SlideShare ist ein Scribd-Unternehmen logo

Case study on JP Morgan Chase & Co

Als DOCX, PDF herunterladen
V
Victor Oluwajuwon Badejo

A detailed analysis on one of the biggest data breaches in history...What JP Morgan Chase & Co did wrong and proposed mitigation techniques. The data breach at J.P. Morgan Chase is yet another example of how our most sensitive personal information is in danger. .

Business
1 von 8
Case Study: Information Security Risk Analysis on the Cyberattack on J.P. Morgan Chase & Co. Written by: Badejo, Victor Oluwajuwon 14th February, 2016
Abstract In whatis consideredbymanytobe one of the biggestbreachesinhistory, the cyberattackonJPMorgan Chase & Co in July2014, has leftmanywithquestionsaboutthe overall securityof our cyberspace. The attack was made publicinSeptember2014 but was discoveredbythe bank'ssecurityteaminlate July 2014, andwas not completelyhalteduntil the middle of August. Thiscase studyshowsinitsanalysis that over76 Millioncustomeraccounts were exposed whendedicatedcriminals exploitedvulnerabilities at the Workstation,LAN aswell asRemote accessdomainsof the company’sITinfrastructure.Failure to turn on twofactor authenticationonaserver,the hackers eventuallygained high-leveladministrative privilegesintothe bank.Over90 of the bank’sserverswere affected. Giventhe level of sophisticationof the attack, it isbelieved thatthe attack was plannedformonthsandmay have involvedsome coordinationorassistance froma foreigngovernment. Furtheranalysiswere able tohelp narrow downthe breachto thatof confidentiality.It laterbreaks downthe attack intothreat,vulnerabilityandthreataction.It proposesmitigationtechniques likemore hardeningof networksystemstoavoidre occurrence.Italsoprovides countermeasureslikesecurity freeze, todeal withthe riskthatoccurred andto handle future threatsresultingfromthe cyberattack. The data breach at J.P.Morgan Chase is yetanotherexample of how ourmostsensitivepersonal informationisindanger. Key Terms Confidentiality,cyberattack, workstationdomain,LAN domain, remoteaccessdomain, spearphishing, boilerplate advice,twofactorauthentication.
1. Introduction J.P.Morgan Chase & Co. is one of the world'sbiggestbanksthatcontrolstotal assetsworthmore than $2.59 Trillion. The Companyisengagedininvestmentbanking,financialservicesforconsumerswith small businesses,commercial banking,financialtransactionprocessingandassetmanagement.J.P. Morgan Chase'sactivitiesare organizedintofourbusinesssegments.The Company'sConsumer& CommunityBankingsegment,The Corporate &InvestmentBank,The Commercial Banking(CB) andThe AssetManagementsegment. (The NewYorkTimesCompany,2008).It is alsothe world’ssixthlargest bankin termsof total assets.A bankwithsuch a record woulddefinitelybe aprime targetfor cybercriminals.Byspendingmillionsannuallyonsecurity,the bankhasmaintainedahighlevel of performance overthe years. In July2014, the largestbank inthe UnitedStatesfell victimof awell-plannedcyberattack. The hackers compromisedthe accountsof 76 millionhouseholdsand7millionsmall businesses.“Names,addresses, phone numbersandemail addressesof the holdersandsmall businessaccounts,83in total, were exposedwhencomputersystemsatJ.P.Morgan Chase & Co were compromisedbyhackers,makingit one of the biggestdatabreachesinhistory”(Agrawal,2014).IntrusionwhichbeganinJune andwasn’t discovered until Julygoestoshow the depthof the breach. “By the time the bank’ssecurityteam discoveredthe breachinlate July,hackershadalreadyobtainedthe highestlevel of administrative privilegetodozensof the bank’scomputerservers.”(Silver-Greenberg,2014).The fact that ittook authoritiessuchatime to detectthe attack showshow vulnerableJ.P.Morganandother financial institutionsare tocybercrime.
2. Analysis The cyberattack onJ.P. Morgan exposednew levelsof vulnerabilitiestofinancial institutions.Previous breachesat bankshad involvedtheftof personal identificationnumbersforATMaccounts,not burrowingdeepintothe internal workingsof bank’scomputersystems.(Silver-Greenberg,2014).Prior to the attack, financial institutionswere considered safe because of theirinvestmentsinmitigating online threatsaswell asintrainingsecuritystaff.Thismade itdifficulttodetectthe breach,asit exploitedvulnerabilitiesthe companyhadprobablyconsideredasresidual risk. The hackers were able toobtaina listof applicationsandprogramsthatran onthe bank’scomputers and createda road map usingvulnerabilitiesintheseprogramsandapplications,asan entrypointinto the bank’ssystems.The cybercriminalsgainedhighlevelaccessintothe company’ssystems, butthe bankwas able to detectand stop the hackersbefore theycouldsiphoncustomeraccounts. 2.1 AddressingCIA Confidentiality Clearly,the cyberattackonJ.P. Morgan Chase & Co,was a breachof confidentiality. “The hackerswere able to reviewinformationaboutamillioncustomeraccountsandgain accessto a listof the software applicationsinstalledonthe bank’scomputers”.(Goldstein,2014).The goal of confidentialityisto ensure the protectionof private and/orpersonal information, J.P.MorganChase &Co. clearlyfailedto protectthe informationof itscustomers. Althoughitmightbe difficulttofindeverylastvulnerabilities,below isbreakdownof the attackinto threat,vulnerabilityand threataction. Threat Vulnerability Threat Action (WorkstationDomain) (Unintentional Threats)  Uninformed Employees(lacking propersecurity training)  SessionHijackingasa resultof Improper securitymeasures  outdatedpatchingof programsand applications  Malware installationdueto outdatedantivirus  Undetectedand unauthorizedaccessto programsand applications that interactwithservers on the network through the workstation (LAN Domain) (IntentionalThreats)  Hackers  Failure toupgrade one of itsnetworkservers  Two factor authenticationswitched off on a server  NewPatchesnotapplied  Accessto insecure server throughwhichfurther confidentialinformation was retrieved  Names,Addresses,Phone numbersand e-mail addressesof 83 million account holdershadbeen exposed
 The possibilitythatcrooks mightbe able to produce more convincingphishing attacks usingthe stolen information. (Remote AccessDomain) (IntentionalThreats)  Hackers  Failure tocheck login passwordsforcase sensitivityonwebsite  Remote accessto the company’swebsite by unauthorizeduserswhoin turn stole valuable information. 2.2 Addressingthe Typical IT Infrastructure Domains. 2.2.1 WorkstationDomain The hackers were able toexploitthe vulnerabilitiesatthe workstationdomainandeventuallygained access to programsand applicationsinstalledonJ.P.Morgan’ssystems.Thisthreatactioncouldhave beenpossiblethroughsessionhijackingof aninactive user.Once the hackerswere able togetaccessto the listof programs and applicationsrunningonthe systems,theythencrosscheckedtheseprograms for furthervulnerabilitiesi.e.securityweaknesses. Itcouldhave alsobeenasa resultof an outdated anti-viruswhichpermittedamalware tobe installedonthe system.The malware’sfunctioncouldhave beentoread and recordprogramsand applicationsrunninginthe system.Thisthenbecameanentry pointintothe company’sservers. 2.2.2 LAN Domain. The hackers thencontinuedtheirexploitof the networkatthe LAN domain as a resultof vulnerabilities presentthere aswell aftergaininginitial accessthroughthe workstationdomain. “Hackersbroke into J.P.Morgan's networkthrougha giantsecurityhole leftopen byafailure toswitchontwo-factor authenticationonanoverlookedserver.Failedtoupgrade one of itsnetworkservers,meantthataccess was possible withoutknowingacombinationof apassword and the value of a one-time code.The workingtheoryisthathackersusedcompromisedaccesstothe insecure serverasa launchpad for attacks againstmore sensitivesystems.”(Leyden,2014) At thispoint, the hackersalreadyhada strong footholdwithaccesstologincredentials,highlevel passwords,aswell asthe listof all programsand applications.The attackcouldtherefore be continued remotelyanditwasonlya matter of time before the hackerswere able tobreak into90 serversinthe company,therebygainingaccesstomillionsof customerdetails. 2.2.3 Remote Access Domain. The website fora corporate challenge organizedbythe bank,whichwas managedbya thirdparty was attackedas well. “Followingthe bank’sinvestigation,itwasdiscoveredthatthe hackershad compromisedsome user’s loginandpassworddetailstothe website. Afterthe Corporate Challenge attack, J.P.Morgan senta letterto some website userssayingthatithad discoveredthathackershad compromisedlogincredentialsandpasswords.Butthe bankdoesnotbelieve thatthe websiteattack
