Other security experts told CRN that the breach is another example of how organizations of all types struggle to address security weaknesses and maintain adequate defenses.
Businesses struggle with security on a daily basis, said Dave Lewis, a noted security expert who serves as senior security advocate at Cambridge, Mass.-based cloud platform provider Akamai Technologies.
"We don't do the fundamentals well," Lewis said. "All companies say they have to innovate, but my problem is that they haven't built a strong foundation in order to facilitate innovation."
The scope of the Adobe breach is still likely being understood by the incident response team, said Rob Kraus, director of research on the security engineering research team at managed security services provider Solutionary. Kraus said it's too soon to tell how attackers gained access, but companies often fail to monitor both inbound and outbound communication to prevent data leakage.
"Right now they say they're following the breadcrumbs and how big they are will help them connect the dots of how the person got in and how extensive the damage is," Kraus said. "Most organizations don't have the visibility inside their network to validate what the actual initial point of entry was for the compromise, and that is a serious problem."
PUBLISHED OCT. 4, 2013