It has been seven months since the cyber attack on RSA and, “in some cases, it feels like yesterday, and in others, it feels like it's been forever", says RSA president Tom Heiser.
Heiser was speaking at RSA Conference Europe 2011, about the breach at RSA.
"This forum gives us a chance to give the facts [about the breach]," he says. "There was just one attack on an RSA customer where the information taken from RSA was a factor. We know of no other successful attacks leveraging RSA information."
Heiser believes this is, in part, due to RSA's reaction. "We identified the attack in progress. We provided an immediate means of remediation for our customers. We communicated rapidly."
The adversary consisted of multiple groups, and it used the information gained from the breach to gain independent access to the infrastructure, he says.
"The adversary was seen to switch network techniques, malware and origin. Both groups were known to authorities, but were not known to work together before."
Heiser says this means the breach was perpetrated by a well-organised team, and it knew exactly what to look for.
"We believe this motive was clear. It was to gain access to defence-related intellectual property. We were not the final target. We were a means to an end," he explains.
Shortly after the breach became known, RSA communicated it to customers and stakeholders, as well as the general public, through an open letter posted on the Web site.
"Communication was essential, but not easy," he says.
As a result of the breach, Heiser suggests companies implement five practices to prevent losses, or mitigate the effects thereof.
The first is re-evaluating risk. "Look at things from your adversary's perspective."
The second is to rethink zero-day security. He says companies should not discard anti-virus, but not rely on it either.
It is also important for companies to deploy security analysis for constant monitoring. The fourth best practice is to tighten access controls, and the fifth is to constantly educate staff.
"For most companies, it's not a matter of if, but a matter of when and how they will be attacked," he says. "We must learn to live under a constant state of compromise. This does not mean we have to live in a constant state of loss."
Share
