By Robert Peterson, Liaison Technologies
“Did you hear the one about the household name software giant, the cybercrime gang, and the massive data breach?” Well unfortunately this is no joke, and I’m sure there are certain execs who will definitely not be seeing the funny side (or much of their spouses) whilst they attempt to clear up the mess.
There are some alarming aspects to this breach – the theft of the source code to various Adobe products is a huge worry, and if that was the true goal of the attack then we can expect a flood of zero-day exploits coming down the line. I for one immediately uninstalled Acrobat Reader as soon as I heard the news about said breach, and I doubt I’m alone in this (hint, other PDF reading software is available: http://www.pcworld.com/article/2027961/ditch-the-pdf-headaches-three-safer-speedier-adobe-reader-alternatives.html).
Maybe, though, the true target was the 2.9 million records of payment card information that was stolen. OK, so it was encrypted, but it’s no secret that encryption can be broken, and not just by the NSA. As tools and technologies march on, what was once considered bullet proof is no longer seen as so.
One approach Adobe could have taken that would have at least mitigated this aspect of their breach is tokenization. Tokenization means the replacement of sensitive information with a meaningless, unrelated token, typically made to look like the original data. For true tokenization solutions, such as Liaison Protect , a data vault is used to store the association between the original data and the tokens, meaning that there is no mathematical relationship between the tokens and the data whatsoever. With no relationship between the stolen data and the actual payment details, the stolen data would have been literally worthless, and Adobe would have 2.9 million fewer sincere apologies to make. The era of being able to rely on perimeter security and encryption alone to protect sensitive data is well and truly over.”