Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Just what is Chase doing for those millions of customers whose data was compromised ? (and an uncomfortable silence ensues).
I think I will just keep asking until I get an answer.
"...The JPMorgan hackers were able to access more than 90 of the bank's servers, but were detected before they got to sensitive customer financial information."
Chase really expects the public to believe this ? Of course they do - they are Chase after all. This is literally amazing, I believe the word is ludicrous.
"....the big hole that led attackers to the data was the lack of two-factor authentication of one of the bank's network servers."
What can you say about this ? Seriously two-factor authentication ?! This is simply blantant carelessness by admins and the Bank itself. I am not about to let Chase off the hook for this in it's entirety, but looking at it from a micro-level it is clear ( to me at least) that someone was asleep at the wheel. Taking their job for granted maybe ?
Whatever the case, it does not speak well of Chase ( I am not sure anything could actually) nor does it speak well of their IT department.
I wonder if this is the same (IT) group that handles high frequency trading and the rest ? If not get them on this issue - they have a proven track record of success.
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
User Rank: Ninja
12/27/2014 | 8:56:32 PM
"... Some of these attacks are exaggerated by news channels and social media."
@Dr, T I agree. A lot of these attacks are misunderstood banter on the Net. But what really annoys me is that Chase apparently sat on this information for a long time. Considering they should have released this news as soon as they were aware. Enough with how the public is going to perceive you.
I for one already know Chase is using "smoke and mirrors" when it comes to security. They are doing no more than is required by law, and that apparently isn't enough.
So why did it take them so long to release this information ? Only the nieve amongst us really believes Chase or any Net facing business is ever safe from a breech.
If Chase thinks we the public would think less of them because of this, well it has long since been too late for that.