A leading provider of data storage and security solutions, EMC Corp. (EMC) reported in a recent 8K filing that its security division RSA had witnessed a sophisticated cyber attack that compromised a widely-used technology for preventing unauthorized access to key corporate/government data.

EMC said in the filing that RSA did not offer any clues about the suspected origin of the attack. EMC also said that the infiltrators hacked confidential data on RSA’s SecurID products, but declined to comment on the type or the quantity of information stolen.

According to the filing, hackers used a method called an “advanced persistent threat” (APT) to extract information about the RSA product used to secure web-based services, called SecurID two-factor authentication. This is the same type of attack that compromised systems at Google Inc. (GOOG) and as many as 100 other companies in late 2009.

SecurID helps organizations to exchange sensitive data with customers and third parties by offering an additional layer of protection to the private clouds and important computer networks.

The products prevent unauthorized breach even if a password is stolen. The RSA device, working in sync with back-end software, generates an additional password only known to the holder of the device. However, this mechanism becomes vulnerable once a hacker comes to know of the additional password.

The scope of the attack wasn’t immediately known, but the potential fallout could be widespread. SecurID has a large customer base, which includes small companies and government agencies to large organizations such as Lockheed Martin (LMT).

RSA noted that the stolen information would not allow a direct attack on its customer ID devices. However, RSA believes that the information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.

EMC said that it is monitoring the situation and is providing solutions to prevent such an attack. EMC has already provided some generic security tips that offer clues about how its customers might be targeted with the information stolen from RSA.

The company remains confident that no other EMC products were impacted by this attack. Moreover, EMC said that it doesn’t expect the breach to have a meaningful impact on its financial results.

The sophisticated computer attack reflects the growing risk that companies and governments face from cyber crime. Countries are concerned by the growing number of attacks on information technology systems as hackers look to steal data, intellectual property, money and even sensitive government information.

According to the United Kingdom’s security minister, cyber attacks on government, businesses and individuals is expected to have a yearly impact of at least £27.0 billion on the country’s economy.

In the recent past, US Corporations were favorite targets for hackers. According to cyber security firm McAfee, Chinese hackers had hacked US fuel companies for years. The campaign, codenamed “Night Dragon” has been in full effect since 2009 and could have begun as early as 2007.

According to M86 security labs, the exploding smartphone market and growing tablet device market, the rise in online banking and a shift from using simple exploit kits to more the sophisticated Malware-as-a-Service (Maas) model by hackers are the primary concerns for 2011.

Recommendation

Although the security breach puts EMC in an embarrassing situation, we believe the company is likely to increase its security efforts, which would result in better solutions. Therefore, in the long run, a well-entrenched player, such as EMC would always be hard to contend with.

However, the security lapse can have a temporarily negative impact on EMC’s results, as it could spur a product recall. It could also negatively impact its client base, as companies press for more sophisticated solutions. This will increase pressure on EMC to come up with suitably innovative products. In the meantime, competition could worsen, if new entrants with innovative solutions in the security market seize the opportunity to create their own niche.

We are Neutral on EMC over the long term (6-12 months). Currently, EMC has a Zacks #3 Rank, which implies a Hold rating on a short-term basis.
 
EMC CORP -MASS (EMC): Free Stock Analysis Report
 
GOOGLE INC-CL A (GOOG): Free Stock Analysis Report
 
LOCKHEED MARTIN (LMT): Free Stock Analysis Report
 
Zacks Investment Research