"Until RSA gives out more information, enterprises should certainly hold up any planned SecurID procurements. With existing use, pay more attention to access logs until more information comes out," says Gartner analyst John Pescatore.

Pescatore notes that just saying, as RSA did, that the breach relates to an "advanced persistent threat" "is "just trying to deflect attention from RSA's failure to protect their systems. Most large enterprises, and certainly all major security companies with any threat experience, have been dealing with targeted threats for several years."

Should customers give up using their SecurID tokens now?

Cox himself answers with a definite "no," saying he himself uses SecurID.

The SecureID system includes an authentication manager and hardware and software tokens used in many forms for two-factor authentication. Should customers, after learning what they have so far about this data breach at RSA, be inclined to buy SecurID? Has RSA -- which has a broad line of security products for access control, anti-fraud monitoring, security information management, encryption, and governance and compliance and is -- suffered a body blow to its reputation from which it will take long to recover?