iTech-Ed Ltd

Mainframe security – there really is a war going on

Follow us on Twitter

Pinterest


Monday, 1 July 2024

In the mainframe world, everyone has been talking about security for a very long time. In fact, I’ve seen some people yawn as the topic of security comes up again – “been there, done that, got the T-shirt” they say. But it’s not that easy. Just because all the security you had in place last year seems to have worked, doesn’t mean that it is secure enough for this year. There is a veritable arms race going on and no-one can afford to be complacent.

When I say no-one, I mean no-one in an organization can be complacent, perhaps least of all the chief financial officer (CFO). It’s the CFO’s job to safeguard their organization’s reputation and to save their company money. That was the job of the CFO at the USA’s second biggest health insurer, Anthem, which was hacked in December 2014. Nearly ten years later, the substantial cost to the company is only finally becoming clear.

That cyberattack saw 79 million individual's personal information compromised. Firstly, Anthem agreed to pay $115 million to those people whose information was potentially stolen. The plaintiffs’ case was that Anthem should pay their costs of checking whether the exfiltrated data was being used nefariously by anyone else. Then in 2020, Anthem agreed to pay $16 million to the US Department of Health and Human Services, Office for Civil Rights (OCR) and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. Also in 2020, the company paid $39.5 million as part of a settlement with US states attorneys general from 44 states and Washington, DC. On top of that, there may well have been payments by Anthem for the ransom, and for technical experts to try and resolve the attack. All-in-all, a hefty pay out for any organization.

And that wasn’t a one-off attack. According to the Cost of a Data Breach Report from IBM Security, the average cost of a data breach is US$4.45 million. For companies, like Anthem, in the healthcare sector, the average cost of a data breach was US$10.93 million.

In the UK just recently, hospitals and GP practices found Russian hackers had infiltrated and rendered unusable the IT systems of Synnovis, a company that analyses blood tests. That led to hospitals having to cancel operations etc. From personal experience, I know of a small web design and hosting company that says its web sites are under constant attack. And I know of local secondary schools that have been attacked.

Everywhere and everyone that has any kind of tech is currently under attack. And, they need to do their bit in the arms race that’s taking place between us – I’m assuming we’re the good guys are reading this – and the people who are trying to hack your system.

Oxford Capital recently sent out a press release reminding us that the World Economic Forum has shown that ransomware attacks have increased by nearly 300%, with over 50% of these attacks specifically targeting small businesses. Oxford Capital then highlighted the top AI security threats organizations need to be prepared to combat. They were:

The suggested solutions given by Oxford Capital include:

The list might have added using air-gapped hardware to protect back-ups from being overwritten. As well as routinely protecting data in transit from being stolen.

What I’m suggesting is that everyone needs to take steps to protect whatever data they have on their computing platforms, including the cloud, and people with the most to lose, like mainframers, need to absolutely keep one step ahead in the data security arms race. And the CFO, and other top execs, need to make sure the IT team have everything they need in order to do that. After all, it’s those top execs who will be paying for it if mainframe security isn’t as good as it needs to be.

 

If you need anything written, contact Trevor Eddolls at iTech-Ed.
Telephone number and street address are shown here.