Is PDF Application Security really that important?
Cyber attackers today are intent on not only stealing data, but also crashing systems, damaging reputations, or just simply showing off their hacking prowess. As a result, businesses, schools and government agencies have to spend more resources to battle those attacks. It’s not only expensive from an IT perspective, but also in the potential loss of trust in that organization by their customers and constituents. A recent survey by PWC found that 28.6% of respondents claim their company suffered financial loss due to a security breach incident. That’s a worrying statistic for sure.
Universally-accepted file types – including PDF, unfortunately – are one of many ways these hackers gain entry to systems by embedding malicious code into the files. So choosing a PDF software application that fully uses modern mitigation techniques to reduce risk is obviously important. To help you understand the risks and evaluate a vendor’s approach to security, we have recently updated and published the white paper PDF Application Security – How to minimize your risk. It’s available for free from Adobe’s web site.
The white paper contains results of independent third-party testing on the entire Acrobat family of products, specifically related to security. Adobe Reader X and Adobe Acrobat X produced excellent results in security testing by implementing what security experts call a “defense-in-depth” approach within the software and as offered by the operating system. Adobe Reader XI and Adobe Acrobat XI have improved security and sandboxing even further, and Adobe continues to invest in security. This investment has helped reduce the need for out-of-cycle security updates. Note in the diagram below, Adobe Acrobat X only had two out-of-cycle security updates, while Adobe Acrobat 9 had seven. Deploying a software patch is a timely and expensive process, so we want to help IT professionals minimize those costs by reducing the number of out-of-cycle patches for the Adobe Acrobat family of products.
If you are considering PDF software based on the licensing cost, please be careful. The days of making software choices based on the quoted price alone – without thorough consideration of security – are long gone. You should be asking vendors about operating system mitigations built into their PDF software, processes in place for addressing security threats, and even how involved the vendor is with the broader security community. To get more details about all the ways the Adobe Acrobat family helps organizations do more with PDF, while also providing advanced security, lower costs, and easier software management, download and read the free white paper, PDF Application Security – How to minimize your risk.