Hacking risks to accounting information systems and business impact

Hacking the AIS
Technological advancements have predisposed many businesses across the globe to challenges related to system manipulation and hacking. Connectivity technology and the internet have eliminated almost all communication barriers that businesses and individuals faced previously. Some of the dangers and risks associated with these advancements include an increase in cyber criminals who invade into the private databases of companies and individuals. For this assignment, I will focus on JP Morgan hacking. This company is the most recent example of how a serious data breach can cause harm to not only the business but to also millions of individuals. The essay discusses the responsibility of the software provider in ensuring that the entity and its customers are guaranteed that their information is protected. Some of proposals are given for businesses such as JP Morgan so that they can ensure that their systems cannot be manipulated in future.
Background Information on JP Morgan
On October 2014, JPMorgan became a victim to cyber criminals when its systems were hacked. The incident was recorded as the largest theft of customer information from an American bank ever to happen in the US. When they broke into its computer systems, they exposed personal data of over 83 million accounts. The exposed data contained customer addresses, names, emails and phone numbers. The hackers entered the database via a compromised app which belongs to the company. This affected present account holders, former account holders, and individuals who had entered their contact details at the company’s mobile and online sites.
Company’s Level of Responsibility in Responding to the Security Breach
JPMorgan could have thwarted the data intrusion by installing a simple security fix to a server, which had been previously overlooked. The company spends huge amounts of money on computer security to protect against complex attacks like this one. However, JPMorgan seems to have ignored its responsibility. The attack started when the hackers stole the login details of one employee. This is the point at which the company could have countered the attack. A double authentication scheme called two-factor authentication could have been installed to prevent access to employees’ computers. Two-factor authentication demands a second one-time password for the user to access a protected system. Apparently, JPMorgan ignored to upgrade one of their network servers using the dual password system. This rendered the institution vulnerable to the attackers. The biggest problem is that is almost impossible for banks of such a size to guard their networks, especially because they incorporate the networks of acquired companies with their own. At JPMorgan, this has been a cause for alarm as it is still common for names of acquired firms to pop up in search engines.
The Level of Responsibility When Third-Party Accounting System is Used
The software provider shares equal responsibility as the company affected. It was the vendor’s responsibility to build a secure network by limiting chances of being compromised by outsiders. The vendor should have prevented the attack by implementing a compartmentalized remote access method, and the hacking would have been much less serious. Also, the vendor should have detected and blocked unauthorized remote access technologies. Today, there are many digital remote access devices, which the vendor should have taken advantage of. In the case of JP Morgan, the vendor used the same port. It is their responsibility to block any unauthorized by using emerging devices such as next-generation firewalls (NGFWs) or Web filters. Usually, these methods contain upgraded applications like remote access devices which the vendor could easily blacklist. Moreover, the vendor could have tuned JP Morgan’s intrusion detection systems (IDSes) to detect such connections and alert those being initiated from within the network perimeter (In Bryant, 2016).
Additional Regulation as a Preventative Measure against Hacked Businesses
Businesses are operating in a new era of cybercrime, which threatens all machines and every internet-connect devices that companies rely on (In Bryant, 2016). The truth is that additional regulation is needed as a preventive measure against businesses being hacked. In a post-cybercrime world, no company can declare itself as wholly secure from hacking. However, they rely on some software flaws that cybercriminals have been using for years. This means that the country should get better at preventing cyber-attacks. The sad point is that companies are not motivated enough to step up their security practices even in the midst of news on attacks targeting some of the biggest corporations. In this view, the only way to prevent businesses from being hacked is through additional regulation.
The JP Morgan data breach exposed personal information of over 83 million customers. The available response measures seem to be inaccurate. The country should introduce a set of cyber security regulations requiring that each bank and financial institution must employ a chief information security officer (CISO) whose primary responsibility should be to manage and document the company’s cybersecurity plans (Rajagopal & Behl, 2016). Moreover, the regulations must compel financial service firms to notify the Department of Financial Services about any breach attempts. This will force third-party firms handling company’s data to take up their cyber-security measures.
