JPMorgan Chase & Co. and Dow Jones & Co. were among the targets of the biggest theft of customer data from U.S. financial institutions in history, prosecutors said in announcing charges against four men accused of running online schemes including stock manipulation and casino gambling that generated hundreds of millions of dollars. Security experts from Tripwire and Lieberman Software have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Philip Lieberman, President of Lieberman Software :
“The take away from this story is one of corporate culture being more powerful than capital investment when it comes to cyber security.
The CEO has the job of leadership and in making investments, but even the best CEO has challenges turning the ship that has been in the water for generations. Changing a ship designed for commerce into one suitable for both trade and warfare takes time and wisdom. The challenge is not the change in technology, but with the behavior of all involved.
Those charged with movement of goods tend to obstruct the need to arrive safety by depending on their knowledge and behaviors obtained long before the warfare began. Leadership has chosen to spend the money to refit their ship, but these types of breaches tend to make one think that the money may not have been spent wisely or as intended by the CEO and Board.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Risk at Tripwire :
“While we tend to focus on the technical tools to prevent these types of cyberattacks, these indictments are a good reminder that partnership with law enforcement can provide more traditional tools for fighting cybercrime.
If cybercriminals aren’t likely to get away with their crimes, they’ll be forced to change their tactics.
Hopefully we’ll hear more about how JP Morgan was able to partner with law enforcement. This type of information sharing can be educational for others in the industry and result in better preparation and cooperation.
Long after the public has largely forgotten about a cyberattack, law enforcement is continuing to pursue the perpetrators.”[/su_note]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.