Security News > 2011 > March > RSA hack -- a lesson in how not to handle a PR disaster!

RSA hack -- a lesson in how not to handle a PR disaster!
2011-03-23 07:10

http://eskenzi.wordpress.com/2011/03/21/rsa-hack-%E2%80%93-a-lesson-in-how-not-to-handle-a-pr-disaster/ By yvonneeskenzi March 21, 2011 I’ve been doing PR for the IT security industry for 16 years and there has never been such a major breach to an IT security vendor, as the one to hit RSA on Friday. And rarely has a PR disaster been dealt with so badly. From where I’m sitting, resellers, distributors, customers as well as bloggers, tweeters and journalists are running around speculating about what’s happened and panicking about what to do -- with no clear advice or guidance from RSA’s internal or external experts. It’s almost like they’ve battened down the hatches, stuck their heads under their duvets and hoped this whole nasty incident would shut-up and go away, so that they could start the week afresh as though nothing had happened. If you visit their website there’s nothing there apart from an open letter from Art Coviello their Executive Chairman http://www.rsa.com/node.aspx?id=3872 stating they’ve suffered a major hack! But what I want to know is where are the press releases with more statements and calming advice, where is the hotline general number for more information, how do you contact anyone with sane help as to what to do with your SecureID tokens -- should you still use them or are they now defunct? When I spoke to the FT last week they said that RSA did not have anyone available for comment and another journalist said they were put through to an answerphone, as there were no official RSA personnel to talk to. So of course speculation as to the severity of the situation is now running riot with every security pundit coming up with their disaster theory. Take NSSlabs.com http://www.nsslabs.com/research/analytical-brief-rsa-breach.html who are recommending that “RSA clients who use SecureID to protect sensitive information should consider eliminating remote access until this is resolved ; perform an impact assessment of systems using this technology and identify critical assets and potential risks. Furthermore, RSA clients should consider alternative 2-factor authentication solutions”. [...]


News URL

http://eskenzi.wordpress.com/2011/03/21/rsa-hack-%E2%80%93-a-lesson-in-how-not-to-handle-a-pr-disaster/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
RSA 29 21 66 14 4 105