An article in a recent issue of PC World highlighted security issues with software produced by Adobe – especially Adobe Reader which is widely used in small and large organizations. The article quotes Kapersky researcher Roel Schouwenberg saying “Adobe at the moment, is the main target.” And the article goes on to suggest that “Adobe” (presumably meaning Acrobat Reader) has replaced “Microsoft” (presumably meaning Windows) as the primary attack vector for hackers.
Attacks on vulnerabilities in application software rather than in the underlying operating system are hardly new. Anyone in the information security world can probably reel off a list of similar cases without too much difficulty. And all information security awareness training should remind students that applications must be kept up-to-date just as much as the operating system and antivirus software.
But this article also provides you with an opportunity to bring security to the attention of business managers. Often, attempts to educate managers on security issues use links and references to IT websites, or to information security blogs. And, all too often, managers ignore these sources because they have no real feel for whether the information is valid, or whether it’s just hype. But a well-written article in a reputable business journal – one that they might well subscribe to – is likely to be read and accepted far more readily.
Try sending a copy of this (or a similar article) to your business managers combined with an appropriate call-to-action (for example, “I’d like to use this opportunity to talk about security at our next staff meeting”), or ask to have it included in the next company newsletter. The weight carried by the journal will make it much easier for your message to be accepted.
Using an article or report from a well-regarded business source – the medium – conveys the message that this really is an important business issue – not just IT hype.