Information Security And Governance JP Morgan Chase Hack Case

Question: Discuss about the Information Security and Governance for JP Morgan Chase Hack Case. Answer: The Cyber Crime of JP Morgan Chase Case JP Morgan Chase Co. is one of the largest multinational banking sectors of USA faced greatest cyber breach of history in October 2014, where contact information of 83 million customers and financial 70 million cardholders were hacked (Bankinfosecurity.com. 2016). According to the investigators, if the organization has set up simple security protocols on their server of the vast network system, this security breach can be halted. The hackers inserted list of malicious programs and applications on the computer system of JP Morgan Bank and gained access to the personal as well as financial information such as name, phone numbers, addresses and credit card numbers of the account holders (Fast Company. 2014). As stated by the investigator, hackers stole the email addresses of the customers at first and then send fake messages to chase the customers by using their login credentials. Technical or Business Issues Technical Issues: The hackers used various methods such as Brute Force Attack to break the internal network of the computer system and steal the confidential information of more than million customers JP Morgan bank (Bloomberg.com. 2014). Brute force attack is a trial and error method through which the encrypted data of the system such as passwords, social security numbers or other information can be decrypted (Forbes.com. 2016). Through this, the hackers got access to the customer database on the network and easily steal the information easily. Hackers made the target on the personal computers of JP Morgan's employees and inserted infected VPN (Virtual Private Network) software to gain remote access and to send malicious data and programs throughout the system of the organization (Jpmorgan.com. 2016). By using the malicious software program which is called a Carbank, the hackers send emails to the bank employees and gain access to the administrative computer of the organization. These inserted malware programs recorded the keystrokes and took screenshots of the computer so that hackers monitored all the bank processes from the remote location (www.jpmorganchase.com. 2016). Moreover, the users were unknowingly clicked on the malicious websites sent by the hackers, so that the hackers get full access to the confidential information of the customers. From the investigation, it has also found out that, the cyber attackers used multiple zero-day strategies which allowed the hackers to develop patches and place customer malware layers into the network. As a result, the confidential information stored in the database system of the organization was hacked. Business Issues: Technical challenges were not the major reasons behind this cyber security breach but also the management of the organization were failed to optimize the solutions for this cyber security crime. The absence of skilled IT security engineers and specialists are the vital point in this aspect that could defend or prevent the organization from this hazardous cyber security attack (Forbes.com, 2016). Then, use of outdated technologies in the security system of the network creates potential opportunities for the hackers to get full access to the internal system of the organization. Moreover, the organization was unable to set limited access rights and permission due to the limited budget, which allowed the hackers to have countless ways to get into the system, its data, and applications. With all these factors, many other issues are identified such as the physical devices such as hardware server and network which is used to share information are not structured properly (Bloomberg.com. 2014). In addition, the organization takes the help of external vendors which is greatest security issues as the organization was failed to set the access rights. Incident Strategy Countermeasures Taken by the Organization After facing the hazardous consequences of the cyber security breach, the organizational authorities of JP Morgan has decided to enhance their security which costs almost 250 million per year and is handled by a team of 1000 people (Jpmorgan.com. 2016). Technical Strategies: The organization has evolved their internal IT structure with advanced security tools such as firewall application, an encryption technique, and many others to prioritize the security breaches and to solve them immediately. Use of end to end digital technique helps to encrypt the messages between senders and receivers, and no third party can decrypt those messages (Commercial.jpmorganchase.com. 2016). Figure 1: Technical Security Tools (Source: Tisdale 2015, pp-16) Then the firewall installation inside the system helps to monitor and control the incoming as well as outgoing traffics of the network and protect the system to get attacked by malicious codes and programs. Policy Implementation: JP Morgan has strengthened their security policies by the help of the third party who helped to ensure that the sensitive and confidential information of the organization are protected. In addition, vendors offered documented security policies regarding hardware and software protection, email security and remote access policies (www.jpmorganchase.com. 2016). This security polices play a major role to use encryption standards, disaster recovery plans, and data protection methods throughout the organization. Government and Human Aspects: in order to implement the cyber security policies effectively; the organization has made a security team with skilled IT personalities who have set up security operations to monitor and defend the company. The cyber security personnel has become