06 October 2014
A data breach at JPMorgan Chase and Co has resulted in disclosure of user information affecting millions.
The US-based bank has stated that the cyber-attack has left about 76 million households and seven million small businesses compromised.
User contact information, such as name, address, phone number and email address, as well as internal information about these users held by the bank have been taken.
According the JPMorgan, there is no evidence that account information of the affected customers, such as account numbers, passwords, user IDs, dates of birth and social security numbers, have been compromised in the attack. The bank has added that it has not seen any unusual customer fraud related to the incident.
VP EMEA at Netskope Eduard Meelhuysen told Governance + Compliance that ‘it looks as though hackers used a virtual private network (VPN) connection to get into the organisation. However, whether VPN or cloud-based, remote access appears to be the common denominator among these recent breaches. To truly mitigate risk, IT needs to have in-depth knowledge of their network, using application discovery and analytics tools to ensure 100% visibility of their set-up.
‘Beyond this, there are three simple, yet important, things that IT can do when enabling remote access to the corporate network, cloud or otherwise: multi-factor authentication; robust audit logging; and anomaly detection.
‘The first two of these should be standard fare for most IT/security departments and any enterprise-ready app they're utilising. Provided IT knows about the applications in use, these two things alone go a long way in making it harder for bad guys to do their bidding and for IT to quickly identify breach points when they occur. Anomaly detection, however, is an area gaining interest because it utilises machine learning to find things even the most hardened security expert might not – and that's critical in a world where the breach vectors number in the thousands.’
In defence of major institutions and especially banks, that are having to deal with cyber-crimes on a daily basis, Chief Security Officer at Fujitsu UK & Ireland, David Robinson said: ‘We should all remember that the banks successfully foil many more attacks than ever get reported in the media.’