Most large organizations, including 70% of Fortune 500 companies, rely extensively on mainframes for managing their business and IT infrastructure.
Despite the significant role mainframes play, the conversation of how to best secure mainframes security does gets relatively little attention.
Considering today's cyberthreat landscape mainframes have never been more vulnerable to attacks.
A large cohort of senior, experienced security professionals are set to retire in the coming years, further exacerbating the ongoing skills shortage and exerting more pressure on remaining professionals.
Short-staffed security teams will tend to prioritize their time and mobilize their efforts to reactively address the most obvious issues, which often means mainframe security falls to the bottom of the priority list.
It is critical for mainframe security to re-enter the cybersecurity conversation, and that starts with doing away with commonly held misconceptions.
First is the mistaken belief that due to their mature or streamlined architecture with fewer vulnerabilities, mainframes are virtually impervious to hackers.
People newer to the profession have relatively little experience with mainframe systems when compared to their more experienced counterparts and will tend to not question their viewpoints or approaches of their leaders or senior team members.
In the contemporary landscape, modern mainframes are routinely accessed by employees and are intricately linked to applications that encompass a wide array of functions, ranging from processing e-commerce transactions to facilitating personal banking services.
Given the substantial financial toll of a data breach, estimated to be USD $9.48 million on average, it's imperative to swiftly detect any potential threat to the mainframe.
To counter this threat to mainframes, security teams must look at two key areas: encryption and early warning.
It has emerged as a favored attack vector among hackers due to its remarkable speed on modern mainframes and its susceptibility to reversal.
Malicious actors often follow a straightforward modus operandi: infiltrate a system, initiate malicious encryption, and then attempt to sell the decryption key back to the victim.
The primary challenge lies in establishing a reliable method for detecting encryption in progress, while preventing the support staff from being overwhelmed with an avalanche of alerts.
IBM Security's 2023 Cost of a Data Breach Report highlights a troubling reality: it takes an average of 204 days to detect a breach, followed by an additional 73 days to recover.
For numerous mainframe operators, a significant portion of these nefarious activities occur behind the scenes, escaping detection until it's too late.
It's not only a matter of prudence but also a fundamental aspect of business and security strategy for these sites to mitigate risk and attendant damage with early detection.
One approach involves having the system compile a whitelist of authorized encryption processes.
With deep experience in mainframes, hybrid cloud platforms, open systems and mobile computing, Al Saurette is recognized as a thought leader in cyber security, compliance and cyber resilience solutions for banks, insurers, transport and government clients in North America, Europe and around the world.
Currently, Al is CEO of mainframe cyber security provider MainTegrity Inc. providing next-generation threat detection, advanced file integrity monitoring, automated forensics, and recovery solutions.
This Cyber News was published on www.cyberdefensemagazine.com. Publication date: Sat, 17 Feb 2024 18:43:05 +0000