Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Preventing the Modern-Day Bank Robber


Published on

Presented by JPMorgan Chase & Co.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Preventing the Modern-Day Bank Robber

  2. 2. JPMORGAN CHASE - ABOUT US 100+ >243KCountries which we operate Number of Employees ~$5T $2T+Payments daily on behalf of the firm and its clients and customers Daily securities traded and settled #1 26M+Rated mobile banking app, ATM network and most visited banking portal – Active customers on mobile app today
  3. 3. WE ARE A TECHNOLOGY COMPANY* >$9.5B ~$3B Technology budget Dedicated to new initiatives ~$600M 20K+ Spent on emerging fintech solutions Developers *Statistics are from the 2016 JPMorgan Chase & Co Annual Report
  4. 4. This is Cybersecurity 3Global Security Operations Centers 24/7Follow the sun operating model Protecting the Firm | Protecting our Clients | Leading the Industry
  5. 5. Real Attack Case Study 2016 One of the Largest Bank Robberies Ever Reported • Resulted in theft of $81M USD • Largest bank heist ever reported
  6. 6. Assessments Exercises & Phishing Determine feasibility of cyber attacks and identify high risk vulnerabilities in JPMC systems through a combination of manual and automated cyber assessments Delivers cyber tabletops, drills, and operational “range” simulations to identify gaps in cyber response planning, coordination and communications as well as personnel knowledge, skills, and abilities Vulnerability Management Training & Awareness Responsible for the identification, classification, remediation, and mitigation of software and infrastructure vulnerabilities within the JPMC environment Drives improved business execution through performance support and education for our global cyber operations professionals The focus of Cyber Assessments and Remediation is to identify cyber risks, vulnerabilities, and process deficiencies through active exercises, drills, and focused cyber assessments against JPMC personnel, processes, and technologies. Once identified, enhancement and/or remediation is driven via Cyber Hygiene, training, and awareness initiatives. Find Stuff… Fix Stuff Assessments & Remediation - Overview
  7. 7. How People Hack a Bank – Phishing #1Attack vector that we see industry- wide
  8. 8. What Are We Doing About Phishing?
  9. 9. Technology Controls Education & Awareness Data Analytics Employee Testing Reducing the Risk –Initiatives
  10. 10. Exercise & Phishing Key Outcomes of Exercises & Phishing:  Enhance response playbooks  Improve Intra-team coordination  Identify training needs  Implement new business/cyber controls  Increase cyber resiliency
  11. 11. Exercises Tabletop Exercises Operational Drills Range Simulations Discussion-based events where team members discuss their roles and responses during significant cyber disruptions No-notice “hands-on-keyboard” events where participants react to seemingly real-world incidents by utilizing current plans & capabilities “Sandboxed” financial network environment for JPMC Cyber “Blue” defenders to assess ability to detect, respond & recover from real-time attacks by JPMC Red Team Strengthening Resilience through Continuous Practice
  12. 12. DRIVERS OF SUCCESS FOR Table Top Exercises (TTX): • Senior Business Leader Involvement • Tailored Injects and Artifacts • Market Simulation Tool
  13. 13. DRIVERS OF SUCCESS FOR Operational Drills: • No Notice Alerts on Production Systems • Use of Trusted Agents • Multi-day Scenarios
  14. 14. Range Simulations DRIVERS OF SUCCESS FOR Range Simulations: • Face to Face Interactions • Tailored Network Environments • Cross Regional Operational Assessments • Red Team/Operations Collaboration
  15. 15. What Are We Doing About Potential Cyber Attacks?
  16. 16. Penetration Testing
  17. 17. Leading the Industry DRIVING INDUSTRY COLLABORATION: Financial Systemic Analysis & Resilience Center (FSARC) will deliver analysis and solutions that will benefit the entire sector from the smallest community institutions to the largest commercial banks.
  18. 18. Q&A