Posted by:
admin
11 years, 2 months ago
This story is interesting because it shows that two-factor authentication would have (most likely) worked to prevent this devastating attack. However, it also shows how hard it is for large organizations to actually implement security controls, especially given the use of third parties and growing through acquisitions.
Most big banks use a double authentication scheme, known as two-factor authentication, which requires a second one-time password to gain access to a protected system. But JPMorgan’s security team had apparently neglected to upgrade one of its network servers with the dual password scheme, the people briefed on the matter said. That left the bank vulnerable to intrusion.
I suspect that in the coming year we will see a lot more automation and 'infrastructure as code' to help deal with this management issue.
Share on Twitter Share on Facebook