Defense against the dark arts

Mainframers who thought the mainframe was too difficult a platform to hack are few and far between these days. However, mainframes can be hacked, and they are being hacked.

In terms of security, what spells, incantations, and practices should organizations employ to defeat the dark art of hacking? Fortunately, no wands are required.

Bad Actors Use AI

Oxford Capital recently reminded us that ransomware attacks have increased by nearly 300%, with over 50% of these attacks specifically targeting small businesses. With its focus on the growing use of artificial intelligence (AI), Oxford Capital highlighted the top AI security threats organizations must be prepared to combat. These are:

  • AI-powered phishing attacks use AI to create highly convincing and personalized emails. For example, non-English speakers can use gen AI to produce grammatically correct and plausible phishing messages.
  • Automated vulnerability exploits, where hackers use AI to scan for and exploit vulnerabilities in software.
  • Deep fake scams, where cybercriminals use AI to create realistic audio and video impersonations of company executives, using them to manipulate employees into transferring funds or sharing confidential information.
  • AI-driven ransomware allows attackers to target, copy, and encrypt critical business data efficiently. 
  • Malicious AI bots can also be used for malicious activities, such as credential stuffing, where bots attempt to access accounts using stolen credentials. 
  • AI systems can easily guess or crack passwords where weak passwords are used.

The Cost of a Data Breach Report 2024 from IBM found that the top three factors that increased breach costs were security system complexity, security skills shortage, and third-party breaches, which can include supply chain breaches.

Breach Costs Increase With:
– Security system complexity
– Security skills shortage
– Third-party breaches

Automation and AI Help Defense

On the positive side, the two key factors that reduced the data breach costs included employee training and the use of AI and machine learning insights.

Prevention

The IBM report found that the average cost saving for organizations that used security AI and automation extensively in prevention was US$2.22m less compared to those that didn’t. When organizations used AI and automation extensively for prevention, their average breach cost was US$3.76m. Meanwhile, organizations that didn’t use these tools in prevention saw a US$5.98m increase in costs.

Breach Savings

The report also found that the more organizations used AI and automation, the lower their average breach costs were. Organizations not using AI and automation had average costs of US$5.72m, while those making extensive use of AI and automation had average costs of US$3.84m, a savings of US$1.8m. 

The more organizations use AI and automation, the lower their average breach costs.

Containment Speed

In addition, organizations extensively using security AI and automation identified and contained data breaches nearly 100 days faster on average than organizations that didn’t use these technologies at all.

Extensive use of AI and automation reduced the average time to investigate data breaches by 33%m and contained them by 43%.

Curbing Threats is Possible


Cybersecurity technology and information security company Cisco Talos published suggestions on how to mitigate the threat of ransomware. Like a checklist, they include:

  • Apply patches and updates to systems and software to reduce the risk of exploits being used to access a system.
  • Implement complex and unique password policies and multifactor authentication.
  • Harden the attack surface by disabling unnecessary services and features and limiting the number of public-facing Internet services as much as possible.
  • Segment networks using virtual local area networks (VLANs) or similar technologies. Isolating sensitive data and systems from other networks prevents lateral movements from an attacker.
  • Monitor endpoints using a security information and event management (SIEM) system, and use endpoint detection and response (EDR) or extended detection and response tools.

Reduce Risks for Remote Work 

For hackers, an ideal way to access an organization’s computer network is to attack it using the potential weak link of people working from home.

Indusface, an application security SaaS company, suggests 10 ways to protect company data for people working remotely. Here are their suggestions:

  1. Where people can access company data, provide them with company devices. That way, an organization’s IT team can fully manage and secure the devices, which can be updated and encrypted with SSL certificates. 
  2. Use scan and penetration test applications that simulate real-world attacks on systems and highlight any vulnerabilities, including privilege escalation attacks. Any vulnerabilities identified can be remediated.
  3. Utilize virtual private networks (VPNs) across the business because they implement and protect data that could otherwise be vulnerable to attacks over an open public network.
  4. Deploy a web application firewall (WAF) to protect web applications from attacks.by detecting anomalies and blocking illegitimate requests.
  5. Employ encryption software so that if someone steals a file, they won’t be able to access the data or content.
  6. Use strict password management because hackers rely on weak passwords. Automatic password generators can create safe and secure passwords. They can also ensure that passwords are unique and never duplicated across accounts. 
  7. Employees should also implement multi-factor authentication (MFA).
  8. Apply rigorous access controls, following the principle of least privilege when it comes to access control. For example, allow users access to only the specific assets that they require for their work. Access to files should be revoked as soon as they are no longer needed.
  9. Avoid shadow IT by providing employees with what they need to make their jobs easier. This shadow IT could include using risky apps and tools, sending files through unsecured channels, or storing assets somewhere unprotected. 
  10. Fully prepare and train remote workers so they understand the security procedures and why they are important. 

There are many places where bad actors can gain admittance onto an organization’s IT systems and, from there, onto the vital data running on its mainframes. But your mainframes and systems are defensible. Any hints and tips about protecting that data should be treated as an ongoing to-do list, and organizations can ensure they are doing each of them.

Note: this list is far from exhaustive and should be treated as a starting point. Good luck in your battle against the dark arts and its bad actors.

Regular Planet Mainframe Blog Contributor
A popular speaker, blogger, and writer, Trevor is CEO of iTech-Ed Ltd. He has an extensive 40-year background in mainframes and IT, and has been recognized as an IBM Champion from 2009–2024 for his leadership and contributions to the Information Management community.

Leave a Reply

Your email address will not be published. Required fields are marked *