was the entrypointforthe broader intrusionintoJ.P.Morgan’snetwork.”(The New YorkTimes Company,2008) The remote accessdomainwas exploitedasaresultof userswhologgedinintothe company’swebsite fromvariouslocationsfora corporate challenge organizedbythe bank.Although,the claimbythe bank mightbe true,it alsopointsto the fact that vulnerabilitiesinthe site wasexploitedbyhackerswho used remote accessas an entrypointto the bank’ssystems.The levelof penetrationiswhatisleftunknown. Some userscomplainedinthe commentsectionof the New YorkTimespublicationthat,the website was notcase sensitiveinreceivingpasswords. Accordingtoa particularwoman,“There isan ongoing securityissue where the application (website)isnotcheckingthe loginpasswordsforcase sensitivity.I am able to logintomy account irrespective of whetherI enteruppercase or lowercase alphabets. This isa majorsecurityriskandchase doesn'tseemtohave beenbotheredaboutit.Ihave openedaticket withcustomerservice buthaven'theardbackfrom them.” 2.3 MitigationTechniques The vulnerabilities thatwere exploitedcanbe categorized intotwomaingroups.  Disclosure:A situationwhereby unauthorizedusers gainaccesstoinformationorinformation systems.  Interception:A situationwherebyunauthorizeduserscopyinformationfromserversoron networks. The bank couldhave avoidedthe attackif it had considered the following: i. Employee awareness:More attentionshouldbe giventothe trainingof staff astheyare more susceptible toreveal personal informationwithoutrealizingit.Regularpractice based testswouldensure employeesare uptodate withthe vulnerabilitiesassociatedwiththeir jobs.The hackersmost likelygotthe listof all programsrunningonthe bank’ssystems throughan employee’sworkcomputer. Betteremployee awarenesscouldhave prevented disclosure. ii. Hardeningnetworkoperatingsystemsandnetworkdevices:If properpatcheswere applied regularly,the level of accessof the attackerscouldhave beenreduce andthe bank would have avoidedthe breachof itsservers.Failure toswitchontwofactor authentication shouldn’tbe happeningatsucha large organization.Thisultimatelycouldhave prevented Interception. 2.3.1 Countermeasures The analysisclearlyshowsthatthe banksufferedaconfidentialitybreach.The bestwaytomitigate such a losswouldbe to lookintopossible furtherthreatsthatcouldoccur withthe informationgathered.We wouldtherefore lookattwomain ways to reduce the impactof the loss. i. SecurityFreeze ii. BoilerPlate Advice
Security Freeze:“A CreditFreeze,alsoknownasaSecurityFreeze, isawayfor youto have maximum control of accessto your credit.A more dramatic stepto protectyourcredit.”(TransUnion,2016). A Securityfreeze wouldbe agoodcountermeasure forcustomersof J.P.Morganaftersuch a hack on the company. Securityfreezesare basically designedtopreventacreditreportingcompanyfromreleasing your creditreportwithoutyourconsent. While itinterfereswiththe timelyapprovalof anysubsequent requestorapplicationyoumake regardinganew loan,credit,mortgage,governmentservicesor payments, utilities orotherservices,iteliminatesanymonetarylossof the customer’smoneyduring thisperiod. (SecurityFreeze) BoilerPlate Advice:Afterthe hack,J.P.Morgan advisedcustomersonitswebsitethatitdoesnot believetheyneedtochange theirpasswordsoraccount information.Thisseemslike awrongdecision. A template thatstatesthe waysof protectingthemselvesfromphishingattacks shouldbe distributedto customers.“Regularlymonitorall of youraccounts;read everytransactiononyourcreditstatement everymonth;andcheck eachof yourthree creditreportsregularly,whichyouare allowedtodofree at leastonce a year.” (Bernard,2014) 3. Conclusion What the hackersare planningto do withthe data fromJ.P. Morgan remainsunknown.The biggestrisk isthat they will tryto extractmore sensitive informationfromaffectedconsumers. “Itispossible that the thievescouldsell the J.P.Morgandatato others,whocouldthencombine itwithpubliclyavailable information,foundthroughcensusdataor social media”,saidPamDixon,executive director atthe WorldPrivacyForum.What thismeansis thatalthoughthe hack has beendetectedandstopped, customersof J.P.Morgan are still likely tobe victimsof spearphishing. 3.1 SilverLining Despite the factthat over76 millionaccountswere affectedbythe hack,there are still some positivesto note. A good pointto note,isthe fact that no monetarylosswasincurredbythe customersaffected. Although,the factthat nomoneywastakendidnot necessarilymeanitwasa case of state-sponsored espionage, itcouldmeanhackerswere able toaccess a call logof whoto victimize, butwere detected and couldn’tsiphoncustomeraccounts.A logof whoto victimize wasstolen,butthatitself isnot enoughtosteal someone’sidentity. AccordingtoKristinLemkau,aJ.P.Morgan spokeswoman.“We are confidentwe have closedanyknownaccesspointsandpreventedany future accessinthe same way” (Goldstein,2014).Ms. Lemkauaddedthat the bankhad “not seenanyunusual fraudactivity”since the intrusionwasdiscoveredandsaidthatthere was“no evidence thattheyhave takenanyproprietary software”orhad a “blueprint”of the bank’scomputernetwork"(Goldstein,2014). Goldstein,2014, asksa goodquestion,“Have some othertrapdoorsbeenleftoverthatcan be accessed?”The claimisthat there isno evidence of breachof closelyguardedinformation.Absence of evidence howeverdoesnotconstitute evidence of absence. AccordingtoBruce Schneier, “Securityis out of your control,the onlythingyoucan do isagitate for lawsaboutregulatingthird-partyuse of your data and howthey store it,use it and collectit”(Bernard,2014)
References Bernard,T. S. (2014, October3). Waysto ProtectYourself After theJPMorgan Hacking. Retrievedfrom The NewYork TimesCompany:http://www.nytimes.com/2014/10/04/your-money/jpmorgan- chase-hack-ways-to-protect-yourself.html?ref=dealbook Goldstein,N.P.(2014, September12). AfterBreach,JPMorgan Still Seeksto DetermineExtent of Attack. RetrievedfromThe NewYorkTimesCompany: http://www.nytimes.com/2014/09/13/technology/after-breach-jpmorgan-still-seeks-to- determine-extent-of-attack.html?ref=dealbook&_r=0 Leyden,J.(2014, December23). JPMorgan Chasemega-hackwasa simpletwo-factorauth fail. RetrievedfromThe Register: http://www.theregister.co.uk/2014/12/23/jpmorgan_breach_probe_latest/ SecurityFreeze. (n.d.).Retrievedfromhttp://www.experian.com/consumer/security_freeze.html Silver-Greenberg,M.G. (2014, October2). Dealbook.nytimes.com. Retrievedfromnytimes.com: http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security- issues/?_php=true&_type=blogs&_r=1 Sousa,L. D. (2016, January 26). RiskManagementFundamentals.Vancouver,BritishColumbia,Canada. Tanya Agrawal,D.H. (2014, October2). ThomsomReuters. RetrievedfromThomsomReuters: http://www.reuters.com/article/us-jpmorgan-cybersecurity-idUSKCN0HR23T20141003 The NewYork TimesCompany.(2008). The New York Times Company. Retrievedfromnytimes.com: http://topics.nytimes.com/top/news/business/companies/morgan_j_p_chase_and_company/in dex.html TransUnion.(2016). Credit Freeze. RetrievedfromTransUnionLLC: https://www.transunion.com/credit- freeze/place-credit-freeze Wikipedia.(2015,December8). Wikipedia.RetrievedfromWikipedia: https://en.wikipedia.org/wiki/2014_JPMorgan_Chase_data_breach

