In RSA's SecurCare Online Note detailing the attack, RSA recommended that SecurID users take the following steps:
- increase focus on security for social media applications and the use of those applications and Web sites by anyone with access to critical networks.
- enforce strong password and PIN policies.
- follow the rule of least privilege when assigning roles and responsibilities to security administrators.
- re-educate employees on the importance of avoiding suspicious e-mails, and remind them not to provide user names or other credentials to anyone without verifying that person's identity and authority. Employees should not comply with e-mail or phone-based requests for credentials and should report any such attempts, RSA added.
- pay special attention to security around active directories, making full use of SIEM products and also implementing two-factor authentication to control access to active directories.
- watch closely for changes in user privilege levels and access rights using security monitoring technologies such as SIEM, and consider adding more levels of manual approval for those changes.
- harden, closely monitor and limit remote and physical access to infrastructure that is hosting critical security software.
- examine their help desk practices for information leakage that could help an attacker perform a social engineering attack.
- update their security products and the operating systems hosting them with the latest patches.