There is a clear trend that every year there are bigger targets compromised with increased frequency with more personal data being collected. The recent attack on JP Morgan Chase is especially alarming considering they are the largest US bank and hackers had gained access to numerous servers with administrative access for nearly a month before being detected.
According to reports, JP Morgan Chase account details for every consumer and business customer, including to name, address, email address and phone number, were compromised. Fortunately more specific details such as account numbers, social security numbers (SSNs) and passwords were not accessed. This is due to much stronger security measures being implemented to keep this data safe.
While the nature of the breach have not been disclosed, the company may have been targeted by a group of Russian hackers. Often these attacks are very well planned, targeting a few key employees for the first stage of the breach. These individuals are analyzed to understand their web habits.
Based on their analysis, an attack will be staged to either infect a target system or to gain credentials. Often it happens by attacking a website that is frequently visited by the target as security of an individual website is far less than that of a big corporate bank.
To reduce the impact of this attack, JP Morgan Chase could have applied the same level of encryption and security to user account details that they applied to account numbers, SSN’s and passwords. Another option would be to enforce a strict two factor authentication policy for all network administrators.
Overall, there is a clear trend of attacks that aim to compromise point of sale systems as well as companies who store vast amounts of user data. These businesses need to prepare for continued attacks by updating their security policies and systems to be on high alert.