The recent Lockheed Martin disclosure that it had thwarted a tenacious cyber-attack was an interesting headline, primarily because publicizing a failed attack is highly unusual. More importantly, the “unauthorized” articles and leaks that appeared and pointed back to the theft of RSA SecurID intellectual property is where the real story resides.
This thwarted attack serves as a possible demonstration that the RSA breach in March of 2011 appears to be enabling the compromise of securID authentication infrastructures. It is important to remember that the compromise was only possible because of additional security failures that were targeted and coordinated.
As we all know, security is a moving target. While the RSA breach and the thwarted Lockheed attack require security professionals to validate the risk mitigation properties of their SecurID infrastructure, it is important to consider two factors; One is that the attack appears to be sophisticated and targeted – probably falling into the category of a “nation-state” cyber attack. As such, the distribution and proliferation of the compromised information will be slower than if it were done by the broader federated hacker underground. Second, it is important to consider that RSA will likely be taking further action to mitigate and neutralize the impact of the stolen information from their solution.
In the short-term, RSA provided recommendations on improving the security of the 2-factor authentication process. In addition, RSA has provided remediation resources to assist organizations with highly sensitive information. It is reasonable to expect that RSA will take steps to improve the SecurID product in the near-term to mitigate the impact of the compromised data.
Overall the attacks need to be viewed in light of a company’s risk management process. It should be evaluated within the context of this portion of their security infrastructure, the assets that are being protected and the other counter-measures that are in-place to detect and respond to both this type of attack as well as other attack profiles that may or may not be known at this time. It is necessary and prudent for security professionals to consider all of these factors when weighing the impact to their risk profile and how they will make changes to their security infrastructure.
Tim Richardson is Product Marketing Manager for Security at Zensar.