JPMorgan suffered a huge attack last spring, and some new information shows that just one security measure could’ve prevented it.
Despite spending $250 million annually on security measures, JPMorgan may have overlooked one crucial protection, according to the New York Times. Sources tell the paper that one overlooked server hadn’t been equipped with two-factor authentication measures like all or most of the others.
That made hacking into this server and other crucial services fairly easy. All the attackers had to do was:
- steal one user’s account information (likely using a phishing or similar attack), and
- poke around on the network until they found a weak spot or valuable information.
The result was huge: Sensitive information on 83 million households and small businesses were taken in the attack.
JPMorgan sources apparently referred to the oversight as an “embarrassment” and are busy looking into whether similar security missteps still exist.
All it takes is one
If these reports are accurate, one of the biggest cybersecurity incidents in history was caused by a simple oversight. All this despite a security presence and budget most IT pros would only dream about.
This incident can serve as a wake-up call for many. Make sure you check every server on your network to see that all are at the same level of security. Even if a particular server doesn’t deal in sensitive information, it could be used as an access point to information that is valuable.
And going forward, remember that security measures should be implemented system-wide. If you’re investing in new security measures or technology, make sure each server or account is protected by the same or equally strong measures.
Finally, it can’t hurt to use this incident as a prompt to take inventory. Check out all the accounts and servers on your network. Take a look to see if unused ones have been taken offline or if infrequently used ones are still being updated.