SearchSecurity ANZ was offered a chat with RSA’s Rashmi Tarbatt this week. Tarbatt is Senior Product Marketing Manager for the company’s Data Security Group and of course we planned to ask her about the SecurID mess from late last week (which we reported here and analysed here).
But the interview was first delayed, then cancelled.
We’ve no evidence of RSA wanting to avoid more questions about the SecurID hack: I shouted out among the Australian IT journalism community and none responded that their interviews had been cancelled.
But if RSA wanted to avoid scrutiny on the subject, it shouldn’t have tried to do so and not because it looks shifty from a PR point of view.
I say that because the SecurID should not come as a surprise: for some time now it’s been sensible to assume that all high-value targets are under attack. Famous exploits at Google, the Estonian attacks and Stuxnet all show us that there are folks out there capable of doing some very serious work. More serious, it turns out, than even a security vendor famed for its rigour and sophistication.
It’s surely a temptation is to blame RSA’s laxness as the source of the exploit, but doing so means treating the attack as an isolated incident. It’s not: there’s now so much evidence out there that this is not a one-off. The bad guys, we can now see very plainly, know what they are doing and are willing to do it very precisely to get what they want.
So while it is embarrassing to RSA that it fell victim, the attack strikes me as inevitable. And RSA’s response has been pretty classy anyway.
So rather than gloat at the fate of a shoemaker’s kids going painfully unshod, I think we can all learn that our own security strategies need to evolve to another level to cope with this kind of exploit.
There’s more of this to come for sure. Are you ready?