Saturday, May 28, 2011

RSA SecurID Related Data Breaches: The Saga Continues

The New York Times has now chimed in on the Reuters' exclusive on data breaches and attempts on military contractors using RSA SecurID. There's no surprise that hackers and cyberattackers have been having a field day with the customer's of RSA SecurID. The surprise is how little has come to surface so far. And that is the truth of most cyberattacks. The victims are often not even aware of breaches. Digital intrusion can manifest itself in many forms, and oftentimes, unless companies have the right set of preventative measures in place, they are at the mercy of sophisticated attackers who can resort to many tools at hand, including browser poisoning, sql injections, and man-in-the-phone. It reminds me of the sewing-themed aphorism "a stitch in time saves nine." This is the state of mind CSOs and CIOs have to adopt. The old adages like "no one got fired for buying IBM/Microsoft" or "if it ain't broke don't fix it" no longer hold true for data security and integrity. Enterprises have to be proactive and go on the offense in this cat and mouse game played out with hackers. Hubris will lead to the severe loss of face, brand power, and of course money.

Those victims who have RSA SecurID should consider making a switch as soon as possible. It could be "the switch in time that saved nine" (a reference, of course, to the Supreme court position change in the 1930s).

No comments:

Post a Comment