Empfohlen

Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
 
Target Breach Analysis
Target Breach AnalysisTarget Breach Analysis
Target Breach AnalysisTal Be'ery
 
Equifax data breach
Equifax data breachEquifax data breach
Equifax data breachSajib Sen
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?Datto
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Cyber security and Cyber Crime
Cyber security and Cyber CrimeCyber security and Cyber Crime
Cyber security and Cyber CrimeDeepak Kumar
 

Empfohlen

Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
 
Target Breach Analysis
Target Breach AnalysisTarget Breach Analysis
Target Breach AnalysisTal Be'ery
 
Equifax data breach
Equifax data breachEquifax data breach
Equifax data breachSajib Sen
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?Datto
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Cyber security and Cyber Crime
Cyber security and Cyber CrimeCyber security and Cyber Crime
Cyber security and Cyber CrimeDeepak Kumar
 
Cyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorCyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorFarook Al-Jibouri
 
Types of attacks in cyber security
Types of attacks in cyber securityTypes of attacks in cyber security
Types of attacks in cyber securityBansari Shah
 
Wells Fargo Account scandal Case
Wells Fargo Account scandal CaseWells Fargo Account scandal Case
Wells Fargo Account scandal CaseSreejith Nair
 
IMT 552-JPMorgan Chase & Co. Risk Assessment v05
IMT 552-JPMorgan Chase & Co. Risk Assessment v05IMT 552-JPMorgan Chase & Co. Risk Assessment v05
IMT 552-JPMorgan Chase & Co. Risk Assessment v05Daniel Kapellmann Zafra
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptxIkramSabir4
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber CrimeAccenture
 
