Cyber attacks to have less impact if companies react faster when their security providers are compromised, claims SecurEnvoy.
According to SecurEnvoy director and co-founder Steve Watts, a data breach at Lockheed Martin on 21 May indicates that the US defence giant’s IT specialists did not respond quickly enough when they discovered that the company’s authentication token provider, RSA Security, had suffered a security breach of its own some nine weeks previously.
Following that incident, RSA executive chairman Art Coviello admitted in an (undated) letter to customers that while he was confident that the information extracted in the attack “does not enable a successful direct attack on any of our RSA SecurID customers”, the information “could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack”.
Since the Lockheed Martin hack, RSA has told clients it is willing to replace all their SecureID hardware tokens.
“The RSA Security attack was a strategic move to grab the ‘virtual keys’ to RSA’s customers; that entire affair should have triggered alarm bells in any corporate IT security office,” said Watts. “For Lockheed Martin’s IT security managers to blame an apparent successful incursion into their systems on a ten-week-old, widely-reported breach of one of its key IT security suppliers is diverting publicity from its own security process failings.”
The RSA breach was first made public on 18 March. Since then US defence contractors L-3 Communications and Northrop Grumman – both reported to use RSA’s SecurID authentication keys – have also been subjected to attacks. Despite media suggestions that the attacks originated in China, Graham Cluley, senior security consultant at IT security firm Sophos, remains unconvinced. “There will be some who will point fingers at China as likely suspect for the probes into the networks of US military suppliers,” he blogged, “but until some evidence is made public it’s going to be speculation.”
Lockheed Martin meanwhile denies that its systems were breached in last month’s attack. “As a result of the swift and deliberate actions taken to protect the network and increase IT security, our systems remain secure; no customer, program or employee personal data has been compromised,” says a company statement.