Mark Diodati, an analyst at the research firm Gartner Inc., said the attack on RSA Security “permanently altered their business. They’ve been going out to customers and talking about the things they’ve fixed.’’
Among those changes are new software to harden the company against further attacks and a seven-fold increase in the production of tokens to replace many of its SecurIDs. RSA Security is a division of Hopkinton’s EMC Corp., which has said the attack cost $66.3 million to fix.
“We obviously went through a hell of a year last year, we learned from it, and we came out stronger,’’ said Art Coviello, executive chairman of RSA, which is located in Bedford, at a briefing yesterday on the aftermath of the cyberattack.
Coviello said the company spent much of past year trying to repair its reputation, as the breach left many customers worried about further attacks. “We have started to build that trust again.’’
Though the attack happened in March, RSA Security did not disclose its full extent until June, when it offered to replace customers’ SecurIDs.
Bought by EMC in 2006 for $2.1 billion, RSA Security has long been an industry leader; in addition to its SecurID devices, its software is used by millions of businesses and government agencies to protect data and financial transactions. Among its 30,000 customers are banks, defense contractors, government agencies, and other major corporations.
Despite the hefty cost of the attack, RSA’s position in the computer security industry is unlikely to suffer much, said Johannes Ullrich, head of research at SANS Technology Institute, an information security training facility in Maryland. “I don’t think at this point people are moving away from RSA, because it’s expensive and difficult to do that.’’
