Policy Framework For Data Breaches

How the problem occurred

Discuss about the Policy Framework for Data Breaches.

The “security breach”, also known as the “security violation” refers to an incident in the information technology area. It takes place when an application or a person intrudes into the logical IT periphery which is private, unauthorized and confidential (Walters, 2014).

A research has been carried out regarding the incident of “security firms got knocked around” in Russia. It took place from September to December on 2015. The following report focuses about the problem, the way it occurred and the reasons behind it on the basis if the research.

The security breach results in the unauthorized ingress of networks, devices, services, applications and data by bypassing through the underpinning security mechanisms. On the month of October, the Russian security from the “Kaspersky lab” claimed that their network is breached. They have already created popular line software on antivirus and they meant that the hackers were none other than the agents working for the state.  Eugene, the CEO acclaimed that the breach occurred using zero-day and series of advanced attacks. This was done to gather data about the latest services and technology of the company (Stanwick & Stanwick, 2014).  This has been one of the early platforms of attack on security by any malicious trespasser. The intruder could have been any cracker, hacker or any nefarious application. The security procedures and policies were violated. It could be anything varying from the low to high critical risks.

Many professionals in the “cyber security department” coined the year 2014 as the “year of breach”. Then, the year of 2015 was seen as the “year of the breach 2.0” as the attackers were following bigger prey. This included the significant government agencies like the attack on the Kasperkey Lab (Johnson, 2015). However, there have been two silver linings on the case. Firstly, the Lab declared that the invasion were determined before any impactful harm was done. The customers were also secured while the incursion has been going on (Leon, 2015). Secondly, the job became easier as the attack was done over a company that has been specialized in founding new attacking techniques. This factor was the most important.

Hence attacking on this company was not a good approach. The attackers has lost their expensive and advanced technological framework developed with lots of penance through many years. Moreover, several technologies have been already accessible under the licensing agreements on which the attackers have tried to keep surveillance (McDougal, 2015). Further, the latest vectors of attack utilized were included already in the monitoring software of the firm.

Reason behind the attack

It has been not clear who undertook the breach. A couple of “zero-day” exploits of Flash were sitting in the open waiting for the active days when the data should be popped out. The hackers appeared to be the same team that was created by Duqu. It was a spyware that was discovered on 2011. As exposed by Kasperkey, the handiwork of the team popped up with two sophisticated instruments. They were the “Flame surveillance platform” massive in nature infecting thousands of people for five years (Haukkala, 2015). Another one was the Gauss attack mysteries in nature contain a payload locked with security and was not deciphered yet. Malware has been spread by using the “Microsoft Software Installer” files. These files have been generally used by the employees of the information technology in order to install programming into remote computers. The cost of the “zero-day” exploits was assumed to be very high.

The attackers turned entrenched within their network for some years. Their purpose had been to siphon the intelligence regarding the attacks on nation states that the company was investing. It was like a situation here the observers have been observing the observers who have been observing them. They also desired to study the working mechanisms of “Kaspersky’s detection software” (Jacobson, 2015). In this manner they wished to be able to devise methods for not getting caught.

Kaspersky was successful in determining them while going a test of a latest product. That has been developed to unveil the exact types of attack the attackers have launched. The only approach that has been ethical from such discoveries of exploitation has been to disclose them. The disclosure was to be done to the software authors. In the present case the software author was the “Adobe Systems Inc” (Bradshaw, 2015).

Breaches have been still hogging much portions of the spotlight. In spite of this, instead being controlled by the events hitting huge retail customers, its effect has been different. It put its impact on the tech giants, public sectors. It further affected the individuals and firms who have trusted the online security of Kaspersky. This made the year of 2015 the extremely roughest year. The spying over the cyber-security firms has been a very risky tendency and practice. The only way to secure the nations has been to fight the attacks openly by the security firms and agencies of law enforcement.

Possible solutions for the attack

All it started in June 2014 as one of employee’s computer of JPMorgan was hacked. It was been infected with a malware that stole some login credentials. The staff was connected remotely with the corporate network by VPN or “virtual private network. The hacker snatched the access to their internal network (Silver-Greenberg, Goldstein & Perlroth, 2014).

The following report explores the background of the problem. It determines who were affected and how it took place. It has further analyzed the way in which the hacking was carried out. Lastly, the solutions for prevention are assessed.

The hackers obtained details of programs and applications that have been running on the computers of the JP Morgan. They were kind of roadmaps for them. They crosschecked the lists with the known vulnerabilities within every web application and program. They were searching for the point of entry back to the system of the bank. This case of anonymity has been claimed by various people who have studied the outcomes of the forensic investigation on the bank (Lohrke, Frownfelter-Lohrke & Ketchen, 2016). The hackers have been operating through overseas. They achieved the entry to the details like names, phone numbers, emails and addresses of the account holders at JPMorgan. JP Morgan declared that there has been no clear proof that this information of accounts with passwords or any “social security” numbers were stolen. They further claimed that there was no evidence of fraud regarding the customer data (Lee, Maker & At, 2015).

A portion of the information stolen also involved internal information. These data has been identifying customers according to the credit card, mortgage and private banking. The bank would face further risks of hacking from the list of stolen applications and lists. These have been running on the computers of JP Morgan to analyze the vulnerabilities. The attackers have succeeded in hiding some of the tracks. This was because as they have deleted a large number of log files. Sources have been claiming that this was possible they also broke in the past (Ferrell, 2016). JP Morgan has been spending about two fifty million dollars on their security per year. It consisted of a thousand of staffs engaged in cyber security. This was six hundred more than that of Google. After the case, numerous security staffs of JP Morgan left to work at other banks. This indicated that the individuals who have experience and knowledge about the infrastructure network have been resigning (Corker, Silver-Greenberg & Sanger, 2014). This had made JP Morgan vulnerable to more information breaches.

