In March 2011, RSA – EMC’s security division – sent shockwaves through the industry as it announced a sophisticated cyber-attack on its SecureID system. Theft of unspecified information from SecureID has left marring scars and lot of red faces. But at the same time it has raised a lot of questions for IT industry as a whole.
Prior to the attack, SecureID was a benchmark in two-factor authentication system. But the attack proves that just having a strong security mechanism is not enough. We cannot just deploy a security system and hang up our boots expecting it to take care of everything. We have to be vigilant at all times and keep testing the security of our IT setup. In other words, we need to regularly conduct an IT audit.