JPMorgan sent a fake phishing email to all of its employees and found 20% of its staff executed the attached payload. Without training and testing your staff will also open your systems to data thieves:
“Just weeks after falling victim to a massive cyber theft of customer assets, JPMorgan sent a fake phishing email to all employees to test their reaction. You can probably guess what happened next.
It’s an old axiom that the biggest threat to information security comes from the inside. In JPMorgan’s case, while the simulated threat emanated from external actors, a massive 20% of staff clicked on the fake phishing email, according to the Wall Street Journal. In a real-life situation such an action would have downloaded a malicious payload directly onto the bank’s networks.”
JP Morgan recently lost information on 76 million households and this test is just one aspect of its $500 million effort to better defend customer records:
“In November, US prosecutors unveiled charges against three men accused of hacking into a host of major financial institutions, including JPMorgan Chase, and stealing the data of millions of people. Prosecutors described the JPMorgan hack – which resulted in the leaking of information from 76 million US housholds – as the “largest theft of customer data from a US financial institution in history”.
JPMorgan has since vowed to double its cybersecurity budget over the next two years, raising its annual spend to $500 million, up from the $250 million outlay in 2014.
However, the results of the phishing simulation demonstrate just how difficult it is to run an effective perimeter defence against a determined hacking crew.”
Other banks are also running similar tests, as should yours:
JPMorgan is not alone in running such simulated attacks, says the WSJ, pointing to the tactics employed by Canada’s TD Bank, where a click on the bogus email opens a pop-up to a video on the importance of sustained vigilance in protecting the bank’s data assets.”
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group
Read the full story here