Discussion Of The Cyber Attack On JP Morgan Chase
In the aftermath of the cyber-attack, JP Morgan Chase confirmed that 76 million households and 7 million small businesses were impacted by said breach (Roman, 2014). These details came to light in October 2014 when a certain form was submitted by the bank to the US Securities and Exchange Commission. The breach affected customers who used web and mobile services. Even though the incident is one of the biggest and broadest cyberattacks that has ever taken place in the USA, experts suggest that the attack in itself is in all likelihood not damaging to consumers (Yadron, 2014). It has been argued that the information that was stolen was related to the bank’s marketing functions rather than its operations.
According to an article published in The Atlantic, personal information leaks mean months of guarding against identity theft. This means that an array of potentially fraudulent activities can take place against the customer or consumer without him or her having any prior knowledge or idea. It also means that consumers would now be required to monitor their transactions and keep an eye out for unauthorized transactions. Moreover, they also need to be on the lookout for scammers who would now already have access to sensitive information about them.
In a report published by the Wall Street Journal, the hackers were reportedly operating from Russia or Eastern Europe and they breached the bank’s network through an employee’s computer. It was through there that they penetrated other bank systems. Employees normally use different software to access online records and corporate networks from home though virtual private networks (Yadron, 2014). The hackers had obtained knowledge about the applications that operate on the computers at JP Morgan’s and they used vulnerabilities in each program to gain entry into the system. The New York Times reports that technicians at JPM had failed to upgrade one of its network servers, meaning that access was possible without knowing a combination of a password and the value of a one-time code (Leyden, 2014). The newspaper learnt of this failure to apply industry-standard security practice from unnamed sources familiar with the details of ongoing investigations into the breach.
Since the hackers gained access to several servers within the banking system, JP Morgan Chase will have to strip out and replace not only their internal IT infrastructure but also keep a close eye on their finances. However, a Professor Adam Levitin, a specialist in commercial and banking law at Georgetown University writes that there is truly no real way of preventing an attack like this again. Yet it goes without saying that banking officials need to increase their knowledge and their skill when it comes to dealing and identifying potential risks and security breaches. They cannot rely on current practice and outdated procedures to combat the threat. Thus, JP Morgan and Chase need to be more proactive when it comes to identifying future threats and potential risks.