Analysis of the Cyber Security Occurrence

Analysis of the Cyber Security Occurrence

RSA was a victim of a cyber attack in March 2011 by an unknown group of people who used a phishing attack to establish a “backdoor” to the computer system. The attackers store the SecurID key fobs, which displays authenticating numbers in 60 seconds. The whole incidence leads to the attackers getting access to the seed values, usernames, passwords, date, and login time. This gave the attackers the ability to connect the login details with the seed values enabling the two-factor authentication. The group used a social engineering technique sending emails with zero-day Adobe Flash Exploit, which dropped in the system and allowed accessibility.

Two of the three central tenets of information security were violated; integrity and confidentiality. The confidentiality tenet requires that only authorized personnel have access to the confidential information (Mhiqani et al., 2019). This requires an information security program to enhance confidentiality by ensuring unauthorized personnel does not access the information (Three Tenets of Information Security, 2020). However, RSA’s program failed to scan the document and detect a zero-day Adobe Flash exploit before the employees opened it. This lead to attackers activating a backdoor, navigating the network, and creating an avenue to access confidential information stored in the servers.

Integrity entails protecting the data from unauthorized modifications of data. This principle ensures that the information can be trusted as accurate (Mhiqani et al., 2019). RSA lost its control or ability to protect the patient’s data hence violating the tenet. If the attack was not detected early, the attackers would have had full access to the client’s profiles to modify the information inappropriately. They had to develop a program that would then compute the generated number showing the date and time of the client’s login; they would have the key fobs and full access.

Analysis of the Cyber Security Occurrence

The attack on RSA was dependant on two factors human and technology. There is no indication that the technology could detect the corrupted file and warned the users before they opened it. The security system protecting sensitive information does not appear to be strong enough to fully protect it from such attacks. RSA is a firm that should have its threat detecting software. The system should be up-to-date, and the design should also be made with consideration to the trending attacks (Mhiqani et al., 2019). The success of the attack also relied heavily on the reaction of the employees to the scam. Well-trained employees should be able to detect socially engineered threats and risks. Social engineered attacks are becoming rampant; however, it is clear that RSA staffs are not well informed and trained on these trending threats.

Recommendations

The following are recommendations for RSA to avoid future breaches. Mhiqani et al. (2019) state that out-of-date hardware and software increases the chances of being breached because attackers can target just on equipment and use it as a host to exploit the whole network. Replacing the equipment often and updating the software reduces the unpatched loopholes that attackers could use to get unauthorized access.

Besides, RSA needs to develop a training program that entails training new employees and retraining the existing ones after three months. The training should be on security expectations, vulnerability, damage control, and incident response (Fagan & Khan, 2018)