Cyber security remains a hotly discussed topic at every level of corporate and public organizations, as new stories appear weekly highlighting the challenges of network protection in this turbulent digital environment. From local and state government organizations to multinational conglomerates, no one is exempt from the jeopardy of an attack.
As you know, there never seems to be an end in sight when it comes to data center optimization for security purposes, and with so many companies and agencies falling victim to data breaches and other high-level hacks, it may seem that the battle of network defense will never be won. If you continue to learn from the mistakes of these headline-makers, however, you may discover that securing your infrastructure doesn't have to be an endless game of cat and mouse.
The latest twist in the data security saga involves one of the United States' largest financial services institutions: J.P. Morgan Chase & Co., according to an article from Homeland Security Today. This particular attack was not only large-scale - extracting gigabytes of sensitive customer information - but also prolonged, taking place over the course of three months. The source explained that the firm is no stranger to hackers, and that its security measures are extensive. Nevertheless, cybercriminals were able to break through J.P. Morgan's network defenses.
"Companies of our size unfortunately experience cyberattacks nearly every day," said Trish Wexler, a J.P. Morgan spokeswoman and senior vice president of corporate communications, as quoted by the source. "We have multiple layers of defense to counteract any threats and constantly monitor fraud levels."
Homeland Security Today explained that J.P. Morgan is responding to the attacks by doubling down on its cyber security investments, with plans to spend $250 million annually on its efforts. In addition to a spike in spending, the organization seeks to employ 1,000 employees solely dedicated to security, as well as build Cybersecurity Operations Centers engineered to coordinate threat monitoring and mitigation efforts. Despite all of these initiatives, however, the source noted that phishing, the cause of this particular breach, can only truly be defended against with user vigilance.
"All that time and money is wasted unless you also pay attention to the 'human firewall' something companies need to create first and foremost," Stu Sjouwerman, CEO of KnowBe4, told the news source. "That can be accomplished with effective security awareness training for all employees that have a PC and have access to the Internet."
What can you take from this instance of cybercriminal activity? Federal Times explained that while the promotion of best practices including those defined by DISA, NIST, CSIS and SANS is critical, end user education can't be taken for granted when developing a holistic approach to security. The source pointed out that by embedding employee awareness and education into the organizational culture, a company or agency can better navigate the shifting demands of the IT landscape while locking down defenses on a more granular level.