doubled, and they continuously assess the effectiveness of the cyber security program (Bloomberg.com. 2014). In addition, the organization has made a strong partnership with the vendors and takes the support of the government to enhance the capabilities of dealing cyber security crimes through advanced analytics, robust testing and improved technologies. Effectiveness of the Countermeasures The countermeasures taken by JP Morgan Chase are effective to some extent but still needs some improvements. In most of the banking organizations, two kinds of authentication systems are used which needs second one time password for gaining access to the internal system if the company (Von Solms and Van Niekerk 2013). However, from the investigation, it has been observed that JP Morgan overlooked the security protocols, and only their network server was not upgraded with this dual password scheme. In addition, it has also been identified that the IT security experts are not able to implement proper software flags which can inform the organization about the unauthorized activities (Jpmorgan.com. 2016). Then, impossibility to keep the internal network separate from the external providers can lead to future security breaches. Alternative Solution By analyzing the effectiveness of the countermeasures taken by JP Morgan to protect their data and information, the following recommendations are provided to enhance the security solutions in an optimized way. Deploy of HIPS System: HIPS (Host Based Intrusion Prevention System) software which combines all the functions of antivirus, firewall and intrusion detection system which helps to stop and blocks the malware and viruses from doing harms (Liu et al. 2015). Figure 2: HIPS System (Source: Von Solms and Van Niekerk 2013, pp-100) Vulnerability Assessment and Penetration Testing: A network visibility map should be created to identify the targets of the hackers. Pen testing helps to focus on the total amount of information accessed during hacking. On the other hand, vulnerability testing helps to identify, define and classify the security loopholes present in the network system of the organization. Both are crucial to maintaining secure environment throughout the organization (Blythe 2013). Conclusion From this report, it can be concluded that cybersecurity breach is the most hazardous incident which can disrupt the entire business operation. Conclusively it can be stated that the cyber security breach of JP Morgan not only creates negative impacts on the organizational brand image but also lost customers trust and beliefs. Therefore, it becomes very necessary to mitigate the problems from the grassroots level as soon as possible. In this aspect, the organizational authorities have taken up so many approaches regarding technical and human aspects. However, from the analysis, it has been identified that dual password scheme is the major necessity of this organization to authenticate their system and to protect confidential data of the customers from cyber attacks. In addition, advanced security system such as HIPS technology with proper training of the employees can enhance the security of the business operations in an optimized and profound way. References Bankinfosecurity.com. 2016.New JPMorgan Chase Breach Details Emerge. [online] Available at: https://www.bankinfosecurity.com/further-jpmorgan-breach-details-emerge-a-7249 [Accessed 1 Aug. 2016]. Bloomberg.com. 2014.JPMorgan Hack Said to Span Months Via Multiple Flaws. [online] Available at: https://www.bloomberg.com/news/articles/2014-08-29/jpmorgan-hack-said-to-span-months-via-multiple-flaws [Accessed 1 Aug. 2016]. Blythe, J., 2013. Cyber security in the workplace: Understanding and promoting behaviour change. Proceedings of CHItaly 2013 Doctoral Consortium, 1065, pp.92-101. Business Insider. 2016.JPMorgan is the chief victim in the largest theft of customer data from a financial institution in US history. [online] Available at: https://www.businessinsider.in/JPMorgan-is-the-chief-victim-in-the-largest-theft-of-customer-data-from-a-financial-institution-in-US-history/articleshow/49739816.cms [Accessed 1 Aug. 2016]. Commercial.jpmorganchase.com. 2016.How to Prepare for a Network Breach | JPMorgan Chase. [online] Available at: https://commercial.jpmorganchase.com/pages/commercial-banking/executive-connect/prepare-network-breach [Accessed 1 Aug. 2016]. Fast Company. 2014.This Is Why The Enormous JPMorgan Chase Hack Is So Scary. [online] Available at: https://www.fastcompany.com/3036633/fast-feed/this-is-why-the-enormous-jpmorgan-chase-hack-is-so-scary [Accessed 1 Aug. 2016]. Forbes.com. 2016.Why J.P. Morgan Chase Co. Is Spending A Half Billion Dollars On Cybersecurity. [online] Available at: https://www.forbes.com/sites/stevemorgan/2016/01/30/why-j-p-morgan-chase-co-is-spending-a-half-billion-dollars-on-cybersecurity/#4bd1e1d62a7f [Accessed 1 Aug. 2016]. Jpmorgan.com. 2016.Three Steps to Improve Your Cybersecurity | J.P. Morgan. [online] Available at: https://www.jpmorgan.com/country/US/EN/cb/preventing-cybercrime [Accessed 1 Aug. 2016]. Liu, Y., Sarabi, A., Zhang, J., Naghizadeh, P., Karir, M., Bailey, M. and Liu, M., 2015. Cloudy with a chance of breach: Forecasting cyber security incidents. In 24th USENIX Security Symposium (USENIX Security 15) (pp. 1009-1024). Tisdale, S.M., 2015 Cybersecurity: Challenges From A Systems, Complexity, Knowledge Management And Business Intelligence Perspective. Issues in Information Systems, 16(3). Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers security, 38, pp.97-102. www.jpmorganchase.com. 2016.A Culture of Excellence. [online] Available at: https://www.jpmorganchase.com/corporate/annual-report/2014/document/JPMC-AR2014-LoBCEO-letters-MZames.pdf [Accessed 1 Aug. 2016].