Coviello: RSA Security Breach Could Happen To Anyone


Last year's security breach that cost RSA parent EMC $66 million in reparations could happen to any organization, RSA President and Chairman Art Coviello Jr. said Tuesday.

Since cyber-criminals compromised the company's SecureID tokens, leaving customers open to attack, RSA has been rebuilding the trust customers lost in the company, Coviello said during the opening keynote at the RSA Conference in San Francisco. Over the last 11 months the company has operated with a "sense of urgency" to apply the lessons learned to help drive its strategy and product roadmaps.

While providing no details on the breach, Coviello warned that no organization is immune from the kind of sophisticated attack suffered by RSA. "We hope that the attack on us will strengthen the sense of urgency and resolve on everyone," he said. "But the fact is we are not alone."

[Related: What's Hot At RSA 2012? 18 Products To Look For ]

Since the breach, the company has never seen so many high-profile attacks targeted at single organizations "as a stepping stone to attack others," Coviello said.

"In our interdependent world, we need to understand that an attack on one of us is an attack on all of us," he said. "But together, we can all learn from these experiences and emerge from this hell smarter and stronger than we were before."

RSA disclosed last March that cyber-criminals had attacked its SecureID two-factor authentication tokens. The purpose was to steal information that could be used to breach the network security of defense contractors and government organizations.

At first, RSA said the attack did not present a danger to SecureID customers. Two months later, weapons manufacturer Lockheed Martin publicly confirmed that it was the victim of a "significant and tenacious" cyber attack executed by hackers exploiting a security vulnerability in SecureID tokens used in remote VPN access.

As a result, Lockheed had to shut down its computer systems and re-issue tokens to many of its employees, while requiring a password reset for its 120,000 workers. RSA acknowledged later in the year that the overall cost of the breach was $66 million in reparations to customers.