The Importance of Cybersecurity: Department of Justice, Yahoo and Jp Morgan Chase

JPMorgan Chase is an American intercontinental financial holding company provides investment banking and financial services, is based of operations in New York City, and was founded in 1968. It is one of the largest banks in the world with total assets of $2.534 trillion also with 250,255 and $333,666,000,000 employees and valuation respectively. They also provide strategy and structure for corporate markets and prime brokerage and research, provides personal indirectly using automated teller machine, online and telephone banking. Provides services for many clients, including financial institutions, and nonprofit entities.

In September 2014 there was a cyber-attack against the bank using the loophole in their security system causing a data breach which affected 76 million households and about 7 million minor businesses. The hackers got access to customers' contact information like names, addresses, mobile numbers, and email addresses but luckily SSN and date of birth, and account numbers are not accessed.

The breach occurred due to Bank’s security team employee neglected and forgotten later upgrading its network servers with the dual password scheme known as two-factor authentication for their login info security page this raised path to Phishing and Malware attacks. The weak link at the bank security system is an easy and basic one as the bank didn’t enable two-factor authentication laid an easy road for the attach and huge data breach.

After the bank noticed and learned about the attack and stopped it from spreading more by stopping and blocking all path access paths to all 90 servers after identifying the root cause and measures to stop rapidly growing loss. Later cybersecurity team started examining the data on the server which was impacted by the data breach which stopped, and any further fraud activity was not reported

Data breach costs $154 per account on average for banks and by Multiplying it with 83 million accounts is a staggering amount of USD 12.782 billion is the loss reported. But the study says the breaches loss tend to be even more than mentioned as adding the loss of potential customers finally losing business.JP Morgan announced it will spend of $250 million a year for security improvements by building robust security system.

Two-factor authentication is the most basic extra layer of security access in other way is adds extra security to a user's login alongside regular password by code generation to mobile or email. Bank security protection system without this extra layer feature left banks open for attack on the other side things could have been stopped with their extra layer of protection. JPMorgan should have reviewed for a top-to-bottom structure looking to remove security holes in their system and could have escaped from the breach and public embarrassment buy reviewing the internal system.

Department of Justice

The Department of Justice is responsible for implementing the laws of the United States to ensure the safety of the public against domestic and foreign threats. DOJ attack in 2016 was a successful attack on the government which resulted in losing almost 200 GB of sensitive data and identities of 30000 FBI and DHS employees and cost the US economy between $57 and $109 billion in 2016. 

Attackers gained access through the DOJ employer portal by contacting the DOJ office and convincing them that he is the new employee and requested for the code which let him to get into the DOJ portal and hack the system. Employers need to follow all the regulations to not share the authorization information through phone or email and they need to have a strong Firewall and Security applications which will help to prevent the attacks coming through physical or cyber-attacks.

Implementation of a strong Corporate Governance Strategy structure to perform its Security operations comes in play as a subset of the Overall Corporate Strategy around which the organization can align its IT frameworks with business Frameworks to ensure that the organization keeps achieving their objectives and goals by implementing procedures to measure Network and Security IT performance so that any hacks/attacks can be prevented in the future. This is created by taking all the responsible parties into account from leadership, organizational, and business processes with regard to information technology.

In compliance with these standards and make sure all the necessary hardening principles are accounted for in Network Infrastructure, Security Infrastructure, Systems, Servers, and also social engineering attacks should be avoided by providing high-level workshops and training to avoid phishing, emails scams, and viruses like Ransomware. In this, we choose DOJ to discuss its IT Governance plan and the security breach happed at DOJ which resulted in the leakage of huge chunks of sensitive information because of a cyber-attack.

Looking at the digital transformation happening across the globe and the amount of transactions corporations handle on a day-to-day basis it is vital to protect the Infrastructure from external cyberattacks and bad guys. The stakes are becoming bigger and bigger considering the PII data that is collected, stored, and transferred on these transactions.

So, the question narrows down to who is going to ensure there are strict security measures that are implemented and followed across the organization? This is where the necessity of a good IT governance framework comes into action. This can be looked as a set of standards implemented to protect organizational users, its clients, and all relevant members to minimize the percentage of risk from the occurrence of any possible data breaches and identity thefts and to successfully grow the business exponentially. IT governance should have a clear vision on the objectives and Governance frameworks that may be of interest: COBIT, ITIL, CMMI, and ISO38500.

Conclusion

In summary, data breaches have been a common occurrence in different countries, in different industries. In the data breaches covered above, we talk about data breaches for the Department of Justice, Yahoo, and JP Morgan Chase. These three names belong to different sectors. The sectors are Government, Technology, and Financial Services. Different types of data and information were at risk. These data and information include government data, sensitive email, and financial information.

The most common occurrence in these three methods was hacking. Hacking relates to getting access to other person’s computer in an unauthorized way. In the case of the Department of Justice, Yahoo, and JP Morgan Chase, the hackers were able to gain access to databases or services of these companies’/government organizations without the authority to do so. Companies spend a significant amount of resources for preventing data breaches, still, hackers are able to figure out new ways to gain unauthorized access to these data.

In each of these data breaches, hackers either used the information for personal gain. For example, in the case of data breach of JP Morgan, hackers were able to gain access to the important financial information that can be used by hackers to get financial benefits. On the other hand, other hackers just hack the information and publish it for sale in dark webs, which could have been the case for the Yahoo hack and the Department of Justice hack.

Overall, organizations although they are proactive in establishing cyber security teams that on daily basis protect the data and information stored in their servers, organization are not completely safe from different possibilities of data breaches. Because in each of these cases of three different companies, they already had an established cyber security team responsible for preventing such data breaches. However, they still were not able to prevent it. Hence, it shows that organizations should make considerable investments in cyber security.