"You have to ask yourself if you are a big enough shop that you could be a target," says John Pironti, president of IP Architects, a consulting firm. That's because attackers who might make use of the stolen information will look for victims that have the richest cache of data to loot, he says.

GET THE DETAILS:

Whereas before the theft businesses might have had a high degree of confidence that SecurID was a strong authentication protection, now they should consider that it might be compromised, Pironti says.

RSA hasn't detailed what was stolen, but the fact that the company made a public announcement -- including a filing with the Security and Exchange Commission -- indicates that some fundamental piece of the technology has fallen into attackers' hands, he says, and businesses need to take specific steps:

1. Update their threat and vulnerability analysis to elevate SecurID as a potential vulnerability. Many businesses regarded the technology as solid and not representing a significant source of vulnerability, Pironti says.