The background of the problem

The cyber-attack comprised the accounts details of seventy six million families with some million small scale businesses. It has been a tally that minimized the past estimates by JP Morgan and put the access among the highest ever. The confidence of the consumers regarding corporate America’s digital operations got highly shaken. Retailers like the Home Depot and Target sustained significant data breaches. Forty million cardholders and seventy million of others have been compromised at the Target (Telang, 2015). Unlike them JP Morgan which has been the largest bank of the country has financial data within its computers going beyond details of credit cards of the customers. It potentially included much more sensitive information.

The attackers managed to go through the several levels of security. This was done by unleashing programs that were malicious. These were developed to break through the “J.P. Morgan’s” network. Then the attackers retrieved the highest layer of privileges successfully. They took control on about ninety and more servers by numerous “zero-day vulnerabilities”. In order to hide from detection, the information was stolen for several months slowly. There could be a case were the login credential stolen would become useless. This would happen if that was not for the server overlooked which failed to retrieve the “two factor authentication upgrade” (Peters, 2014).

The attacks could be minimized by deploying the HIPS or “Host-based Intrusion Prevention System”. It has the fighting capability to catch and stop the malwares. This is because its job has been to stop and identify both unknown and known attacks. It is the software that utilizes the system calls to perform behavior monitoring. It observes the correlation among the activities. It blocks the methods as it reaches to a top confidence level (Weise, 2014). Combining the functions of personal antivirus, IDS, behavioral analysis and firewall it prevents the malwares from doing any harm.

The human beings have been the weakest link always regarding security issues. This is because every people are not conscious about security. Thus they must be trained and educated properly dealing with the aspects of human. The “social engineering” is the field to manipulate and trick someone by providing data via exploitation of the human vulnerabilities. 

Some credits to the success of the attackers at JP Morgan could attribute to the malware infection at the computer of one of the employees. The usage of application “whitelisting” denies the malwares from installing of itself. It is the software allowing the application to work if they were not present in the application list.

Attacks could also be prevented by segregating and protecting the critical assets. It makes the network a compressed zone where everything could be visible. It is the strategy to protect the enclaves in depth. By using the “NAC” or the “Network Access Control” prevention of system could be done from access into trusted network. It is done before it has been checked and scanned (Weise, 2014).

Conclusion:

The occurrence of data breaches in large organizations like JP Morgan has been always undesirable. In addition to the exploring of human aspects enabling attackers to intrude the network various methods of implementation are discussed in the report. The basic protection, HIPS, application whitelisting and employee educations working collectively would catch and stop the malwares from intrusion in any network including the JP Morgan. The employees could also be made aware of “social engineering”. This may decrease the scopes of the credentials to be stolen.

References:

Bradshaw, S. (2015). Combating Cyber Threats: CSIRTs and Fostering International Cooperation on Cybersecurity.

Corkery, M., Silver-Greenberg, J., & Sanger, D. E. (2014). Obama Had Security Fears on JPMorgan Data Breach. The New York Times.

Ferrell, O. C. (2016). Broadening marketing’s contribution to data privacy. Journal of the Academy of Marketing Science, 1-4.

Haukkala, H. (2015). From cooperative to contested Europe? The conflict in Ukraine as a culmination of a long-term crisis in EU–Russia relations. Journal of Contemporary European Studies, 23(1), 25-40.

Jacobson, M. (2015). Vulnerable Progress: The Internet of Things, the Department of Defense and the Dangers of Networked Warfare.

Johnson, L., Adams Becker, S., Estrada, V., & Freeman, A. (2015). The NMC Horizon Report: 2015 Museum Edition. New Media Consortium. 6101 West Courtyard Drive Building One Suite 100, Austin, TX 78730.

Lee, J., Maker, J. M. S. L. D., & At, D. (2015). JP MORGAN. Wall Street Journal.

Leon, A. D. (2015). Impacts of Malicious Cyber Activities (Doctoral dissertation, Johns Hopkins University).

Lohrke, F. T., Frownfelter-Lohrke, C., & Ketchen, D. J. (2016). The role of information technology systems in the performance of mergers and acquisitions. Business Horizons, 59(1), 7-12.

McDougal, T. (2015). Establishing Russia's Responsibility for Cyber-Crime Based on Its Hacker Culture. Int'l L. & Mgmt. Rev., 11, 55.

Peters, R. M. (2014). So You've Been Notified, Now What: The Problem with Current Data-Breach Notification Laws. Ariz. L. Rev., 56, 1171.

Silver-Greenberg, J., Goldstein, M., & Perlroth, N. (2014). JPMorgan Chase Hack Affects 76 Million Households. New York Times, 2.

Stanwick, P. A., & Stanwick, S. D. (2014). A Security Breach at Target: A Different Type of Bulls Eye. International Journal of Business and Social Science, 5(12).

Telang, R. (2015). Policy Framework for Data Breaches. IEEE Security & Privacy, 13(1), 77-79.

Walters, R. (2014). Cyber attacks on US companies in 2014. Heritage Foundation Issue Brief, 4289.

Weise, E. (2014). JP Morgan reveals data breach affected 76 million households. USA TODAY.