Lessons from the JPMorgan breach
The evolution of the recent JPMorgan Chase & Co. data breach that compromised tens of millions of customer details raises more questions than answers. As a follow-up to the news story posted online on Oct. 10, The Green Sheet asked the data security experts quoted in that article for their opinions on what can be done to bolster the data security infrastructure, given the increasing frequency and sophistication of cyberattacks.
It seems like the current defensive strategies are not working well enough, since the number and size of breaches seems to be growing. So what is the solution?
Dr. Mike Lloyd, Chief Technology Officer at RedSeal Networks: It’s significant to see that the attackers who broke in and stole some customer data from JPMC have been detected on the networks of other major payment companies. That said, there’s no public information yet to indicate these other locations suffered breaches – it’s quite likely that most suffered only some unwanted reconnaissance.
Attackers have an important capability, thanks to the way the Internet works: they can “twist doorknobs” on a global scale, using quite basic automation tools. That is, given one concept for a possible exploit, they can rapidly search across the attack surface of many organizations, to see if the technique causes any doors to spring open. In many cases, attackers don’t even need to look for specific targets – they can simply start searching widely, and see what pops up in their dragnet. The fact that many organizations can see the “doorknob twisting” coming from specific locations is just an illustration of the ease with which attackers can move laterally, from target to target, exploiting any weak points found. “The necessary response for defenders is to automate the mapping, assessment, and reduction of the attack surface of the organization. No business today can have zero attackable surface – if you interact with customers, then bad actors can find a way to exploit that. But each increase in attack surface is an increase in risk, and one more door that might accidentally be left unlocked. Attackers have no difficulty searching exhaustively for weak points; defenders need to do the same, starting by mapping out and assessing their total network attack surface.”