RSA says risk strategy didn't stop hackers

By

RSA's security architect has offered a candid account of the SecurID breach.

RSA had implemented a risk mitigation strategy against advanced persistent threats that failed to prevent the major compromise of its SecurID token product.

RSA says risk strategy didn't stop hackers

But the company's chief security architect Robert Griffin said the process of dynamics, adaption, analytics and assessment prevented further damage from being done.

He told the SC Congress Canada conference this week that the strategy traced the tracks of the attackers who gained their initial foothold when an employee clicked on a malicious attachment contained in a socially engineered email.

“Within six to eight hours, we could [identify] anomalous behaviour of the core systems at RSA,” Griffin said.

Griffin acknowledged the slickness of the adversaries, who used a zero-day vulnerability to introduce a variant of the polymorphic malware dubbed Poison Ivy.

He described the attack as “commercial cybercrime”and said the hackers temporarily distracted RSA's security team by causing a "noisy” attack on the company's personnel systems while they siphoned out the crown jewels related to RSA's SecurID tokens.

“They were after ways to compromise credentials, from the ground up, of our customers,” Griffin said.

RSA failed to adequately lock down its access controls, a blunder that allowed infiltrators to gain unauthorised privileges, he said.

Defence contractors Lockheed Martin and L-3 were subsequently penetrated using authentication information obtained in the RSA heist.

RSA has since pledged to replace tokens for some customers.

Griffin said the lesson from the SecurID breach is the need to apply visibility to an organisation's risk posture.

A former director of risk and compliance at the Canadian Imperial Bank of Commerce, Jason Hall, said complexity was the biggest challenge he faced when introducing a governance, risk and compliance program at the financial institution.

Hall said he had to wade through scores of dashboards, stakeholders, data sources, frameworks and assessments, and recommended that security professionals define the process before they begin similar projects.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
data breachhackingphishingrsasecuridsecurity

Sponsored Whitepapers

Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond

Events

Most Read Articles

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices
Victoria's first government tech chief steps down

Victoria's first government tech chief steps down
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?