Lesson from SecurID breach: Don't trust your security vendor

During the holiday weekend, defense contractor Lockheed Martin confirmed what had been swirling in speculation for a number of days -- that it was hit by a significant cyber-attack.

Days later, news reports broke claiming that defense firm L-3 Communications had also been targeted in considerable cyberattacks.

In both attacks, confidential information about the workings of RSA Security's SecurID products have reportedly been central to the attacks, which fell on the heels of many other recent and high-profile attacks, such as those that hit Sony's PlayStation Network, HBGary and NASDAQ's Directors Desk web software used by Fortune 500 companies.

The question remains: What do these attacks mean for the typical CISO working to keep their corporate infrastructure secure?