In an absolutely shameful incident, the Bedford based security software maker RSA who are known the world over with its critical computer network have been found in a wanting position. Apparently, the group is recovering from a breach incident which could expose the customers to hacker attacks.

The incident was revealed last week on Thursday and it was found out that the RSA products which are available under the SecurID brand name were affected by the breach. RSA which was acquired by EMC in 2006 has termed the attack as “advance persistent threat”. As per the industry definitions, this is an industry jargon for attacks by hackers who are very severe.

SecurID protects data using a two step authentication which essentially means that if you as a user want to gain access to the network  uses a technique called ‘‘two-factor authentication,’’ requiring users to enter two different passwords to gain access to a network. The first password is remembered by the user and the second is a set of random numbers which  appear on a SecurID ‘‘token,’’ an electronic device that is carried by the user.

Over 40 million people in 30,000 organizations worldwide use SecureID. Premier customers include banking firm Wells Fargo & Co., the French Ministry of Education, Rolls Royce Motor Cars Ltd., Lockheed Martin Corp., and The New York Times Co., including The Boston Globe.

Apparently, this two factor authentication system is used by many government and private organizations worldwide.

The executive chairman of EMC issued a public letter and an 8-K filing with the SEI which stated that while the information stolen doesn’t enable a direct attack on SecurID customers, it “could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.”

The reporter at Register UK, DAN Goodin felt that the stolen data could possibly be the seed tokens which are used by SecureID tokens to generate the six-digit codes that change frequently.  These random numbers of the token change approximately once a minute. Assuming attackers have managed access to seed tokens, it would mean that they can generate psuedo-number of tokens thereby enabling easy access to critical information exposing customer data in the system.

However executive chairman, Art Coviello feels that all is not lost, ‘‘We do not believe that either customer or employee personally identifiable information was compromised as a result of this incident,’’.

The current protection steps taken by RSA include suggesting customers to increase their security focus. This essentially means use strong passwords, pins for social media applications and websites and avoid the opening of e-mails which are suspicious. According to Frank Andrus, chief technology officer of Bradford Networks Inc. these recommendations actually indicate the type of techniques used by hackers to penetrate the SecureID system.

Secure your Data with Alertsec

Worried with the above incident and think you could also be a potential victim? In-order to avoid such incidents, following essential guidelines is very necessary for data security in any organization. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.