Skip to main content

Sophisticated Cyber Attack Hits Security Giant RSA - UPDATE

Updated to add link to Wired article

Wired's Threat Level blog has posted an extensive article on the RSA hacking incident, including the list form EMC to customers of what precautions they should take.   This is an important reiteration of basic security precautions for ANY company -- whether or not it is an EMC customer.  Among the warnings:

 

We recommend customers increase their focus on security for social media applications and the use of those applications and websites by anyone with access to their critical networks.

We recommend customers enforce strong password and pin policies.

We recommend customers follow the rule of least privilege when assigning roles and responsibilities to security administrators.

We recommend customers re-educate employees on the importance of avoiding suspicious emails, and remind them not to provide user names or other credentials to anyone without verifying that person’s identity and authority. Employees should not comply with email or phone-based requests for credentials and should report any such attempts

 

Among the privacy and security related headlines this morning, is a story about security titan RSA, a division of EMC Corporation located in Massachusetts.   The Boston Herald reports that the company revealed yesterday that hackers broke into its systems and stole data that could be used to breach defenses of some systems guarded with its technology.  The breach was made public in an open letter posted on the RSA website.   According to the company, some of the stolen data related to SecurID, its two-factor authentication product that lets computers connecting online identify one another to allow connection.

RSA is alerting its customers and informing them of defensive steps and is working with authorities to investigate the attack.

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.