http://targetedattacks.trendmicro.com/

 

  • A rationale for investing in a targeted attack solution: https://enterprise.apac.trendmicro.com/apt/webinar/TargetedAttacks_AdvanceThreats.pdf

 

 

Related posts:

  1. This Week in Security News: Over 2,000 WordPress Accounts Compromised and Facebook to Pay $550M to Settle Class Action Case Over Facial Recognition
  2. Trend Micro Researchers Discover New Adobe Zero Day Attacks
  3. New “Zero-day” in Adobe Flash: What You Need to Know
  4. April 2016 Microsoft and Adobe Security Patches: Badlock Not So Bad and Adobe Fully Closes Pwn2Own 2016 Vulnerabilities

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.