What You Can Learn from the JPMorgan Breach

Hacker at computer with binary floating around
Written by Nick Gagalis
Content Marketing Specialist

Ever since the JPMorgan Chase breach was made public, companies have been watching closely to see the aftermath, the bank's course of action, and any best practices that may be developed as a result.

In this post, I've highlighted some of the most notable details of the breach, explaining why they're important and why they matter even outside of the Financial Services industry.

The Attack

The News:

Even after the breach was mentioned in the media it wasn't immediately known exactly who the culprits were, or why they targeted JPMC. The breach lasted two months, before a hacker's mistake allowed a vendor to notice it:

“The bank learned hackers stole contact information for 76 million households and 7 million small businesses that dealt with J.P. Morgan because the intruders had used some of the same offshore servers to hack both the bank and the website of the J.P. Morgan Corporate Challenge, according to people familiar with the matter… Hackers were in the bank’s network for about two months undetected, only revealing themselves because of an apparent slip-up by the hackers and a report by a security vendor in early August.”

This breach was the second in as many summers for JPMC, after the UCard infiltration lasted from mid-July to mid-August in 2013.

Why it Matters:

The longer a breach goes undetected, the easier it is for hackers to dig deeper into the enterprise and access sensitive information. This highlights why it’s important for organizations to adopt security intelligence tools that allow them to detect and respond to threats in real time, across the business ecosystem. Acting fast to minimize damage is essential.

The Response

The News:

JPMC will have to physically change much of its IT infrastructure because of the hack.

“The bank, which reports that hackers gained access to root access to many of its servers, will have to essentially strip out and replace much of its internal IT infrastructure, a process that Edwards estimates could take "months at the least."”

Why it Matters:

There are high costs both in breach prevention and resolution, and that will never change.

The threat landscape is constantly evolving, and at a pace that can be difficult for even the most resourced organizations to keep up with. The key to staying ahead of attackers is knowing where your vulnerabilities lie and how they can be exploited. This includes being aware of security risks across your entire digital supply chain, as you are only as secure as the weakest link.

The News:

Not directly related to the breach, but in response to attacks leveraged against the industry, many large banks are joining forces to form Soltra Edge software to protect against hackers.

Bitsight Executive Report Example

New! The Security Ratings report is now the Executive Report. Request your report to see enhanced analysis such as your rating, likelihood of ransomware incidents, and likelihood of data breach incidents.

“The Soltra Edge platform is part of a broader set of tools the industry is using to try to fight hackers. J.P. Morgan Chairman and CEO James Dimon recently said the bank would double spending on cybersecurity in coming years, and Bank of America Corp. Chairman and CEO Brian Moynihan also said that his bank has doubled or tripled its own spending on the issue over the past five years.”

Why it Matters:

Banks are sharing more information to become safer, and have become a model to other industries in this fashion. Knowing what threats face your industry, and specifically, what vulnerabilities are being exploited in other networks, can help organizations improve their defenses. Participating in industry ISACs and using tools like threat intelligence, vulnerability testing, and performance benchmarking are key to being prepared when it comes to facing attacks. It will be interesting to see how the adoption of this technology will influence security strategies in other industries.

What Hackers Might Do with the Data

The News:

Even though it is reported that no sensitive information was stolen, the hackers accessed enough data to potentially carry out large-scale phishing attacks.

“The olive branch after the deluge of news about the JPMorgan breach that exposed the personally identifiable information of 83 million customers was that no bank account information, or more sensitive personal information like Social Security numbers, had been compromised. What got lost in that torrent of stories was the fact that the information that did get exposed could unleash the mother of all phishing attacks… The more likely scenario is that we are watching a multi-layered crime unfold in real time.”

Why it Matters:

Though the breach was detected, the threat to customers has not been fully remediated. Consumers will now need to monitor their accounts and be on the lookout for unauthorized transactions, as well as be on guard for scammers. Possible fraudulent activity, credit monitoring and investigations will continue to add costs for the banks in remediating this breach.

**********

An important lesson from the JPMC attack reminds us that even the most well-defended organizations are vulnerable. Attacks can come from anywhere, be large or small, and stem from a variety of motivations. In the case of JPMC, at least five other banks found the same attacker trying to breach their networks- highlighting the important role that information sharing and threat analysis play in strengthening our defenses against targeted attacks. Other banks have been quick to react to this now well-known threat, and hopefully, we won’t hear of more successful attacks.