The Business-Technology Weave

Mar 28 2011   3:04PM GMT

Large security vendor suffers breach



Posted by: David Scott
Tags:
access security
best business practice
best security practice
breach notification
business security plan
computer security
content security
cost of data breach
cyber security
cybersecurity
data access
data backup
data breach
data compromise
data integrity
data liability
data loss prevention
data security
device security
employee security
employer security
enterprise security
government security
info security
IT security
securing data

 

It’s been reported that RSA Security has been attacked, with the result being “certain information… being extracted.”  Had you heard about this?  I was alerted to it through my Google Alerts.

 

As a slight aside:  I highly recommend the alerts – they deliver news and articles to you according to interests you specify, such as “Data Breach,” “Cyber Attack,” “Information Security,” and so on… or perhaps “Cloud Computing,” “Web 2.0.”  You get the idea.  Of course, “celebrity gossip” serves some too.  But I use it for career purposes and general professional knowledge.

Back to the attack:  RSA Security is a division of EMC2.  EMC2 has many contracts with our federal government, for many tens of millions of dollars, for their SecurID system.  SecurID generates a token which, used in combination with a password and user ID, grants secure (well…) access to systems at various government agencies.

These agencies include the Social Security Administration, the Department of Defense, and many others – it doesn’t get much bigger than this.

At present there is no data loss being reported (that is, customer or individuals’ data); however, it’s thought that the “extracted” information may grant a successful attack later – presumably with the further breach of critical content.

Art Coviello, RSA Executive Chairman, said:  “We do not believe that either customer or employee personally identifiable information was compromised as a result of this incident.”

Hmmm… “We do not believe…”.  Would those words reassure you if a solutions partner, a security partner, gave them to you in a similar situation?

SecureID is not only in use at government agencies.  A leading Fortune500 chief security officer has been quoted, albeit namelessly:  His company processes transactions worldwide for payrolls – and they use SecurID.  He states that RSA provided details, within minutes, on how the breach occurred so that they could defend against possible attack. 

Within minutes?  Color me skeptical on that one.   :^ )   Oh.  Perhaps they mean 180 minutes, 240 minutes – something like that.

In today’s environment, where the big dogs themselves are within risks that manifest, what should you do?  Learn how to spot signs of breach or malfeasance in your environment.  Put in the products and ally the security solutions partners that make you most comfortable.  But, don’t lean totally into vendors, solutions, and solutions partners. 

You have to also stand on your own in actively surveying for risk and possible incursions.

 

NP:  Falling in Love, Stan Getz, jazz24.org

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: