RSA has offered to replace certain users' SecurID tokens following significant attacks on the security firm in March.
The company also admitted yesterday the SecurID data taken during the breaches had been used in an attack on US defence supplier Lockheed Martin.
"On Thursday 2 June 2011, we were able to confirm that information taken from RSA in March had been used as an element of an attempted broader attack on Lockheed Martin, a major US government defence contractor," said Art Coviello, executive chairman of RSA, in an open letter.
"We recognise that the increasing frequency and sophistication of cyber attacks generally, and the recent announcements by Lockheed Martin, may reduce some customers' overall risk tolerance."
RSA offered token replacement to those customers "with concentrated user bases typically focused on protecting intellectual property and corporate networks."
"We will continue to work with all customers to assess their unique risk profiles and user populations and help them understand which options may be most effective and least disruptive to their business and their users," Coviello said.
For anyone who thought tokens might be on their way out as a two-factor authentication mechanism, RSA appeared to disagree.
"We will continue to invest heavily in both our SecurID and our risk-based authentication technologies," Coviello added.
"We believe that SecurID is the most powerful multi-factor authentication solution in the industry."
Lockheed lament
RSA's confirmation of the information used in the attempt on Lockheed came after much speculation duplicates of the SecurID tokens were used in the attack.
Rick Moy, president and chief executive (CEO) of NSS Labs, claimed Lockheed had long enough to change its tokens following the strike on RSA.
"Lockheed had slightly over two months from the time that EMC notified them and other RSA SecurID customers about their breach," Moy said in a blog post.
"Based upon their remediation actions for this breach, Lockheed Martin's senior executives chose to do very little about the compromised SecurID token technology in spite of many warnings issued by security specialists about the potential aftereffects of the RSA attack."
At the time of publication, Lockheed had not offered IT PRO a response to Moy's criticisms.
-
'You need your own bots' to wage war against rogue AI, warns Varonis VPNews Infosec pros are urged to get serious about data access control and automation to thwart AI breaches
-
CrowdStrike CEO: Embrace AI or be crushed by cyber crooksNews Exec urges infosec bods to adopt next-gen SIEM driven by AI – or risk being outpaced by criminals
-
Microsoft security boss warns AI insecurity 'unprecedented' as tech goes mainstreamNews RSA keynote paints a terrifying picture of billion-plus GenAI users facing innovative criminal tactics
-
APIcalypse Now: Akamai CSO warns of surging attacks and backdoored open source componentsNEWS Apps and APIs bear the brunt as threat actors pivot to living off the land
-
AI is changing the game when it comes to cyber securityNews With AI becoming more of an everyday reality, innovative strategies are needed to counter increasingly sophisticated threats
-
RSAC Chairman urges collaboration to ensure collective defense in securityNews Chairman emphasizes the critical need for cooperation among cyber security experts
-
IT Pro Live: The future of encryptionVideo AI and quantum ccomputing could be about to change the face of security forever
-
Mobile apps now most common method of fraudNews RSA Security report highlights the rise in burner devices and rogue apps
