As we have all heard by now, JPMorgan Chase Bank has
fallen victim to the largest cyber-intrusion of a US corporation to date,
affecting more than 83 million customers. In the attack, which was
discovered in late July, hackers were able to gain access to customers names, addresses, phone numbers, and email addresses. While
the hackers allegedly did not
make off with any passwords, account numbers, or other sensitive personal data, the fact hackers were able to compromise the security of a massive financial institution
like JPMorgan is frightening and shows that modern businesses are completely under-prepared and ill-equipped to handle a determined and coordinated attack.
With the recent rash
of high-profile corporate hacks over the past year, corporate cyber-security is
going to (or should be) be one of the major focus points for companies moving forward.
Businesses will have to find ways of keeping customers sensitive
information safe or risk losing customers for fear of having their information
stolen. As it stands now, companies cannot just throw money at IT for solely preventative measures such as virus protection and firewalls and expect to be protected. While a firewall might stop a virus, it cannot do much to prevent these engineered, targeted attacks. It is time for businesses to begin thinking about cyber-security in some more effective ways.
Monitoring and response are two related areas of security that companies should put more focus on over solely preventative measures. There need to be effective methods of monitoring systems for unusual behavior and then have planned actions if something is found to be amiss or a breach has been found. Too many times companies take far too long to detect a breach in their security and do not have a planned response to quickly eliminate the threat. Target, Home Depot, and JPMorgan all took weeks to recognize and eliminate data breaches in their systems which indicates other companies affected would likely not have the detection and response infrastructure in place.
Monitoring and response are two related areas of security that companies should put more focus on over solely preventative measures. There need to be effective methods of monitoring systems for unusual behavior and then have planned actions if something is found to be amiss or a breach has been found. Too many times companies take far too long to detect a breach in their security and do not have a planned response to quickly eliminate the threat. Target, Home Depot, and JPMorgan all took weeks to recognize and eliminate data breaches in their systems which indicates other companies affected would likely not have the detection and response infrastructure in place.
Companies will also need
to be proactive with their security by finding and fix weaknesses before they can be
exploited. Being proactive and actively searching for ways to exploit your own system is
one of the best things a company can do in order to minimize risk of a security
breach. Home Depot found this out the hard way as they had been warned
months before of the potential of being hacked and they did nothing to strengthen their
security and eliminate vulnerabilities and thus lost 56 million customer credit
card numbers.
One preventative measure that companies should implement is to teach their employees about social engineering and how to stop it. Social engineering involves someone using human interaction to manipulate and deceive in order to break through security. Many security breaches are only made possible through the use of social engineering which enable hackers access to vulnerable parts of the system (either physically or by employee over-sharing). Employee awareness of social engineering tactics, distinct company policies describing what information can be shared both internally and externally, as well as physical security measures would go a long way in minimizing the risk posed by these threats.
As our lives and
business continue to shift more towards completely digital, companies will need to invest
more resources into digital security as well as being smarter and more
proactive in stopping security breaches.
Logging off...
Matt
Logging off...
Matt
Sources: