WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE

Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

RSA breach: what are the risks?

RSA has announced that it has been the victim of an ‘extremely sophisticated’ hack which managed to breach its security. This page provides an update on the situation and various attempts at analysis of the risks the incident may pose to RSA users.

The incident was reported in an open letter to RSA customers which was written by RSA executive chairman, Arthur W. Coviello, Jr.

The letter reads as follows (verbatim):

“Like any large company, EMC experiences and successfully repels multiple cyber attacks on its IT infrastructure every day. Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities.

“Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is specifically related to RSA's SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations.

“We have no evidence that customer security related to other RSA products has been similarly impacted. We are also confident that no other EMC products were impacted by this attack. It is important to note that we do not believe that either customer or employee personally identifiable information was compromised as a result of this incident.

“Our first priority is to ensure the security of our customers and their trust. We are committed to applying all necessary resources to give our SecurID customers the tools, processes and support they require to strengthen the security of their IT systems in the face of this incident. Our full support will include a range of RSA and EMC internal resources as well as close engagement with our partner ecosystems and our customers' relevant partners.

“We regret any inconvenience or concern that this attack on RSA may cause for customers, and we strongly urge you to follow the steps we've outlined in our SecurCare Online Note. APT threats are becoming a significant challenge for all large corporations, and it's a topic I have discussed publicly many times. As appropriate, we will share our experiences from these attacks with our customers, partners and the rest of the security vendor ecosystem and work in concert with these organizations to develop means to better protect all of us from these growing and ever more sophisticated forms of cyber security threat.”

Risk analyses:

1) SecurEnvoy, Andrew Kemshall:

“In their thirty years there has never been a breach like this; it’s sad for this to have happened in our industry – however it is something that we foresaw happening over ten years ago!

“This ‘extremely sophisticated attack’, means their core seed database has been compromised which means that every user’s ID could be exposed.
When RSA refer to a data breach, the only data stored are the seed records. So what we are handling here is an unknown quantity of seed records that could have been accessed, copied or stored.

“Fundamentally what this means is the second factor is potentially challenged leaving only the first factor being a static four digit pin.”

2) William Beer, PwC director of OneSecurity:

"Cyber attacks on IT infrastructure occur every day, but this one is different as it has the potential to impact many millions of users who use this technology. Although it is still not clear what data was stolen it could potentially be used put authentication systems at risk and craft an attack.

"Many organizations rely heavily on two-factor authentication and have historically seen it as a silver bullet. This new attack will come as a wake-up call and will also shake confidence in this system both from a corporate and end user's point of view. Employees and consumers using this technology will be asking questions and want concrete answers about the safety of their authentication systems and the data it is used to protect."

Submit information / comments

•Date: 22nd March 2011 • Region: World •Type: Article •Topic: ISM news

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.
   

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here