Lockheed-Martin Case Study

In May 2011, Lockheed-Martin faced a cyberattack where hackers used malicious software (malware) to gain access to their VPN via the RSA SecurID software tokens employees have the ability to use in order to remotely gain access to its internal network. Once the attack was identified, the security specialist took the proper steps isolate and stop the attack before there was any loss of data. From what I assess from the case, the vulnerability in the RSA SecurID software is the biggest risk to the company at this point. In my research, from a technology perspective it was identified that there is a way that the number generation of the token can be copied. Lockheed is the United States government’s largest contractor, which make them a target for terrorists, or foreign governments that want to gain access to need-to-know information on weapons, communications, and aerospace systems which could cause grave danger to national security. With the types of data held on Lockheed servers and amounts of data, if compromised there may be a vested interest in possibly researching other remote technologies with hardened security measures to protect its information. Additional layers of malware protection could be an option as well. Keeping browser plugins patched, blocking peer-to-peer usage, and ensuring all operating system patches are applied when …show more content…
In the world of cybersecurity it is taught the user is the weakest link. Training and education to the staff is a vital piece of maintaining a strong security posture. It is recommended annual awareness training is a requirement to all personnel that have access to information or information systems at Sony, requiring them to sign documentation stating they were trained and understand the “do’s” and “don’ts” when accessing those systems. All recommendations provided in this white paper will require awareness and education to senior management and the