On the surface, a major security breach sounds like the worst possible thing that could happen to a top security firm that promises to its customers to prevent those very attacks.
However, Corn said RSA chairman Art Coviello was quick in the aftermath of the attack to ensure everyone at the company saw the opportunity to actually use the breach to the benefit of the business.
“It’s so interesting how much of a test of leadership those things are. Huge kudos has to go to Art. When that was going down, Art was basically running the halls and talking to people and saying two things. One was to take care of our customers. If we lose our customers, everything is over. Do right by them,” Corn said.
“The second thing he kept saying was, never let a good crisis go to waste. What are we going to get out of this that is going to be great? What creative ideas are going to come up for new products to come out of this?” he added.
Corn was speaking at the RSA Conference 2012 in San Francisco, where the security division of EMC have been putting on a strong and united front against hacktivists.
“When the attack happened, we were in the office 24 hours a day. Hotels in the local area benefited tremendously. Breaches are fattening because they had food constantly in the office and we ate around the clock – I don’t know how much I gained during the breach,” Corn joked.
“But it brought the team together. We took it very personally. I think it reinforced to everyone that we’re not just a business, but there’s something bigger than ourselves here. What this industry does is important to society. I really fundamentally believe that we’ve emerged stronger from it,” he said.
He added that the breach proved the old adage of what doesn’t kill you makes you stronger, and that it opened doors to RSA that would have remained closed had the attack not occurred.
“While I wouldn’t recommend anyone to have a breach just so you could learn something, we did learn a tremendous amount. Both through our own and seeing how the attackers manoeuvred – what they did and what kind of things were effective – as well as, frankly, it opened the doors to having much deeper dialogue with many other companies that had advanced attacks as well,” Corn said.
“The level of dialogue with our customers, particularly the more sophisticated customers and ones that had gone through APTs, became very deep. The feeling within RSA and within our partners and customers is one of great promise. People are very excited. It’s brought the team together and focused our efforts tremendously. I think we didn’t let a good crisis go to waste,” he added.
Corn also gave insight into the approach RSA took after the breach to deal with the situation in the best way.
“It went through a series of phases. The first phase was really about how we quickly educate everyone on what was going on. There was a concerted effort spending time reaching out to all of our customers and partners and educating them on what was going on, what to do about it and what we were doing about it,” he said.
“Then we started going through a stage of educating a large. We did a series of broadening the dialogue and using it as an opportunity to tell everyone what we had learnt. So we started doing these APT summits. Now we’re really starting to get into where the future is,” he added.
Whilst the breach did not directly change what Corn called RSA’s “three year rolling strategy”, which he said is updated every year, it did influence the company’s approach to its own security.
“It didn’t change the strategy but it provided an enormous amount of education particularly into advanced threat. The irony of all of it is it had been an area that we had been spending a great deal of time looking at,” he said.
“When I think of a strategy in terms of where we are going to place and how we are going to win there, that didn’t change substantially but it certainly has shaped our view of what the future is of investigating attacks and how we build those things,” he concluded.
Sub editor, Ben Rossi is reporting live from the RSA Security Conference, 2012 in San Francisco. For live tweets from the event, follow @ComputerNewsME and #RSAC.