HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Network Security / Lessons from JPMorgan Data Breach
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
Lessons from the JPMorgan Chase Cyberattack
Lessons from the JPMorgan Chase Cyberattack
By Jennifer LeClaire / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
28
2014


JPMorgan Chase is investigating a possible cyberattack. The banking giant is cooperating with law enforcement agencies, including the FBI, to understand what data hackers may have obtained in the attack, according to a Reuters report.

JPMorgan declined to comment, but company spokeswoman Trish Wexler told Reuters the bank is moving to safeguard sensitive or confidential information. No unusual fraud activity has been discovered so far.

The FBI said it was working with the Secret Service "to determine the scope of recently reported cyberattacks against several American financial institutions."

No Way to Completely Avoid Attacks

Aviv Raff, CTO and chief researcher at advanced-threat protection firm Seculert told us that while the motivation behind the attack against JPMorgan Chase is unknown, it is known that gigabytes of sensitive data were stolen.

"Much like the Target breach, where over 11 gigabytes of private data was stolen, the JPMorgan breach shows again that there is no way to 100 percent prevent an attack," Raff said. "It's up to the enterprise to use the best tools to detect the compromised devices as soon as possible, before the data is stolen and the incident becomes a breach."

We also turned to TK Keanini, CTO at network security firm Lancope, to get some additional insight. He told us it's no longer a game of not being infiltrated -- it is a game of detecting hackers and shutting them down before they can exfiltrate or advance their operations.

Keanini offered a physical bank robbery analogy: It is not about breaking into the bank -- it is about getting out and being able to spend the loot without being detected.

What's the Enterprise Solution?

"Financial institutions like JP Morgan have a readiness for these types of incidents that are the best in the industry," Keanini said. "The fact that business continuity was not an issue and that they are working with law enforcement to catch the crooks is exactly the pattern you want to see."

From Keanini's perspective, this is what good incident response looks like from the outside. Depending on how the investigation plays out, he said, we may or may not get more details but we will have to wait and see.

"The pattern here is state of the art and will repeat itself until it is no longer effective for the attackers," he said. "Once these attackers have credentials to internal systems, they no longer set off traditional security alarms because these detection methods are watching for bad things to happen and for weeks and months, they just operate as that user and no violations are triggered."

Keanini's conclusion: The solution is to employ complementary forms of detection like anomaly detection methods that can detect when this user's behavior has changed significantly or suspicious connections are made.

Tell Us What You Think
Comment:

Name:

Charles:
Posted: 2014-09-05 @ 11:36pm PT
Give them a void trap configured from last point of modulation signature?

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
ISACA® offers a global community of more than 115,000 IS/IT constituents in over 180 countries. We develop and deliver industry-leading certifications, education, research and business frameworks. We equip individuals to be leaders in the fast-changing world of information systems and IT - Learn More>
MORE IN NETWORK SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Sony is no stranger to breaches. Sony’s PlayStation Network was hacked in 2011 and attackers obtained 77 million user accounts. The latest attack comes against Sony Pictures Entertainment.

ENTERPRISE HARDWARE SPOTLIGHT
Doctor Who had K-9, the robot dog that accompanied him on adventures through space. Now, Mountain View has K5, a 5-foot-tall, 300-pound robot security guard patrolling in the Bay Area.

MOBILE TECHNOLOGY SPOTLIGHT
Beleaguered handset maker BlackBerry is targeting iPhone users with an offer the company hopes they can’t refuse -- $550 to leave Apple and switch to the new BlackBerry Passport.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.