Sunday, 30 June 2024

Mainframe security – there really is a war going on

In the mainframe world, everyone has been talking about security for a very long time. In fact, I’ve seen some people yawn as the topic of security comes up again – “been there, done that, got the T-shirt” they say. But it’s not that easy. Just because all the security you had in place last year seems to have worked, doesn’t mean that it is secure enough for this year. There is a veritable arms race going on and no-one can afford to be complacent.

When I say no-one, I mean no-one in an organization can be complacent, perhaps least of all the chief financial officer (CFO). It’s the CFO’s job to safeguard their organization’s reputation and to save their company money. That was the job of the CFO at the USA’s second biggest health insurer, Anthem, which was hacked in December 2014. Nearly ten years later, the substantial cost to the company is only finally becoming clear.

That cyberattack saw 79 million individual's personal information compromised. Firstly, Anthem agreed to pay $115 million to those people whose information was potentially stolen. The plaintiffs’ case was that Anthem should pay their costs of checking whether the exfiltrated data was being used nefariously by anyone else. Then in 2020, Anthem agreed to pay $16 million to the US Department of Health and Human Services, Office for Civil Rights (OCR) and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. Also in 2020, the company paid $39.5 million as part of a settlement with US states attorneys general from 44 states and Washington, DC. On top of that, there may well have been payments by Anthem for the ransom, and for technical experts to try and resolve the attack. All-in-all, a hefty pay out for any organization.

And that wasn’t a one-off attack. According to the Cost of a Data Breach Report from IBM Security, the average cost of a data breach is US$4.45 million. For companies, like Anthem, in the healthcare sector, the average cost of a data breach was US$10.93 million.

In the UK just recently, hospitals and GP practices found Russian hackers had infiltrated and rendered unusable the IT systems of Synnovis, a company that analyses blood tests. That led to hospitals having to cancel operations etc. From personal experience, I know of a small web design and hosting company that says its web sites are under constant attack. And I know of local secondary schools that have been attacked.

Everywhere and everyone that has any kind of tech is currently under attack. And, they need to do their bit in the arms race that’s taking place between us – I’m assuming we’re the good guys are reading this – and the people who are trying to hack your system.

Oxford Capital recently sent out a press release reminding us that the World Economic Forum has shown that ransomware attacks have increased by nearly 300%, with over 50% of these attacks specifically targeting small businesses. Oxford Capital then highlighted the top AI security threats organizations need to be prepared to combat. They were:

  • AI-powered phishing attacks using AI to create highly-convincing and personalized emails. These attacks are designed to deceive employees into revealing sensitive information or downloading malicious software.
  • Automated vulnerability exploits. Hackers are using AI to scan for and exploit vulnerabilities in software systems at an unprecedented speed and scale. That’s why installing patches is such a priority.
  • Deep fake scams are where cybercriminals use AI to create realistic audio and video impersonations of company executives. These deepfakes can be used to manipulate employees into transferring funds or sharing confidential information.
  • AI-driven ransomware allows attackers to efficiently target, copy, and encrypt critical business data. 
  • Malicious AI bots can be used to conduct malicious activities such as credential stuffing, where bots attempt to gain access to accounts using stolen credentials. 
  • Weak passwords are a major cybersecurity threat because they can be easily guessed or cracked, allowing unauthorized access to sensitive information.

The suggested solutions given by Oxford Capital include:

  • Strong password policies. If you don’t already do this, use complex passwords and update them regularly.
  • Multi-factor authentication (MFA) requires a user to present two (or more) items or factors to an authentication mechanism before they are given access.
  • Regularly update software to ensure that the latest security patches are installed and no easy-access back doors (vulnerabilities) are anywhere on your system.
  • Employee training. I’ve been part of this kind of exercise where you give everyone in your organization training to recognize phishing attacks and other cyber threats, and then later test random attendees. Even so, you still find staff click on your dodgy email. Therefore, I would suggest that training is ongoing.
  • Use robust cybersecurity measures. They recommend users invest in comprehensive security solutions to detect and respond to threats efficiently. I would suggest mainframe-related products like File Integrity Monitoring (FIM) from MainTegrity to provide not only protection, but also early warning if some kind of attack is taking place, as well as automation to suspend jobs and users until you’re sure they really are allowed to do what they seem to be doing to your mainframe.

The list might have added using air-gapped hardware to protect back-ups from being overwritten. As well as routinely protecting data in transit from being stolen.

What I’m suggesting is that everyone needs to take steps to protect whatever data they have on their computing platforms, including the cloud, and people with the most to lose, like mainframers, need to absolutely keep one step ahead in the data security arms race. And the CFO, and other top execs, need to make sure the IT team have everything they need in order to do that. After all, it’s those top execs who will be paying for it if mainframe security isn’t as good as it needs to be.

 

No comments: