The issue of cyberattacks becomes more and more critical with time because of technological development. The attention paid to it constantly increases, as cybercrimes have entered the top of law enforcement activities. Among the major recent attacks on US businesses was the one targeted at JPMorgan Chase. This organization is among the leading banking institutions in the country that deal with financial services within more than 100 locations. Its history can be tracked for more than two centuries so that it is not surprising that it has millions of clients who are represented not only by individuals but also by businesses, institutional and governmental bodies (JPMorgan Chase & Co., 2017).
In July-August 2014, this company experienced a range of cyberattacks. As a result, a lot of data was stolen, including checking and savings account information. More than 80 million households and small businesses suffered from this incident. Their account information was compromised, which attracted attention to the security problems within JPMorgan Chase. Fortunately, no evidence of fraud or misuse of these data was identified. Access was mainly obtained to email and home addresses as well as to phone numbers, which is not extremely critical as such information is often available even to the representatives of the general public (Granville, 2015).
The attack began in spring two years ago. Professionals claim that, first of all, the hackers stole the login information for one of the employees who worked in the bank. As a result, they received an opportunity to enter the network and get customers’ contact information. However, the bank got to know about it only in August, as its sponsors were also attacked. All in all, this group of criminals hacked more than 90 servers that belong to JPMorgan Chase. Still, they were finally caught before accessing private customer financial information (Leyden, 2014).
It was difficult for the company to ensure its network security because it integrates with the customers’ networks. However, professionals believe that the attack could have been prevented at the initial stage if the system was better protected. One of its network serves was neglected and had unguarded holes. The bank did not update its software, which made it vulnerable. An improved authentication mechanism could have solved this problem.
It is not yet known where this cyberattack originated, but Goldstein, Perlroth, and Corkery (2014) reported that Russia and Brazil were under suspicion. The reasons for treating Brazil as the origin of this crime were not revealed and lacked evidence. Still, Russia was likely to be an adversary due to the economic sanctions and interference of the USA in the issues between Russia and Ukraine. However, the FBI eventually claimed that it was not a culprit. I believe that this theory was true to life but was frayed because it lacked sufficient evidence.
Regardless of the country involved in the attack, it was sophisticated and well-planned even though no novel software bugs were used. If an adversary was Russia, it could have been willing to reduce the influence of the USA on the world’s situation, and on Ukraine’s situation, in particular. Considering the fact, that the USA is very active on the global market and is one of the leading countries that supports others, Russia might have thought that a threat to one of its main banks would make the USA focus on its inner problems only instead of interfering in international issues. As a result, Russia would have an opportunity to become more powerful and influential so that it could leave the USA behind and turn into the global leader in the future.
Still, it cannot be claimed that the attack was successful. Of course, a lot of bank’s clients were affected, but the information that was accessed was not critical and did not provide the hackers with the opportunity to influence them negatively. In addition to that, no frauds were found after the investigation, which supports this point of view. As other institutions were also hacked by the same group, the adversary made the USA focus on the inner problems. However, the threat was not crucial enough to make it stop focusing on global issues.
Considering the discussed point of view, the attack was likely to be an outside job. No bank employees or the USA citizens were suspected of being involved in this crime. It is not likely that people from JPMorgan Chase worked with the hackers because other institutions were also targeted by the same group. Americans who do not want their country to help others at least until it solves all inner problems could have initiated the attack, of course. However, the FBI conducted an investigation and did not concluded that someone from the country was involved. What is more, influences from the outside are now often discussed in the USA, which proves that this cyberattack is more likely to be a problem caused by someone from abroad.
In my opinion, JPMorgan Chase could have had an opportunity to protect itself from hackers if it paid more attention to network security (Griffor, 2016). First of all, it should have upgraded its network servers so that they use novel software that enhances security. For example, the utilization of the two-factor authentication would have prevented the attack even if the employee’s login information was obtained initially (Constantin, 2014). The security team of the bank should have maintained planned inspections to ensure the absence of unguarded holes in the network. Finally, the organization should have got its personnel briefed on the issue.
References
Constantin, L. (2014). Two-factor authentication oversight led to JPMorgan breach. Web.
Goldstein, M., Perlroth, N., & Corkery, M. (2014). Neglected server provided entry for JPMorgan hackers.New York Times. Web.
Granville, K. (2015). 9 recent cyberattacks against big businesses.New York Times. Web.
Griffor, E. (2016). Handbook of System Safety and Security. Amsterdam, Netherlands: Elsevier.
JPMorgan Chase & Co. (2017). About us. Web.
Leyden, J. (2014). JPMorgan Chase mega-hack was a simple two-factor auth fail.The Register. Web.