RSA, the security division of EMC, has issued a list of security recommendations to SecureID customers after reporting a data breach.
The company contacted customers after attackers used advanced persistent threat attacks to breach its security systems and steal data.
Some of the data, the company said, is related to RSA's SecurID two-factor authentication products.
In an open letter, Art Coviello, executive chairman at RSA, said although the information could not enable direct attacks on SecurID customers, it could potentially be used to reduce the effectiveness of a current implementation.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
"We strongly urge immediate customer attention to this advisory, and we are providing immediate remediation steps for customers to take to strengthen their RSA SecurID implementations," the letter said.
In addition, RSA has issued a list of general recommendations that organisations should follow to improve overall security defences.
- Increase focus on security for social media applications and the use of those applications and websites by anyone with access to their critical networks
- Enforce strong password and pin policies
- Follow the rule of least privilege when assigning roles and responsibilities to security administrators
- Re-educate employees on the importance of avoiding suspicious emails, and remind them not to provide user names or other credentials to anyone without verifying that person's identity and authority
- Pay special attention to security around active directories, making full use of security information and event management (SIEM) products and also implementing two-factor authentication to control access to active directories
- Watch closely for changes in user privilege levels and access rights using security monitoring technologies such as SIEM, and consider adding more levels of manual approval for those changes
- Harden, closely monitor and limit remote and physical access to infrastructure that is hosting critical security software
- Examine helpdesk practices for information leakage that could help an attacker to perform a social engineering attack
- Update security products and the operating systems hosting them with the latest patches
For a Security Software ROI calculator from Nucleus Research, click here.