There has been a lot of news this week regarding the RSA breach in March, which has apparently led to an attack on defense contractor’s Lockheed Martin and L-3 Communications. Immediately following the negative press, RSA’s President Art Coviello issued an open letter stating that they have already reached out to “high risk” customers for remediation. For all other customers following best practice guidelines, RSA says they “can be confident in their continued security.”
The attacks appear to be specifically targeted towards defense contractors as a broad scheme to get access to defense secrets and intellectual property. RSA still hasn’t been clear as to what data specifically has been compromised. It’s likely that seed records and the algorithm used to calculate token numbers may have been taken. However, the attackers would still need access to the passwords of particular users who own the token. This tells me there also had to be some malware on end user computers that recorded key strokes and passwords.[note title=”Webcast June 10th” align=”left” width=”200″] Get up to speed on news from the latest breaches, so you can learn a comprehensive security plan to minimize your company’s risk. Register here. [/note] It looks like RSA will be replacing current tokens and seed records for some customers and will be moving toward soft tokens and more risk-based authentication in the future to limit these types of threats. The strongest benefit is EMC’s ownership of RSA and how seriously they are taking this situation. They have a reputation to repair and they have the money to ensure that this issue gets fixed. They were already working with Lockheed Martin and it looks like they anticipated some sort of attack. Once they saw the attack taking place, they were able to stop it almost immediately.
In light of this breach, as well as Sony’s major issues, IDS is hosting a webcast with RSA to discuss the current security landscape and recent breaches from RSA, Sony and Epsilon. It is very important to us that you’re aware of how this news in unfolding so that you can do what’s best for your organization to minimize risk. IDS will continue to be your trusted advisor for all things data center and guide you in strengthening your security posture.
While this is bad PR for RSA, it points directly to the reason for our webcast on Friday. SecurID is not (and should not) be an organization’s only line of defense. It is a piece of the puzzle to a full security program, which should include protecting sensitive information while also educating users.
Please sign up for the webcast here. http://info.rsasecurity.com/2011Am/webcast/110610_Integrate_Security_Management/invite.html
Photo credit: alvaroprieto via Flickr