Missed Upgrade Leads to JPMorgan Chase Cyber Attack

Your network security has been breached and your company’s sensitive data is in the hands of cyber crooks. That in and of itself is a bad enough spot to be in, but the salt in the wound? Hearing security experts say that a simple fix could have prevented the attack in the first place.

It’s not much, but at least there’s some solace that can be taken from knowing a hacker had to step up their game and really break a sweat to best your company’s digital security. But knowing that there was an easy solution which could have stymied them? That’s the type of thing that can keep IT pros up at night and it’s the situation one major bank has found itself in, according to experts.

This past spring and summer one of America’s top financial institutions, JPMorgan Chase, fell victim to a security breach which compromised the personal information of roughly 83 million households and small businesses. Customers’ home addresses, email info and phone numbers were among the prizes thieves were able to get their hands on. Amazingly, things could have been worse. It’s believed that customer financial information and social security numbers were not among the pieces of data the hackers were able to steal.    

So how did those hackers get passed JPMorgan Chase’s digital security, which the bank is thought to have spent $250 million on? An incomplete two-factor authentication deployment.

Two-factor authentication is a defense scheme which requires a person to enter a randomly-generated, one-time-use password in addition to their own regular credentials before they can access a system. According to The New York Times, it’s a mechanism used by many larger financial institutions, including JPMorgan Chase. 

However, apparently JPMorgan Chase’s IT team had failed to upgrade a lone server to two-factor authentication, leaving the bank vulnerable. Hackers were able to use a stolen set of employee credentials to gain access through that one neglected server and from there, it was open season.  

The investigation into the attack is ongoing, and to date it hasn’t been determined just how the server managed to slip through the cracks. However, The New York Times pointed out the breach occurred during a period of high turnover for the bank’s IT team.

Even if that $250 million figure dwarfs your own cyber security budget, it doesn’t mean your company is doomed to face a similar intrusion. Remember, it’s not always how much you spend, but how you spend it, as this case proves.

Cross-training IT employees in multiple areas is one way to prevent routine maintenance or critical updates from falling out of mind in the event of turnover or unexpected absences. A partner like Arraya can also ensure that – by providing the manpower and tools needed to maintain business continuity at your company. To find out more, visit www.ArrayaSolutions.com or speak to your Arraya Account Executive today.