Cybersecurity Incident Management PowerPoint Presentation Slides
Cybersecurity Incident Management PowerPoint Presentation SlidesCybersecurity Incident Management PowerPoint Presentation Slides
Cybersecurity Incident Management PowerPoint Presentation SlidesSlideTeam
 
Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptxAmineRached2
 
Ransomware
RansomwareRansomware
RansomwareChaitali Sharma
 
Pegasus, A spyware
Pegasus, A spywarePegasus, A spyware
Pegasus, A spywareManash Kumar Mondal
 
Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowSkycure
 
Cyber security Information security
Cyber security Information securityCyber security Information security
Cyber security Information securityAYESHA JAVED
 
Man in the middle attack .pptx
Man in the middle attack .pptxMan in the middle attack .pptx
Man in the middle attack .pptxPradeepKumar728006
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2Semir Ibrahimovic
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: WannacryMikel Solabarrieta
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)Network Intelligence India
 
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNINGBUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNINGHealth Informatics New Zealand
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking SectorQuick Heal Technologies Ltd.
 
Presentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & controlPresentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & controlDominic Sroda Korkoryi
 
Research paper on cyber security.
Research paper on cyber security.Research paper on cyber security.
Research paper on cyber security.Hussain777
 
J.P Morgan Chase & Company Case study
J.P Morgan Chase & Company Case studyJ.P Morgan Chase & Company Case study
J.P Morgan Chase & Company Case studyAnnapurna Sinha
 
J. p morgan project PPT
J. p morgan project PPTJ. p morgan project PPT
J. p morgan project PPTVijay Mehta
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorCyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorFarook Al-Jibouri
 
Types of attacks in cyber security
Types of attacks in cyber securityTypes of attacks in cyber security
Types of attacks in cyber securityBansari Shah
 
Wells Fargo Account scandal Case
Wells Fargo Account scandal CaseWells Fargo Account scandal Case
Wells Fargo Account scandal CaseSreejith Nair
 
IMT 552-JPMorgan Chase & Co. Risk Assessment v05
IMT 552-JPMorgan Chase & Co. Risk Assessment v05IMT 552-JPMorgan Chase & Co. Risk Assessment v05
IMT 552-JPMorgan Chase & Co. Risk Assessment v05Daniel Kapellmann Zafra
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptxIkramSabir4
 
Cybersecurity Incident Management PowerPoint Presentation Slides
Cybersecurity Incident Management PowerPoint Presentation SlidesCybersecurity Incident Management PowerPoint Presentation Slides
Cybersecurity Incident Management PowerPoint Presentation SlidesSlideTeam
 
Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptxAmineRached2
 
Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowSkycure
 
Cyber security Information security
Cyber security Information securityCyber security Information security
Cyber security Information securityAYESHA JAVED
 
Man in the middle attack .pptx
Man in the middle attack .pptxMan in the middle attack .pptx
Man in the middle attack .pptxPradeepKumar728006
 
Presentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & controlPresentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & controlDominic Sroda Korkoryi
 
Research paper on cyber security.
Research paper on cyber security.Research paper on cyber security.
Research paper on cyber security.Hussain777
 

Was ist angesagt? (20)

Cyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorCyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial Sector
 
Types of attacks in cyber security
Types of attacks in cyber securityTypes of attacks in cyber security
Types of attacks in cyber security
 
Wells Fargo Account scandal Case
Wells Fargo Account scandal CaseWells Fargo Account scandal Case
Wells Fargo Account scandal Case
 
IMT 552-JPMorgan Chase & Co. Risk Assessment v05
IMT 552-JPMorgan Chase & Co. Risk Assessment v05IMT 552-JPMorgan Chase & Co. Risk Assessment v05
IMT 552-JPMorgan Chase & Co. Risk Assessment v05
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Cybersecurity Incident Management PowerPoint Presentation Slides
Cybersecurity Incident Management PowerPoint Presentation SlidesCybersecurity Incident Management PowerPoint Presentation Slides
Cybersecurity Incident Management PowerPoint Presentation Slides
 
Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptx
 
Ransomware
RansomwareRansomware
Ransomware
 
Pegasus, A spyware
Pegasus, A spywarePegasus, A spyware
Pegasus, A spyware
 
Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to Know
 
Cyber security Information security
Cyber security Information securityCyber security Information security
Cyber security Information security
 
Man in the middle attack .pptx
Man in the middle attack .pptxMan in the middle attack .pptx
Man in the middle attack .pptx
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: Wannacry
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
 
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNINGBUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking Sector
 
Presentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & controlPresentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & control
 
Research paper on cyber security.
Research paper on cyber security.Research paper on cyber security.
Research paper on cyber security.
 

Andere mochten auch

J.P Morgan Chase & Company Case study
J.P Morgan Chase & Company Case studyJ.P Morgan Chase & Company Case study
J.P Morgan Chase & Company Case studyAnnapurna Sinha
 
J. p morgan project PPT
J. p morgan project PPTJ. p morgan project PPT
J. p morgan project PPTVijay Mehta
 
JP Morgan & Chase: IT Strategy and Key Success factors
JP Morgan & Chase: IT Strategy and Key Success factorsJP Morgan & Chase: IT Strategy and Key Success factors
JP Morgan & Chase: IT Strategy and Key Success factorsAbhiJeet Singh
 
JPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportJPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportDivya Kothari
 
Jp Morgan Case Study Final
Jp Morgan Case Study FinalJp Morgan Case Study Final
Jp Morgan Case Study FinalBERHMANI Samuel
 
JP Morgan & Chase - OneBench IS Case
JP Morgan & Chase - OneBench IS CaseJP Morgan & Chase - OneBench IS Case
JP Morgan & Chase - OneBench IS CaseTiziano Tassi
 
Powerpoint Risk Assessment
Powerpoint Risk AssessmentPowerpoint Risk Assessment
Powerpoint Risk AssessmentSteve Bishop
 
