In the wake of the recent hacking attack on Adobe Systems, cyber-security experts have highlighted how companies having an incident response plan in place is as important as preparation against such attacks.
Cyber-security experts have highlighted Adobe’s disclosure and public assurance as a good model for a company’s incident response, with clear steps in place to investigate and determine cause and impact, alongside a plan for interacting with the public.
As E&T reported last week, in the case of Adobe, the company was quick to publicly acknowledge the attack by hackers, who stole the source code of some of Adobe’s most popular software titles, as well as data about millions of its customers.
Writing on an official Adobe blog shortly after the attack was disclosed, chief security officer Brad Arkin said that the company had been investigating the breach and that it had no evidence of any attacks based on the theft. “We are not aware of any specific increased risk to customers as a result of this incident,” he wrote.
Adobe also said it was working with banks and federal law enforcement to mitigate intrusions on customer accounts and to pursue those responsible. The hack was initially uncovered when cyber-security journalist Brian Krebs and security expert Alex Holden found a cache of Adobe code while investigating unrelated attacks at three major US data providers.
Speaking exclusively to E&T, Tom Cross, director of security research at Lancope, commented: “With respect to the Adobe incident, it’s good news that they discovered the incident, they have reported it and they’re analysing it and attempting to understand it as well as they can. I think that’s great and other organisations need to look at how Adobe has handled this incident and think about their level of preparedness in terms of if their organisation is breached, do they have the skills and tools necessary to analyse incidents that they have been subjected to, can they piece together an attack that happened on their network, do they have audit trails of activity that happened in their environment?”
Cyber-espionage attacks can take a number of forms and originate from a variety of motivations, including theft of intellectual property, to gain competitive economic advantage or for analysis of software code to identify security vulnerabilities that can be exploited.
“There’s a concern that a lot of this intelligence gathering is being done for an economic reason and it’s being done to steal information that is useful primarily for a competitive or economic application,” Cross says. “When we’re talking about this subtle removal of information, it could be years before you really feel the consequences – and you may feel those consequences in ways that are hard to relate back to the attack activity that you’re seeing on your network.”
“It may be that they’re looking to use that code for security research or it may be that they’re interested in understanding how Adobe does some of the things it does in their product and they intend to bring competing technologies to market. Any company that develops unique technology is concerned about that risk,” Cross noted.
As for how best a company can shield itself from the “collateral damage” of a cyber attack, Cross’s advice is simple: “Be prepared. The reality is that you can’t assume that this is not going to happen to you or that your perimeter defences will stop it. Regardless of how sophisticated your computer security approach is, when you’re talking about adversaries at this level, you may still be compromised. You need to think about what are the steps you’re going to take when it happens, are you prepared to respond to an incident, do you have a plan to deal with that. If you’re prepared, when you do end up in this situation, you’ll be ready to handle it.”
Follow E&T's cyber-security news coverage