The dawn of a new year isn't a happy one for JPMorgan and Chick-fil-A as both companies are grappling with hacker attacks that hit as 2014 came to a close.
While the security breach has not yet been officially confirmed by corporate officials, Chick-fil-A acknowledges it is investigating a possible debit/credit card data breach that was first discovered on Dec. 19. Then came news an ex-employee may be behind a data hack at JPMorgan Chase, taking advantage of a flaw in the bank's website to access its system, a move which went undetected for two months. JPMorgan is admitting it may have impacted 76 million households and 7 million small businesses.
It's a situation no company, no matter when, wants to have to deal with, but there are defensive actions and security mechanisms that can help protect big and small enterprises from the increasing threats, say experts.
The first step is to make sure all networks, systems and devices, from servers to tablets, are under constant security scrutiny.
"Companies need to be monitoring activity on their computer networks for anything suspicious. Responsible companies have deployed software to spot anomalies on their internal networks and servers, but that alone is not enough," Stephen Cobb, a senior researcher at ESET, a data protection company, told Tech Times.
"The right procedures need to be in place and followed for such monitoring to be effective," says Cobb, noting that sometimes even network-monitoring alerts can fail and need to be tested continuously. That scenario happened with a Target break-in last year. The hackers tripped monitoring alerts, but the response system ended up not working properly, explains Cobb.
Another expert notes that corporate IT security teams must avoid getting complacent and need to keep skills and knowledge sharp. That's because hackers are getting smarter, sneakier and more sophisticated every day. Oftentimes it means bringing in security consultants and expertise as it's hard for IT teams, especially in the retail sector, to be on top of everything with security, explains an industry watcher.
"Hacks will continue to be prevalent until retail chief security officers realize they can no longer manage security threats within their team alone -- they need to maintain a strong ecosystem of trusted vendors and advisers who can help them adequately address these threats," Asher de Metz, lead senior consultant for Sungard Availability Services, told Tech Times. "Additionally, every link in a retailer's organizational chain, whether the logistics coordinator, marketer or general counselor, needs to have security as a priority and a plan in place to avoid being the breachable link."
De Metz describes himself as a "white hat" hacker, who helps companies discover security holes and weaknesses. He has worked with a number of large companies and says consulting services can be the difference between discovering a hack as it happens and stopping it, or being notified of a hack by the FBI months after it takes place.