Just as the IS community is absorbing the lessons of Sony attack, the JP Morgan security breach involving a suspected data theft of 76 million records has disturbed the community.
According to the New York report it appears that the J P Morgan attack resulted from one of the servers being out of the 2F authentication which prevented the breach on close to 100 other servers. Though the 2F authentication is in itself not fool proof, the fact that every small step towards security can have its own ROI is proved from this incident since the servers which were hardened with 2F authentication seems to have escaped the attack.
It is interesting to note that hackers donot always need zero day exploits to make big hits. There are many negligent IS practitioners who can facilitate exploits which could have otherwise been prevented with a “Reasonable Security Practice”.