Insider Trading and the 08 Economic Crisis
Insider Trading and the 08 Economic CrisisInsider Trading and the 08 Economic Crisis
Insider Trading and the 08 Economic CrisisTerry Coulon
 
Case Study: Social Media Marketing Strategy @ JPMorgan Chase – Customer Servi...
Case Study: Social Media Marketing Strategy @ JPMorgan Chase – Customer Servi...Case Study: Social Media Marketing Strategy @ JPMorgan Chase – Customer Servi...
Case Study: Social Media Marketing Strategy @ JPMorgan Chase – Customer Servi...Rajesh Prabhakar
 
EVERFI Webinar: The latest supreme court rulings on insider trading
EVERFI Webinar: The latest supreme court rulings on insider tradingEVERFI Webinar: The latest supreme court rulings on insider trading
EVERFI Webinar: The latest supreme court rulings on insider tradingMichele Collu
 
Creation of Credit Default Swap Market as Niche Construction (Russian)
Creation of Credit Default Swap Market as Niche Construction (Russian)Creation of Credit Default Swap Market as Niche Construction (Russian)
Creation of Credit Default Swap Market as Niche Construction (Russian)Pavel Luksha
 
JPMorgan Chase Change Initiative
JPMorgan Chase Change InitiativeJPMorgan Chase Change Initiative
JPMorgan Chase Change InitiativeAli Akbar Sahiwala
 
Social Media Strategy for Retention and Sales
Social Media Strategy for Retention and SalesSocial Media Strategy for Retention and Sales
Social Media Strategy for Retention and SalesWebLink International
 
Example security risk assessment tool july 2010
Example security risk assessment tool july 2010Example security risk assessment tool july 2010
Example security risk assessment tool july 2010WarrenGreen
 
About Jp Morgan Chase
About Jp Morgan ChaseAbout Jp Morgan Chase
About Jp Morgan ChaseHantulga G
 

Andere mochten auch (20)

J.P Morgan Chase & Company Case study
J.P Morgan Chase & Company Case studyJ.P Morgan Chase & Company Case study
J.P Morgan Chase & Company Case study
 
J. p morgan project PPT
J. p morgan project PPTJ. p morgan project PPT
J. p morgan project PPT
 
JP Morgan & Chase: IT Strategy and Key Success factors
JP Morgan & Chase: IT Strategy and Key Success factorsJP Morgan & Chase: IT Strategy and Key Success factors
JP Morgan & Chase: IT Strategy and Key Success factors
 
Jp morgan final ppt
Jp morgan final pptJp morgan final ppt
Jp morgan final ppt
 
JPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportJPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment Report
 
Jp Morgan Case Study Final
Jp Morgan Case Study FinalJp Morgan Case Study Final
Jp Morgan Case Study Final
 
Jp morgan chase
Jp morgan chaseJp morgan chase
Jp morgan chase
 
JP Morgan & Chase - OneBench IS Case
JP Morgan & Chase - OneBench IS CaseJP Morgan & Chase - OneBench IS Case
JP Morgan & Chase - OneBench IS Case
 
Powerpoint Risk Assessment
Powerpoint Risk AssessmentPowerpoint Risk Assessment
Powerpoint Risk Assessment
 
Jp morgan sit
Jp morgan sitJp morgan sit
Jp morgan sit
 
Insider Trading and the 08 Economic Crisis
Insider Trading and the 08 Economic CrisisInsider Trading and the 08 Economic Crisis
Insider Trading and the 08 Economic Crisis
 
Case Study: Social Media Marketing Strategy @ JPMorgan Chase – Customer Servi...
Case Study: Social Media Marketing Strategy @ JPMorgan Chase – Customer Servi...Case Study: Social Media Marketing Strategy @ JPMorgan Chase – Customer Servi...
Case Study: Social Media Marketing Strategy @ JPMorgan Chase – Customer Servi...
 
Viewcontent
ViewcontentViewcontent
Viewcontent
 
Jpmorgan chase
Jpmorgan chaseJpmorgan chase
Jpmorgan chase
 
EVERFI Webinar: The latest supreme court rulings on insider trading
EVERFI Webinar: The latest supreme court rulings on insider tradingEVERFI Webinar: The latest supreme court rulings on insider trading
EVERFI Webinar: The latest supreme court rulings on insider trading
 
Creation of Credit Default Swap Market as Niche Construction (Russian)
Creation of Credit Default Swap Market as Niche Construction (Russian)Creation of Credit Default Swap Market as Niche Construction (Russian)
Creation of Credit Default Swap Market as Niche Construction (Russian)
 
JPMorgan Chase Change Initiative
JPMorgan Chase Change InitiativeJPMorgan Chase Change Initiative
JPMorgan Chase Change Initiative
 
Social Media Strategy for Retention and Sales
Social Media Strategy for Retention and SalesSocial Media Strategy for Retention and Sales
Social Media Strategy for Retention and Sales
 
Example security risk assessment tool july 2010
Example security risk assessment tool july 2010Example security risk assessment tool july 2010
Example security risk assessment tool july 2010
 
About Jp Morgan Chase
About Jp Morgan ChaseAbout Jp Morgan Chase
About Jp Morgan Chase
 

Ähnlich wie Case study on JP Morgan Chase & Co

Ransomware (1).pdf
Ransomware (1).pdfRansomware (1).pdf
Ransomware (1).pdfHiYeti1
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationMaaz Ahmed Shaikh
 
Cybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & ImportanceCybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & Importancemanoharparakh
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Research a case that has been in the news in the last few years where.docx
Research a case that has been in the news in the last few years where.docxResearch a case that has been in the news in the last few years where.docx
Research a case that has been in the news in the last few years where.docxmtruman1
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
targeted-data-breach-bulletin-sept
targeted-data-breach-bulletin-septtargeted-data-breach-bulletin-sept
targeted-data-breach-bulletin-sept*****Dominic A Ienco
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalShallu Behar-Sheehan FCIM
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudGGV Capital
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxarnoldmeredith47041
 
