Security News > 2011 > March > RSA hack -- a lesson in how not to handle a PR disaster!
http://eskenzi.wordpress.com/2011/03/21/rsa-hack-%E2%80%93-a-lesson-in-how-not-to-handle-a-pr-disaster/ By yvonneeskenzi March 21, 2011 Iâve been doing PR for the IT security industry for 16 years and there has never been such a major breach to an IT security vendor, as the one to hit RSA on Friday. And rarely has a PR disaster been dealt with so badly. From where Iâm sitting, resellers, distributors, customers as well as bloggers, tweeters and journalists are running around speculating about whatâs happened and panicking about what to do -- with no clear advice or guidance from RSAâs internal or external experts. Itâs almost like theyâve battened down the hatches, stuck their heads under their duvets and hoped this whole nasty incident would shut-up and go away, so that they could start the week afresh as though nothing had happened. If you visit their website thereâs nothing there apart from an open letter from Art Coviello their Executive Chairman http://www.rsa.com/node.aspx?id=3872 stating theyâve suffered a major hack! But what I want to know is where are the press releases with more statements and calming advice, where is the hotline general number for more information, how do you contact anyone with sane help as to what to do with your SecureID tokens -- should you still use them or are they now defunct? When I spoke to the FT last week they said that RSA did not have anyone available for comment and another journalist said they were put through to an answerphone, as there were no official RSA personnel to talk to. So of course speculation as to the severity of the situation is now running riot with every security pundit coming up with their disaster theory. Take NSSlabs.com http://www.nsslabs.com/research/analytical-brief-rsa-breach.html who are recommending that âRSA clients who use SecureID to protect sensitive information should consider eliminating remote access until this is resolved ; perform an impact assessment of systems using this technology and identify critical assets and potential risks. Furthermore, RSA clients should consider alternative 2-factor authentication solutionsâ. [...]