[Infowarrior] - RSA hack – a lesson in how not to handle a PR disaster!

Richard Forno rforno at infowarrior.org
Tue Mar 22 07:23:57 CDT 2011 

(c/o JH)

RSA hack – a lesson in how not to handle a PR disaster!

Eskenzi’s Blog

Eskenzi’s view on IT Security and PR

By yvonneeskenzi

I’ve been doing PR for the IT security industry for 16 years and there
has never been such a major breach to an IT security vendor, as the
one to hit RSA on Friday.  And rarely has a PR disaster been dealt
with so badly. From where I’m sitting, resellers, distributors,
customers as well as bloggers, tweeters and journalists are running
around speculating about what’s happened and panicking about what to
do – with no clear advice or guidance from RSA’s internal or external
experts.  It’s almost like they’ve battened down the hatches, stuck
their heads under their duvets and hoped this whole nasty incident
would shut-up and go away, so that they could start the week afresh as
though nothing had happened.

If you visit their website there’s nothing there apart from an open
letter from Art Coviello their Executive Chairman
http://www.rsa.com/node.aspx?id=3872  stating they’ve suffered a major
hack!  But what I want to know is where are the press releases with
more statements and calming advice, where is the hotline general
number for more information, how do you contact anyone with sane help
as to what to do with your SecureID tokens – should you still use them
or are they now defunct?  When I spoke to the FT last week they said
that RSA did not have anyone available for comment and another
journalist said they were put through to an answerphone, as there were
no official RSA personnel to talk to.  So of course speculation as to
the severity of the situation is now running riot with every security
pundit coming up with their disaster theory.  Take NSSlabs.com
http://www.nsslabs.com/research/analytical-brief-rsa-breach.html who
are recommending that “RSA clients who use SecureID
to protect sensitive information should consider eliminating remote
access until this is resolved ; perform an impact assessment of
systems using this technology and identify critical assets and
potential risks. Furthermore, RSA clients should consider alternative
2-factor authentication solutions”.

This is a huge PR disaster rolling out of control, especially now that
other security professionals are advising customers to shut the
systems down until the situation is resolved. Come on RSA tell us all
when you’re going to resolve the situation!  The longer RSA keep their
mouths shut the more speculation there will be about the magnitude of
this disaster.  All companies should look and learn from this RSA’s
situation, as,  in time,  this will surely be the sort of example that
marketing and PR students are shown as a “text book” case in how not
to “handle crisis management”.  I’d recommend that RSA apologise and
explain how this situation came about – immediately issue their users
and partners with advice and a temporary security solution.  It’s all
about communication – come on guys there are enough channels to
communicate through – just do it! Job sorted!

http://eskenzi.wordpress.com/

More information about the Infowarrior mailing list