Big Name Bank Hacks Highlight the Importance of Regular Testing and Effective Emergency Response
JPMorgan Chase & Co was one of the seven top-fifteen banks reported earlier this week to have recently suffered a cyber attack, which in their case allowed hackers to set up camp on their internal network for an extended stay without raising alarms, only to finally be discovered during routine security testing. Global Digital Forensics founder, Joe Caruso, discusses some of the lessons businesses should take from this perfect example of today’s realities in the world of cyber threats, and the difference regular testing and effective emergency response can make for businesses to survive a breach and its aftermath.
Hackers zero in on their white whales
When a prominent bank reveals a successful cyber attack, national headlines will quickly ensue, as happened on Wednesday, August 27th, when news began surfacing about the FBI probing into a successful attack on JPMorgan Chase & Co and at least one other bank. But when news gets out that the FBI is actually investigating attacks on seven prominent banks, everyone starts thinking about their own accounts and how they may be affected, and the buzz quickly goes viral. Bloomberg followed up on Friday with a more detailed exposé which provides the latest insight into the attacks. Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions, hopes businesses will take the lessons these attacks highlight to heart. “Many important lessons can be learned from attacks like these,” Caruso says, “from the reality of the power of APTs (Advanced Persistent Threats), to the need for regular testing to catch stealthy threats which may already be residing on your network, and the importance of having an effective emergency response in place to help identify and stop an attack when it happens and significantly diminish the costly aftermath and regulatory nightmares which tend to follow.”
There is No Such Thing as “Perfect” Cyber Security
“High profile entities, especially banks like JPMorgan, aren’t known for taking cyber security lightly, and committing a reported quarter billion dollars to the effort, I think, illustrates that fact very clearly,” said Caruso. “But it also drives home another fact; no organization, no matter how huge and powerful, is totally immune to the threat posed by hackers, regardless of how many resources are thrown at the problem. But on the other side of the coin, it also doesn’t take a fortune to significantly improve an organization’s cyber security posture to help them thwart the vast majority of the threats out there. We help clients do it every day. The key is understanding the client’s data needs, digital architecture and assets, and marrying them to a customized solution that’s actually doable, from both a financial and reality standpoint. A restaurant probably doesn’t have to worry too much about state-sponsored foreign hackers spending months or years devising a plan to break into their network, like all the fingers pointing towards Russia so far for these hacks, but they would have to worry about semi-sophisticated organized crime rings targeting them for the bounty of credit card numbers which could be had. But a bank with the size and reach to influence the global economy, they do have to be thinking about APTs 24/7 and plan everything accordingly, and that is fleshed out by our experience in dealing with clients from both ends of the spectrum. In the end though, it usually comes down to effective emergency response. That’s what usually proves to be the difference between those who survive and thrive after a successful attack, and those who don’t and won’t. That’s why we have a network of experienced responders positioned across the country and on call 24/7, and yes, even on holidays like Labor Day coming up on Monday. It allows us to have response times unrivaled in the industry, and many times we can even start the remediation process remotely. So all it takes is one call and we can get on top of it right away.”
Testing for Resident Threats Early and Often
“Another lesson which should be taken from the hack on JPMorgan is the fact that they finally spotted the attack during routine security testing of their internal systems. Which is a point I can’t stress enough,” says Caruso, “the more often you have professional testing and deep scanning done, the less time a stealthy intruder will have with your network to wreak havoc. With all their resources, policies and procedures, all devised by some of the brightest minds in the security industry, they still missed the payload when it first got planted. But that’s the unfair security paradigm we all have to face - security has millions of holes to plug, attackers only have to find one, and often it’s a zero-day attack, which is an as-of-yet-unknown exploit which can be leveraged for access. It could also have been something as simple a phishing or spear phishing email, or a USB stick someone found left on a bench somewhere and decided to plug into their work system to see what’s on it, only to deliver an attacker's malware payload and give them the access they were after all along when they left their malware laden bait on the bench in the first place. Our vulnerability assessments and penetration testing plans are designed to find those weak links, raise awareness against social engineering ploys hackers commonly rely on, and uncover any existing and/or resident threats and thoroughly eradicate them, all with an eye on the appropriate regulatory compliance issues many clients face in their industries. So whether it’s things like GLB (Graham Leach Bliley) compliance for the financial industry, to HIPPA (the Health Insurance Portability and Accountability Act) for healthcare providers, or PCI DSS (Payment Card Industry Data Security Standard) for retailers, if a client falls under any compliance regulation concerning PII (Personally Identifiable Information), we have plenty of experience helping clients navigate all the potential pitfalls and headaches."
Customized Cyber Security Solutions to Fit Any Organization
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.