JP Morgan Chase, and several other large US banks, experienced large scale coordinated attacks during the month of August. Several news outlets have reported that the attacks may be politically motivated instead of being part of an effort to commit fraud, even though it's possible that theft of account credentials, personal data and information were part of the attacks. First to report was Bloomberg, who suggested that the attacks were retaliation for sponsored sanctions against Russia. Exactly what the motives were is still under discussion. If the motives for the attack were simply to show US banks that they are vulnerable, or if there were more insidious motives tied to espionage, these attacks have not correlated with an increase in fraud (as of yet). "Companies of our size unfortunately experience cyber attacks nearly every day,” said Patricia Wexler, a JPMorgan spokeswoman. “We have multiple layers of defense to counteract any threats and constantly monitor fraud levels.”
It is interesting that the response from JP Morgan Chase mentions fraud monitoring. This response speaks to traditional security strategies where the security "layers" are often correlated with detecting fraud. The assumption that the actions of a hacker will identify him/her through their actions is a good one - if there is an account breach at a bank, one of the first indications that the breach has occurred may be the immediate transfer of funds or changes to the ownership information on the account. But if that doesn't happen, and someone has simply gained access to the account, how does that impact the strength of the security components in place to protect the account?
It is critical that organizations have security methods in place that can silently and identify account activity that does not belong to the owner of the account. What the organization does with this information is up to them. But instead along with tracking fraud, we need to understand who the user is, so that we can differentiate between a user, and a hacker with their credentials.