Owasp e crime-london-2012-final
Owasp e crime-london-2012-finalOwasp e crime-london-2012-final
Owasp e crime-london-2012-finalMarco Morana
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013- Mark - Fullbright
 
Tackling the maze ransomware attack with security testing
Tackling the maze ransomware attack with security testingTackling the maze ransomware attack with security testing
Tackling the maze ransomware attack with security testingCigniti Technologies Ltd
 
Journal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993ConJournal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993Conkarenahmanny4c
 

Ähnlich wie Case study on JP Morgan Chase & Co (20)

Ransomware (1).pdf
Ransomware (1).pdfRansomware (1).pdf
Ransomware (1).pdf
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and Mitigation
 
Cybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & ImportanceCybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & Importance
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
Research a case that has been in the news in the last few years where.docx
Research a case that has been in the news in the last few years where.docxResearch a case that has been in the news in the last few years where.docx
Research a case that has been in the news in the last few years where.docx
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 
targeted-data-breach-bulletin-sept
targeted-data-breach-bulletin-septtargeted-data-breach-bulletin-sept
targeted-data-breach-bulletin-sept
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker Final
 
Retail
Retail Retail
Retail
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
 
Owasp e crime-london-2012-final
Owasp e crime-london-2012-finalOwasp e crime-london-2012-final
Owasp e crime-london-2012-final
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
 
Tackling the maze ransomware attack with security testing
Tackling the maze ransomware attack with security testingTackling the maze ransomware attack with security testing
Tackling the maze ransomware attack with security testing
 
C018131821
C018131821C018131821
C018131821
 
Journal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993ConJournal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993Con
 

Kürzlich hochgeladen

Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noidadlhescort
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...lizamodels9
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptxnandhinijagan9867
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...rajveerescorts2022
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...amitlee9823
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...amitlee9823
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 

Kürzlich hochgeladen (20)

Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 

Case study on JP Morgan Chase & Co

  • 1. Case Study: Information Security Risk Analysis on the Cyberattack on J.P. Morgan Chase & Co. Written by: Badejo, Victor Oluwajuwon 14th February, 2016
  • 2. Abstract In whatis consideredbymanytobe one of the biggestbreachesinhistory, the cyberattackonJPMorgan Chase & Co in July2014, has leftmanywithquestionsaboutthe overall securityof our cyberspace. The attack was made publicinSeptember2014 but was discoveredbythe bank'ssecurityteaminlate July 2014, andwas not completelyhalteduntil the middle of August. Thiscase studyshowsinitsanalysis that over76 Millioncustomeraccounts were exposed whendedicatedcriminals exploitedvulnerabilities at the Workstation,LAN aswell asRemote accessdomainsof the company’sITinfrastructure.Failure to turn on twofactor authenticationonaserver,the hackers eventuallygained high-leveladministrative privilegesintothe bank.Over90 of the bank’sserverswere affected. Giventhe level of sophisticationof the attack, it isbelieved thatthe attack was plannedformonthsandmay have involvedsome coordinationorassistance froma foreigngovernment. Furtheranalysiswere able tohelp narrow downthe breachto thatof confidentiality.It laterbreaks downthe attack intothreat,vulnerabilityandthreataction.It proposesmitigationtechniques likemore hardeningof networksystemstoavoidre occurrence.Italsoprovides countermeasureslikesecurity freeze, todeal withthe riskthatoccurred andto handle future threatsresultingfromthe cyberattack. The data breach at J.P.Morgan Chase is yetanotherexample of how ourmostsensitivepersonal informationisindanger. Key Terms Confidentiality,cyberattack, workstationdomain,LAN domain, remoteaccessdomain, spearphishing, boilerplate advice,twofactorauthentication.
  • 3. 1. Introduction J.P.Morgan Chase & Co. is one of the world'sbiggestbanksthatcontrolstotal assetsworthmore than $2.59 Trillion. The Companyisengagedininvestmentbanking,financialservicesforconsumerswith small businesses,commercial banking,financialtransactionprocessingandassetmanagement.J.P. Morgan Chase'sactivitiesare organizedintofourbusinesssegments.The Company'sConsumer& CommunityBankingsegment,The Corporate &InvestmentBank,The Commercial Banking(CB) andThe AssetManagementsegment. (The NewYorkTimesCompany,2008).It is alsothe world’ssixthlargest bankin termsof total assets.A bankwithsuch a record woulddefinitelybe aprime targetfor cybercriminals.Byspendingmillionsannuallyonsecurity,the bankhasmaintainedahighlevel of performance overthe years. In July2014, the largestbank inthe UnitedStatesfell victimof awell-plannedcyberattack. The hackers compromisedthe accountsof 76 millionhouseholdsand7millionsmall businesses.“Names,addresses, phone numbersandemail addressesof the holdersandsmall businessaccounts,83in total, were exposedwhencomputersystemsatJ.P.Morgan Chase & Co were compromisedbyhackers,makingit one of the biggestdatabreachesinhistory”(Agrawal,2014).IntrusionwhichbeganinJune andwasn’t discovered until Julygoestoshow the depthof the breach. “By the time the bank’ssecurityteam discoveredthe breachinlate July,hackershadalreadyobtainedthe highestlevel of administrative privilegetodozensof the bank’scomputerservers.”(Silver-Greenberg,2014).The fact that ittook authoritiessuchatime to detectthe attack showshow vulnerableJ.P.Morganandother financial institutionsare tocybercrime.
  • 4. 2. Analysis The cyberattack onJ.P. Morgan exposednew levelsof vulnerabilitiestofinancial institutions.Previous breachesat bankshad involvedtheftof personal identificationnumbersforATMaccounts,not burrowingdeepintothe internal workingsof bank’scomputersystems.(Silver-Greenberg,2014).Prior to the attack, financial institutionswere considered safe because of theirinvestmentsinmitigating online threatsaswell asintrainingsecuritystaff.Thismade itdifficulttodetectthe breach,asit exploitedvulnerabilitiesthe companyhadprobablyconsideredasresidual risk. The hackers were able toobtaina listof applicationsandprogramsthatran onthe bank’scomputers and createda road map usingvulnerabilitiesintheseprogramsandapplications,asan entrypointinto the bank’ssystems.The cybercriminalsgainedhighlevelaccessintothe company’ssystems, butthe bankwas able to detectand stop the hackersbefore theycouldsiphoncustomeraccounts. 2.1 AddressingCIA Confidentiality Clearly,the cyberattackonJ.P. Morgan Chase & Co,was a breachof confidentiality. “The hackerswere able to reviewinformationaboutamillioncustomeraccountsandgain accessto a listof the software applicationsinstalledonthe bank’scomputers”.(Goldstein,2014).The goal of confidentialityisto ensure the protectionof private and/orpersonal information, J.P.MorganChase &Co. clearlyfailedto protectthe informationof itscustomers. Althoughitmightbe difficulttofindeverylastvulnerabilities,below isbreakdownof the attackinto threat,vulnerabilityand threataction. Threat Vulnerability Threat Action (WorkstationDomain) (Unintentional Threats)  Uninformed Employees(lacking propersecurity training)  SessionHijackingasa resultof Improper securitymeasures  outdatedpatchingof programsand applications  Malware installationdueto outdatedantivirus  Undetectedand unauthorizedaccessto programsand applications that interactwithservers on the network through the workstation (LAN Domain) (IntentionalThreats)  Hackers  Failure toupgrade one of itsnetworkservers  Two factor authenticationswitched off on a server  NewPatchesnotapplied  Accessto insecure server throughwhichfurther confidentialinformation was retrieved  Names,Addresses,Phone numbersand e-mail addressesof 83 million account holdershadbeen exposed
  • 5.  The possibilitythatcrooks mightbe able to produce more convincingphishing attacks usingthe stolen information. (Remote AccessDomain) (IntentionalThreats)  Hackers  Failure tocheck login passwordsforcase sensitivityonwebsite  Remote accessto the company’swebsite by unauthorizeduserswhoin turn stole valuable information. 2.2 Addressingthe Typical IT Infrastructure Domains. 2.2.1 WorkstationDomain The hackers were able toexploitthe vulnerabilitiesatthe workstationdomainandeventuallygained access to programsand applicationsinstalledonJ.P.Morgan’ssystems.Thisthreatactioncouldhave beenpossiblethroughsessionhijackingof aninactive user.Once the hackerswere able togetaccessto the listof programs and applicationsrunningonthe systems,theythencrosscheckedtheseprograms for furthervulnerabilitiesi.e.securityweaknesses. Itcouldhave alsobeenasa resultof an outdated anti-viruswhichpermittedamalware tobe installedonthe system.The malware’sfunctioncouldhave beentoread and recordprogramsand applicationsrunninginthe system.Thisthenbecameanentry pointintothe company’sservers. 2.2.2 LAN Domain. The hackers thencontinuedtheirexploitof the networkatthe LAN domain as a resultof vulnerabilities presentthere aswell aftergaininginitial accessthroughthe workstationdomain. “Hackersbroke into J.P.Morgan's networkthrougha giantsecurityhole leftopen byafailure toswitchontwo-factor authenticationonanoverlookedserver.Failedtoupgrade one of itsnetworkservers,meantthataccess was possible withoutknowingacombinationof apassword and the value of a one-time code.The workingtheoryisthathackersusedcompromisedaccesstothe insecure serverasa launchpad for attacks againstmore sensitivesystems.”(Leyden,2014) At thispoint, the hackersalreadyhada strong footholdwithaccesstologincredentials,highlevel passwords,aswell asthe listof all programsand applications.The attackcouldtherefore be continued remotelyanditwasonlya matter of time before the hackerswere able tobreak into90 serversinthe company,therebygainingaccesstomillionsof customerdetails. 2.2.3 Remote Access Domain. The website fora corporate challenge organizedbythe bank,whichwas managedbya thirdparty was attackedas well. “Followingthe bank’sinvestigation,itwasdiscoveredthatthe hackershad compromisedsome user’s loginandpassworddetailstothe website. Afterthe Corporate Challenge attack, J.P.Morgan senta letterto some website userssayingthatithad discoveredthathackershad compromisedlogincredentialsandpasswords.Butthe bankdoesnotbelieve thatthe websiteattack
