JPMorgan Spent $250 mil dollars on security defense – still hacked.

In JPMorgan’s shareholder letter states on page 22.

Ja,oe Dimon is Chairman and Chief Executive Officer

By the end of 2014, we will have spent more than $250 million annually with approximately 1,000 people focused
on the effort. This effort will continue to grow exponentially over the years.

In our existing environment and at our company, cybersecurity attacks are becoming increasingly complex and
more dangerous. The threats are coming in not just from computer hackers trying to take over our systems and
steal our data but also from highly coordinated external attacks both directly and via third-party systems (e.g.,
suppliers, vendors, partners, exchanges, etc.). It appears that a large, successful attack on a major retailer last year
was the result of a third-party system breach.

As you may know but JPMorgan got hacked within a concerted effort CBSNews:  FBI is investigating reports of attacks on U.S. banks.

a spokesperson for JP Morgan told CBS News: “Companies of our size unfortunately experience cyberattacks nearly every day. We have multiple layers of defense to counteract any threats and constantly monitor fraud levels.”

JP Morgan is the largest U.S. bank by assets.


Well, it is obvious if you are the largest of something there is a bulls-eye firmly placed on you. But it is also obvious to me that the stakes are high for all businesses, not just the big banks.

Why? because the hackers attack everyone – it is easy to attack 100,000 machines. 1mil, 10mil, 100mil. the difference is just a slightly different command and using more resources. But as it is evident the hackers hack to get more resources, they do not have to buy them.

As in my post here the USENIX security conference papers have been setting up a project to figure out how many scans are occuring on the Internet. Let me refresh you.

In one month there were 10.8 million scans looking for your vulnerabilities. checking, probing your weaknesses.

Specifically 5.4 Trillion  netbios scans. (TCP/445) probes – in case you dont know that is 5,400,000,000,000 scans in one month. or 180 Billion per day or 7.5 mil per hour.

If you have a vulnerability that can be hacked it will be – eventually. You will get hacked -you cannot hide.

It is the basic axiom of security versus functionality. you can have either but not both. If you want to connect to the Internet(function), then you have to have reduced security. There will be a chance that you can hacked. You can not have 100% security with some functionality. The only way to be 100% secure is to disconnect from the Internet.