Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What can we learn from JPMorgan's insider breaches?

Leslie K. Lambert | July 28, 2015
Another former JPMorgan Chase & Co. (JPMC) employee was recently arrested by the FBI on charges of stealing customer data and trying to sell it to an undercover informant for tens of thousands of dollars.

Who - what is user or entity's role or the role they are emulating?

What - are they looking to access?

Where - what location are they accessing systems/data from, and what is the location are they accessing?

When - what time of day, what date, what week, month, etc.?

How -- what means or technology are they using to access the network -- company-issued or personal device, public kiosk, etc.?

Using this contextual knowledge, controlling access to information can be managed via rules-based risk scoring. This intelligence can also be used for predictive risk analysis of insiders' behavior to detect trends and activity that require further investigation.

The JPMC breaches serve as a valuable reminder that identity-based data sources and metrics must be integrated into the threat management cycle of monitoring, detecting, analyzing and responding.

Without visibility into user/entity behaviors, the detection, intervention and remediation of insider threats becomes a game of chance.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.