The immediate response from many in the payments community to the reports that a cyber attack on RSA Security may have compromised critical assets was "what does it mean for the security of bank account holders whose internet banking access is secured by SecurID tokens?"
But there is another question we should be asking ourselves. With reports of cyber attacks now hitting the news increasingly frequently, shouldn't we be asking ourselves, "Are the critical core IP or root secrets that secure our payments vulnerable to attack from an insider or determined intruder?" My colleague Jon Geater discusses the threat on our key management insights portal.