RSA is set to replace almost all of its SecurID tokens, the company has revealed, following a breach of the authentication products in March.
Executive chairman of RSA, Art Coviello, told The Wall Street Journal that the company will replace the SecurID tokens "for virtually every customer we have", amidst the news that breached SecurID tokens were involved in the thwarted attack on US-based defence contractor, Lockheed Martin.
In an open letter to customers, Coviello said that the company was confident its previous advice to customers would keep them safe, but it recognised that attacks might have reduced customers' "overall risk tolerance". Therefore, RSA had decided to extend its token replacement and remediation program, as Coviello explained:
We are expanding our security remediation program to reinforce customers' trust in RSA SecurID tokens and in their overall security posture.
This program will continue to include the best practices we first detailed to customers in March, and will further expand two offers we feel will help assure our customers' confidence:
- An offer to replace SecurID tokens for customers with concentrated user bases typically focused on protecting intellectual property and corporate networks.
- An offer to implement risk-based authentication strategies for consumer-focused customers with a large, dispersed user base, typically focused on protecting web-based financial transactions.
"An unprecedented wave of cyber attacks against varied and high-profile targets such as Epsilon, Sony, Google, PBS and Nintendo have commanded widespread public attention. These attacks are totally unrelated to the breach at RSA, but point to a changing threat landscape and have heightened public awareness and customer concern," Coviello said.
ZDNet Australia sought comment from RSA Australia regarding the replacement of local SecurID tokens, but no comment had been received at the time of publication.
RSA revealed in April that the SecurID token system had been compromised after a staff member inadvertently ran an Excel document that took advantage of an Adobe Flash vulnerability, installing a backdoor into the company's system. From there, hackers launched an "extremely sophisticated cyber attack", according to RSA, where information was extracted from the company's systems.
Following an analysis into the breach, Coviello said that the primary aim of the intrusion was to compromise the SecurID tokens.
"Certain characteristics of the attack on RSA indicated that the perpetrator's most likely motive was to obtain an element of security information that could be used to target defence secrets and related [intellectual property], rather than financial gain ... or public embarrassment," Coviello said in his open letter.
Since the breach, other security companies have leaped at the opportunity to claim RSA customers, with CA Technologies offering breached customers a straight swap for new ArcotID credentials.