Feb 19, 2015 · 2 minutes

JPMorgan isn't resting on its laurels after a data breach exposed the names, email addresses, phone numbers, and other pieces of information about an estimated 83 million of its account holders.

Bloomberg reports that the company is hiring "military-grade cyberwarriors" and building a facility near the National Security Agency headquarters in Fort Meade to boost its security.

Even though the company is receiving the NSA's assistance after the data breach, the efforts are said to be motivated by a feeling that the government is unwilling or unable to help it.

Those fears are made even more pressing by signs that state-sponsored hackers are stealing information from banking institutions, health insurers, and other American businesses.

Even non-state-sponsored attacks have become costly, as shown by the lawsuits against Target and the hackers who reportedly stole up to $1 billion from banks around the world in an unprecedented global heist.

Still, some are concerned about the private sector's efforts to increase its cybersecurity. As Bloomberg says in its report on what basically amounts to JPMorgan's cyber-militarization:

Some security experts say that whatever the government’s failings at protecting American companies from cyberattack, creating a mini-NSA in Midtown Manhattan isn’t the answer, especially given the power and influence already wielded by Wall Street banks.
The nature of the data breach that has JPMorgan so worried also undermines the company's claim that these measures are necessary. The breach, after all, was caused by an oversight.

From a New York Times report on how the record-setting breach happened in the first place:

The attack against the bank began last spring, after hackers stole the login credentials for a JPMorgan employee, these people said. Still, the attack could have been stopped there.

Most big banks use a double authentication scheme, known as two-factor authentication, which requires a second one-time password to gain access to a protected system. But JPMorgan’s security team had apparently neglected to upgrade one of its network servers with the dual password scheme, the people briefed on the matter said. That left the bank vulnerable to intrusion.

What does it take to make sure a critical oversight like this doesn't happen again? JPMorgan seems to think the answer requires hiring former military cyber-warfare experts and setting up shop next to the NSA. It's bringing a fleet of warships to a knife fight.

That's an oversimplification, of course. But based on the information available to the public, the nature of JPMorgan's data breach and its response are incongruous, to say the least.

[illustration by Brad Jonas]