Attack of the Hackers
Whenever I watch one of those hacker movies, I always think, “There’s no way they could actually hack into [insert the name of a heavily protected government or financial institution database here]. They just made that up.”
Turns out, not so made up.
Earlier this year, it was announced that JPMorgan Chase & Co., one of the largest banks in the world, came under cyber-attack. But it wasn’t until now that they revealed the extent of the damage.
Apparently, over 76 million households and 7 million small businesses were affected, with personal information such as name, address, phone number, and email addresses compromised. But here comes the silver lining.
According to JPMorgan, there isn’t any evidence that account information—such as account numbers, passwords, usernames, birth dates, or Social Security numbers—were compromised. Even more shockingly – it also appears that no money was stolen whatsoever.
So What Did the Hackers Do?
Despite the fact that no money was stolen, the cyber-attack was still one of epic proportions.
The New York Times reported that these hackers were able to gain “the highest level of administrative privilege” on almost a hundred of JPMorgan’s servers, meaning that they had complete access and could have basically done anything to their data. They could have transferred funds, stolen information, closed people’s accounts—anything.
But as we noted before, none of that happened. People are speculating that the hackers were in pursuit of something else—possibly accessing account information to track down a person of interest, for example. (In an interview, J.J. Thompson of Rook Security suggested that the hackers could’ve been doing something akin to a storyline on NBC’s “The Blacklist.” Interesting take!)
Protect Your Organization From Potential Wrongdoing
Listen to your employees – they may have something to say
If a bigwig corporation such as JPMorgan Chase & Co. has such alarming holes in its security system, chances are, there could be some gaping holes in your company’s as well. In this case, JPMorgan could have benefited from having a whistleblower hotline, where their employees could have called in and alerted them to any security weaknesses that they were aware of—before it was too late. Employees know what’s happening. They just need the confidence to come forward and report wrongdoing they see, and the assurance that when they do, it’s anonymous, safe, and will be followed up on accurately and fairly. Employee tips account for 40% of reported frauds, according the ACFEs 2014 Report to the Nations.
A whistleblower hotline with an independent ethics reporting system works wonders for organizations of any size. Give your employees a place to voice their concerns and work together to protect the integrity of your company.