CIOs, CSOs and IT Security personnel are confronted with the realization that the RSA SecurID breach may have impacts that extend well beyond RSA itself, and into its customer base. While the admission of a breach at RSA this past March is cause for alarm, the recent event at Lockheed Martin should also inspire action. It is widely reported that the breach on Lockheed Martin’s VPN was executed by spoofing RSA Secure ID tokens. The spoofing of those tokens likely involved at least some information gained as a result of the breach at RSA.
The reality of this recent attack clearly illustrates the need for organizations to constantly review IT security and make adjustments and changes to technology and policies as things change. Security is a process, not a point in time event to check off a to-do list. Whether you use RSA Secure ID or other technologies, user authentication should not be your only defense against unauthorized access to your network.