RSA executive chairman Art Coviello’s revelation that internal systems at RSA had been the victims of cybercrime, and that the resulting data breach could compromise the authentication capabilities of the SecurID authentication tokens, has rocked the security industry.
RSA, the security division of EMC, released an open letter from Coviello, addressing RSA customers. It read: “Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is specifically related to RSA's SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations.”
SecurID tokens are used by tens of millions of users to securely log into online banking and enterprise networks over the internet.
The industry has commented on the news, with IronKey speculating on the potential damage this data breach could cause.
“Criminals used an Advanced Persistent Threat (APT) attack to breach the RSA SecurID infrastructure, and can now combine that information with data-stealing malware in order to compromise high value online banking sites,” explained Dave Jevans, IronKey’s founder and chairman.
IronKey said the incident, despite being investigated, threatens the integrity of bank payment services, enterprise remote access and government systems.
RSA Security did not take up its right to reply at the time of press.
Latest News
Creating value together: Strategic partnerships in the age of GCCs
As Global Capability Centres reshape the financial services landscape, one question stands out: how do leading banks balance in-house innovation with strategic partnerships to drive real transformation?
Data trust in the AI era: Building customer confidence through responsible banking
In the second episode of FStech’s three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech examines the critical relationship between data trust, transparency, and responsible AI implementation in financial services.
Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.
Beyond compliance: Building unshakeable operational resilience in financial services
In today's rapidly evolving financial landscape, operational resilience has become a critical focus for institutions worldwide. As regulatory requirements grow more complex and cyber threats, particularly ransomware, become increasingly sophisticated, financial services providers must adapt and strengthen their defences. The intersection of compliance, technology, and security presents both challenges and opportunities.
© 2019 Perspective Publishing Privacy & Cookies
Recent Stories