The regulations will compel potentially vulnerable organizations to accept accountability and upgrade their security efforts. The JP Morgan case is a superb example of the looming threat of theft of customer data. Unfortunately, it is challenging to force even big corporations to modify their security practices on their own. Although the new measures may not help in thwarting major attacks, the regulations are at least proactive relative to what companies have been doing in previous years. The government’s cybersecurity orders have not achieved much apart from calling for more surveillance. Although it would be incredibly challenging to force companies to play fair regarding cyberwar, the relevance of additional regulation is more pressing than ever. Even if it is impossible to control what companies do, the new measures will help them at least prepare for potential security attacks.
Recommendations to Secure Systems and Assets
The JPMorgan Chase data breach illustrates the critical need for business to secure their systems and assets from hackers. First, companies must choose IT vendors who can offer better products and solutions likely to automate ongoing analytical tasks (Phys.org, 2015). Companies must ensure that the products offered can accurately detect any data breaches by eliminating the noise generated by traditional security infrastructures. Also, organizations, especially financial service firms should eliminate the information overload which seems to paralyze security teams. They may replace it with actionable enabling security teams to reduce data loss, exposure, and remediate known attacks.
Businesses can also guard themselves by protecting their devices. Here, a good starting point would be to understand the key risk areas within the organization. The greatest threat to a company’s data derives from the gadgets that employees use (Rajagopal & Behl, 2016). In the JP Morgan case, these devices served as the boarding joint for malicious software which later wormed their way throughout the corporate network servers. This led to the exposure of personal information of 83 million individuals. There is a big problem if companies continue to allow their employees to use their gadgets for work-related purposes. Employees might carry the devices at home and use them to install surf sites or apps which they have never used before. Such websites and programs could infect their device. When it links to the company’s network, it resents the risk of infecting everything that belongs to the company. Rajagopal and Behl (2016) recommend that companies install web-security software to block employees’ devices from connecting to potentially harmful sites. They could monitor all their employees’ devices by adopting centralized management software. This system works by joining the company’s network and authorizing particular actions before the employees can move on.
In the case of JP Morgan, strong authentication could have stopped the hackers even before the breach occurred. Information encryption on mobile devices, computers, and removable storage devices is an effective way of protecting data from the bad guys (Rajagopal & Behl, 2016). Certainly, it is a good practice since the sensitive information needed by employees will only be found on the central company computers, accessible through a password. In this manner, even if the hackers break into or steal the machine, it would be of no value at all. Business could protect access to these accounts by using the two-step authentication system (In Bryant, 2016). In the JP Morgan case, the hackers stole an employee’s password, which they used to access the entire corporate network and access everything that the employees have access to. Businesses can prevent this by implementing a second step for employees to access their accounts. When they key in their passwords, the system sends a message to a personal gadget that they own such as a text message to their phone. Then, the individual must re-enter the credential to the computer to verify access. This would make an attack more difficult since intruders will have to intercept the credential sent to the phone.
Conclusion
Cybercrime has been increasing thanks to the rapid technological advancements rapidly. This essay has explored the JP Morgan hacking case, which is the most recent and worst ever cyber-attack to ever hit a financial institution. The company exemplifies the most recent example of how a serious data breach can cause harm to not only the business but to also millions of its customers. The essay has discussed the responsibility of the software provider to both the business and its clients. Recommendations are given for businesses such as JP Morgan to secure their systems and assets from hackers.


References
Rajagopal, ., & Behl, R. (2016). Business analytics and cybersecurity management in organizations. Hershey: Business Science Reference.
Phys.org, (November 10, 2015). JP Morgan Chase breach was among the biggest in recent years. Phys.org - Science and Technology News, 2015-11.
In Bryant, M. (March 10, 2016). How to stay ahead of cybercriminals in the data breach era. Thenextweb.com, 2016-3.