Identity Access Management: Lessons From JPMorgan’s Insider Breaches

Another former JPMorgan Chase & Co. (JPMC) employee was recently arrested by the FBI on charges of stealing customer data and trying to sell it to an undercover informant for tens of thousands of dollars.
    
Similar incidents have occurred multiple times at JPMC over the past few years. Upon closer inspection a common thread emerges from each of these incidents, JPMC’s inability to account for insider threats.  

Look For Clues

JPMC wants to trust their employees and they want them to perform their jobs with the utmost integrity. Regardless of industry, every organization must grant some employees access to its most sensitive data – such as intellectual property or information that customer’s expect will remain confidential. These include systems administrators with privileged access rights, or account representatives with access to customer data.

Monitor Identities

It’s well documented that JPMC spends over $250M a year on the cybersecurity personnel, tools and services to protect their digital assets. So while JPMC’s IT perimeter may be hardened (but not impenetrable, see 2014 mega breach), insiders must have access to privileged information to do their jobs. Hardening an organization’s external perimeter poses is a very different set of challenges than hardening the internal network. Primarily because internal networks can be configured in countless ways, with endless combinations of who has access to what systems, applications and data.

Given these challenges, the most reliable way to keep track of what insiders are doing and their movements inside the network, is to manage identities and maintain visibility into their activities.

Follow The Threat Crumbs

Containing the damage, once insiders have stolen confidential company or customer information, is extremely difficult, if not impossible. Insider threats, whether in the form of malicious employees abusing their access credentials, or simple negligence, must be detected and rooted out as quickly as possible. Monitoring activity inside the network using identities provides organizations the opportunity to discover anomalous behavior early in the kill chain.

To be successful, this approach requires a robust and well-managed identity and access management (IAM) system (disclosure: I work for a User and Entity Behavior Analytics vendor). Next, actions and behaviors of each identity must be monitored using the following contextual filters:

Who - what is user or entity’s role or the role they are emulating?
What - are they looking to access?
Where - what location are they accessing systems/data from, and what is the location are they accessing?
When - what time of day, what date, what week, month, etc.?
How – what means or technology are they using to access the network -- company-issued or personal device, public kiosk, 

Using this contextual knowledge, controlling access to information can be managed via rules-based risk scoring. This intelligence can also be used for predictive risk analysis of insiders’ behavior to detect trends and activity that require further investigation.

The JPMC breaches serve as a valuable reminder that identity-based data sources and metrics must be integrated into the threat management cycle of monitoring, detecting, analyzing and responding.

Computerworld

 

 

« Disclosure: Internet companies Face UK Tax Crackdown
Google Gives Customers Control of Encryption Keys »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA) is a non-profit organization dedicated to leading a diversified research agenda in the field of cyber conflict.

Reed Smith LLP

Reed Smith LLP

Reed Smith LLP is an international law firm with offices in the USA, Europe, Middle East and Asia. Practice areas include Information Technology, Privacy & Data Security.

Cleo

Cleo

Cleo is a leader in secure information integration, enabling both ease and excellence in business data movement and orchestration.

Kenna Security

Kenna Security

Kenna Security is a risk intelligence & vulnerability management platform that helps prioritize and remediate vulnerabilities.

Cymulate

Cymulate

Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time.

Intrasoft International

Intrasoft International

Intrasoft International is a leading European IT Solutions and Services Group offering a full range of IT services including Information Security.

VietSunshine

VietSunshine

VietSunshine is a leading provider of network security infrastructure and solutions in Vietnam.

Moxa

Moxa

Moxa is a leading provider of industrial networking, computing, and automation solutions for enabling the Industrial Internet of Things.

Novastor

Novastor

NovaStor® is an award-winning, international data backup and recovery software company with solutions supporting physical, virtual and cloud environments.

Ensurity Technologies

Ensurity Technologies

Ensurity is a deep-tech cybersecurity engineering company; designs and manufactures specialized secure hardware, software, and mobile application solutions.

WiSecure Technologies

WiSecure Technologies

WiSecure Technologies aims to develop cryptographic products meeting requirements in the new economic era.

White Cloud Security

White Cloud Security

White Cloud is a cloud-based Application Trust-Listing security service that prevents unauthorized programs from running on your computers.

Red Goat Cyber Security

Red Goat Cyber Security

Red Goat Cyber Security have created excellent, informative and interactive Social Engineering Awareness training which is suitable for all levels of staff.

Lucidum

Lucidum

The Lucidum platform helps you assess risk and mitigate vulnerabilities by finding and correlating data from your security tech stack.

Tech Seven Partners

Tech Seven Partners

At TechSeven Partners, we provide a full suite of cyber security solutions for your business including network monitoring, onsite and cloud backup solutions, HIPAA or PCI compliance.

CloudScale365

CloudScale365

CloudScale365 offers state-of-the-art managed IT services and cloud, hosting, security, and business continuity solutions.

IDVerse

IDVerse

IDVerse is focused on making user verification effortless through technology. We build intelligent tools that protect users from identity fraud while enabling a seamless user experience.