There’s an interesting article, posted in Bank Info Security yesterday, where the author quotes RSA’s CFO stating that as a result of the breach, RSA spent over $66 million to “investigate the attack, harden its IT systems and monitor transactions of corporate customers anxious that their SecureID security tokens had been compromised as well as the cost to replace some of the tokens”.
What I found interesting was that these are the direct costs associated with the attack, not those indirect costs that are often cited (including brand damage and fines associated with divulged information).
This is a sobering figure, and one that should cause all organizations to look carefully at the chain of events that made up the RSA attack, and to ensure that they understand any weak links in their organization. In many cases, organizations simply don’t have a clear picture of who has access to what information resources – a gap that, unfortunately, malicious hackers are eager to exploit.
