The breach at JPMorgan Chase is one of the worst breaches in American history. Its orders of magnitude worse than Home Depot and Target, being that Chase is the largest bank in the US. The breach affected 76M households and 7M small businesses. When the hack was first reported, Chase announced that only a small number of users were impacted, just like Home Depot, but it turned out to be tenfold+ increase higher than originally reported. In an SEC filing, Chase reported that name, address, phone number, email address, and internal Chase information relating to users were compromised.
Bloomberg wrote “the good news is that there’s no evidence so far that the compromised data included any account numbers, password, Social Security numbers, user IDs or birth dates.” I wouldn’t call that good news, since they penetrated the Fort Knox of the Cyber Security world. Its likely Chase is using FireEye and Palo Alto Networks because most banks do. If Chase spends millions on a security vendor, should that security vendor share some blame? Absolutely. Although the cyber security sector is the most innovative in all of tech, it appears that hackers are winning the innovation game.
The CISO/CSO way of thinking, along with the current security models need to undergo a major transformation and overhaul. Chase, Wells Faro, and other large institutions can no longer rely entirely on the FireEye’s of the world to protect their most valuable assets. They need to take it upon themselves to create internal cyber security think tanks, and centers of security research, comprised of security engineers, and non-security engineers, to come up with customized solutions that protect their information assets.