It's Time to Uninstall Adobe Flash

CompTIA asked me for the best cyber security tip I can think of—I’ve settled on “uninstall Adobe Flash." That's because Adobe Flash is far and away the preferred target of malware. In an extensive analysis, Recorded Future presented findings that identified Adobe Flash exploits in eight out of ten of the most popular criminal exploit kits. These kits are used by cyber criminals to target system vulnerabilities and drop malicious software such as crypto locker onto end points. If you really want to secure your computers and your customer computers, it could be argued substantial protection can be achieved through the removal of Adobe Flash and the prevention of Adobe Flash installation.

Google announced on 10 February it will stop accepting ads made with Adobe Flash this June, and will ban them entirely starting 2 Jan. 2017. Uninstalling Adobe Flash has the additional benefit of offering you a 100 percent chance of not being exploited by any exploit kit targeting Adobe Flash. Not much is ever certain in cyber security, but if Adobe Flash is not installed, cyber criminals will have to find something else to exploit. For those of you which must have Adobe Flash installed for an increasingly tenuous business reason, you must actively seek an alternative platform. Make 2016 the year you uninstall Adobe Flash—reducing the attack surface of your customers will make the Internet a better place for everyone.

Ian Trump (CD, CEH, CPM, BA) is an ITIL certified information technology consultant with 20 years of experience in IT security and information technology. Ian enjoys and maintains a strong commitment to the security community. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a public affairs officer in 2013.