RSA's admittance that its network was breached and information relating to its SecurID one-time password technology stolen have prompted security experts to warn other security and infrastructure companies to tighten up their security.

Last week RSA warned that attackers had obtained information relating to its SecurID technology. SecurID is used by a number of companies to add security to virtual private networks and by banks to secure remote access to accounts.

"This information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack," the company stated in its Thursday blog post on the attack. "We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations."

In its filing with the U.S. Securities and Exchange Commission, RSA specifically recommended that companies reduce the number of employees who have access to administrator accounts, protect those administrators against social engineering and enforce strong passwords.

Steven Adair, a security researcher with the Shadowserver Foundation, a group that tracks cyber attacks and botnets, surmised that RSA may believe a government may be behind the attack since the company said the attack was an advanced persistent threat, or APT.

"If I was a company that dealt with encryption and secure communications, I would take a good close look at my systems and perhaps look to RSA for some information and lessons learned," he told CIO.com. "These types of attackers don't normally start and stop at one organization."

For more:
- see this CIO.com article

Related Articles:
RSA warns of possible risk to customers of SecurID following cyber attack
RSA study: More IT decisions are influenced by users 
RSA report: Compliance risks, costs are on the rise