  • 6. was the entrypointforthe broader intrusionintoJ.P.Morgan’snetwork.”(The New YorkTimes Company,2008) The remote accessdomainwas exploitedasaresultof userswhologgedinintothe company’swebsite fromvariouslocationsfora corporate challenge organizedbythe bank.Although,the claimbythe bank mightbe true,it alsopointsto the fact that vulnerabilitiesinthe site wasexploitedbyhackerswho used remote accessas an entrypointto the bank’ssystems.The levelof penetrationiswhatisleftunknown. Some userscomplainedinthe commentsectionof the New YorkTimespublicationthat,the website was notcase sensitiveinreceivingpasswords. Accordingtoa particularwoman,“There isan ongoing securityissue where the application (website)isnotcheckingthe loginpasswordsforcase sensitivity.I am able to logintomy account irrespective of whetherI enteruppercase or lowercase alphabets. This isa majorsecurityriskandchase doesn'tseemtohave beenbotheredaboutit.Ihave openedaticket withcustomerservice buthaven'theardbackfrom them.” 2.3 MitigationTechniques The vulnerabilities thatwere exploitedcanbe categorized intotwomaingroups.  Disclosure:A situationwhereby unauthorizedusers gainaccesstoinformationorinformation systems.  Interception:A situationwherebyunauthorizeduserscopyinformationfromserversoron networks. The bank couldhave avoidedthe attackif it had considered the following: i. Employee awareness:More attentionshouldbe giventothe trainingof staff astheyare more susceptible toreveal personal informationwithoutrealizingit.Regularpractice based testswouldensure employeesare uptodate withthe vulnerabilitiesassociatedwiththeir jobs.The hackersmost likelygotthe listof all programsrunningonthe bank’ssystems throughan employee’sworkcomputer. Betteremployee awarenesscouldhave prevented disclosure. ii. Hardeningnetworkoperatingsystemsandnetworkdevices:If properpatcheswere applied regularly,the level of accessof the attackerscouldhave beenreduce andthe bank would have avoidedthe breachof itsservers.Failure toswitchontwofactor authentication shouldn’tbe happeningatsucha large organization.Thisultimatelycouldhave prevented Interception. 2.3.1 Countermeasures The analysisclearlyshowsthatthe banksufferedaconfidentialitybreach.The bestwaytomitigate such a losswouldbe to lookintopossible furtherthreatsthatcouldoccur withthe informationgathered.We wouldtherefore lookattwomain ways to reduce the impactof the loss. i. SecurityFreeze ii. BoilerPlate Advice
  • 7. Security Freeze:“A CreditFreeze,alsoknownasaSecurityFreeze, isawayfor youto have maximum control of accessto your credit.A more dramatic stepto protectyourcredit.”(TransUnion,2016). A Securityfreeze wouldbe agoodcountermeasure forcustomersof J.P.Morganaftersuch a hack on the company. Securityfreezesare basically designedtopreventacreditreportingcompanyfromreleasing your creditreportwithoutyourconsent. While itinterfereswiththe timelyapprovalof anysubsequent requestorapplicationyoumake regardinganew loan,credit,mortgage,governmentservicesor payments, utilities orotherservices,iteliminatesanymonetarylossof the customer’smoneyduring thisperiod. (SecurityFreeze) BoilerPlate Advice:Afterthe hack,J.P.Morgan advisedcustomersonitswebsitethatitdoesnot believetheyneedtochange theirpasswordsoraccount information.Thisseemslike awrongdecision. A template thatstatesthe waysof protectingthemselvesfromphishingattacks shouldbe distributedto customers.“Regularlymonitorall of youraccounts;read everytransactiononyourcreditstatement everymonth;andcheck eachof yourthree creditreportsregularly,whichyouare allowedtodofree at leastonce a year.” (Bernard,2014) 3. Conclusion What the hackersare planningto do withthe data fromJ.P. Morgan remainsunknown.The biggestrisk isthat they will tryto extractmore sensitive informationfromaffectedconsumers. “Itispossible that the thievescouldsell the J.P.Morgandatato others,whocouldthencombine itwithpubliclyavailable information,foundthroughcensusdataor social media”,saidPamDixon,executive director atthe WorldPrivacyForum.What thismeansis thatalthoughthe hack has beendetectedandstopped, customersof J.P.Morgan are still likely tobe victimsof spearphishing. 3.1 SilverLining Despite the factthat over76 millionaccountswere affectedbythe hack,there are still some positivesto note. A good pointto note,isthe fact that no monetarylosswasincurredbythe customersaffected. Although,the factthat nomoneywastakendidnot necessarilymeanitwasa case of state-sponsored espionage, itcouldmeanhackerswere able toaccess a call logof whoto victimize, butwere detected and couldn’tsiphoncustomeraccounts.A logof whoto victimize wasstolen,butthatitself isnot enoughtosteal someone’sidentity. AccordingtoKristinLemkau,aJ.P.Morgan spokeswoman.“We are confidentwe have closedanyknownaccesspointsandpreventedany future accessinthe same way” (Goldstein,2014).Ms. Lemkauaddedthat the bankhad “not seenanyunusual fraudactivity”since the intrusionwasdiscoveredandsaidthatthere was“no evidence thattheyhave takenanyproprietary software”orhad a “blueprint”of the bank’scomputernetwork"(Goldstein,2014). Goldstein,2014, asksa goodquestion,“Have some othertrapdoorsbeenleftoverthatcan be accessed?”The claimisthat there isno evidence of breachof closelyguardedinformation.Absence of evidence howeverdoesnotconstitute evidence of absence. AccordingtoBruce Schneier, “Securityis out of your control,the onlythingyoucan do isagitate for lawsaboutregulatingthird-partyuse of your data and howthey store it,use it and collectit”(Bernard,2014)
  • 8. References Bernard,T. S. (2014, October3). Waysto ProtectYourself After theJPMorgan Hacking. Retrievedfrom The NewYork TimesCompany:http://www.nytimes.com/2014/10/04/your-money/jpmorgan- chase-hack-ways-to-protect-yourself.html?ref=dealbook Goldstein,N.P.(2014, September12). AfterBreach,JPMorgan Still Seeksto DetermineExtent of Attack. RetrievedfromThe NewYorkTimesCompany: http://www.nytimes.com/2014/09/13/technology/after-breach-jpmorgan-still-seeks-to- determine-extent-of-attack.html?ref=dealbook&_r=0 Leyden,J.(2014, December23). JPMorgan Chasemega-hackwasa simpletwo-factorauth fail. RetrievedfromThe Register: http://www.theregister.co.uk/2014/12/23/jpmorgan_breach_probe_latest/ SecurityFreeze. (n.d.).Retrievedfromhttp://www.experian.com/consumer/security_freeze.html Silver-Greenberg,M.G. (2014, October2). Dealbook.nytimes.com. Retrievedfromnytimes.com: http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security- issues/?_php=true&_type=blogs&_r=1 Sousa,L. D. (2016, January 26). RiskManagementFundamentals.Vancouver,BritishColumbia,Canada. Tanya Agrawal,D.H. (2014, October2). ThomsomReuters. RetrievedfromThomsomReuters: http://www.reuters.com/article/us-jpmorgan-cybersecurity-idUSKCN0HR23T20141003 The NewYork TimesCompany.(2008). The New York Times Company. Retrievedfromnytimes.com: http://topics.nytimes.com/top/news/business/companies/morgan_j_p_chase_and_company/in dex.html TransUnion.(2016). Credit Freeze. RetrievedfromTransUnionLLC: https://www.transunion.com/credit- freeze/place-credit-freeze Wikipedia.(2015,December8). Wikipedia.RetrievedfromWikipedia: https://en.wikipedia.org/wiki/2014_JPMorgan_Chase_data_breach