RSA, makers of the SecurID two-factor authentication technology that is core to the security strategies of hundreds of enterprises, found out in March that even core security technologies can be compromised. As Dark Reading's Tim Wilson says of the attack, "the very foundation of tokens and authentication is shaken, not to mention one of the oldest and most respected security companies." RSA found itself in the position of explaining to customers that a strong security organization can be taken down by a sophisticated attack. In October, RSA chief Arthur Coviello pinned blame for the advanced persistent threat attack on a nation state, without naming names. Even now, security experts continue to speculate just what SecurID data was nabbed, because parent company EMC has not disclosed full details.
On the flipside of the coin, Sony's less sophisticated security strategy was defeated with ease, beginning in April, Wilson notes. Breaches affected millions of customers' personal data and touched the PlayStation Network, the Qriocity streaming video and music service, and SonyPitcures.com.
Sony was hacked "multiple times from multiple vectors by multiple attackers, and it didn't even seem to be difficult. Even the attacker commented on it," Wilson said. In September, Sony hired its first chief information security officer, former Homeland Security official and Microsoft exec Philip Reitinger, as InformationWeek's J. Nicholas Hoover reported. --Laurianne McLaughlin