The largest intrusion of the financial industry in the U.S. that befell JPMorgan Chase & Co. (NYSE:JPM) could have been averted had the bank not overlooked a security fix in one of its servers according to recent revelations. Despite spending hundreds of millions in security fixes every year, JPM is reported to have been left vulnerable to a basic weak spot that could have been sorted out easily.
JPM Incompetence
It is not a secret that big companies spend millions of dollars in shielding systems from attacks like the one that Sony Corp (ADR) (NYSE:ADR) is grappling with without paying a closer watch on small malfunctions. The attack on JPMorgan Chase & Co. (NYSE:JPM) reportedly begun when one of the banks employees login’s credentials were stolen in Spring, meaning the attack could have been stopped at this important with the issuance of new credentials.
JPMorgan Chase & Co. (NYSE:JPM) has also been faulted of failing to implement a two-factor authentication system that requires system users to use a second one-time password to gain access into the system. The banks security team is reported to have neglected upgrading the security system thus leaving the servers vulnerable to attacks. The revelations of the simple flaw helped prevent other financial institutions from facing the severity of the attack as JPMorgan Chase & Co. (NYSE:JPM) did.
Russia Involvement Ruled Out
Initially, the attacks were believed to have been carried out by sophisticated adversaries and mostly from Russia as the economic tension with the U.S continue to ravage. However, the theory has since been quashed especially after the FBI ruled out any Russia involvement. Investigators had initially stated that one of the attacks was from Rio although the attack could also have been routed through a number of computers across the globe.
JPMorgan Chase & Co. (NYSE:JPM) seems to have learnt an important lesson from the attack as it has set up a business control group made of technology and cyber security executives. The main task of the group is to prevent hackers from ever gaining access to its system