The disclosure late last week of the JPMorgan Chase hack this summer would be just another chapter in the book on cyber intrusions – except for the scope and scale of this breach: roughly two-thirds of households in the United States, meaning 76 million households in addition to 7 million small businesses were affected. Think about it. This means that 2 out of every 3 parents on the sidelines of the soccer field this past weekend will have been impacted. Add to that the ‘Point of Sale’ intrusions of Home Depot and Target (putting 56 and 40 million credit and debit cards respectively at risk) and that pretty much covers the rest.
While we don’t yet know all the facts, it is troubling to think of the apparent implications of this case. After all, as JPMorgan Chase’s chairman and CEO, Jamie Dimon, highlighted in his April letter to shareholders, the company spends over $250 million annually and has approximately 1,000 people focused on cybersecurity. If they remain vulnerable, who can stay safe?
Truth is, it’s all about risk management, and a committed and sophisticated adversary – such as a state actor – will eventually succeed in penetrating its intended target. Sadly there are no silver bullets. But, that’s no reason to be numb, simply throw our hands in the air, shirk all personal responsibility and leave the onus on others to address the problem.
Instead, each of us needs to own this problem. We can all be responsible for implementing basic cyber hygiene. No one expects the soccer moms and dads to go it alone against an advanced persistent threat (APT) – but we should all take the time and effort to do what we can, as well as demand more from those who are in a position to deliver it.
Every hacker has a different motive. Criminals seek to profit. States seek strategic advantage. Whatever the motive at play in the case of JP Morgan, it should encourage each of us to do what we can to keep out cyber intruders.
For some practical steps one can take, ranging from protecting home networks and decreasing the likelihood of becoming a victim of phishing attacks (of particular concern when personally identifiable information has been compromised), visit the National Cyber Security Alliance.