Guest Post: Cyberthreats are closer to the mainframe than they appear

By Ray Overby


There’s a scene in “Jurassic Park” where a Tyrannosaurus rex chases after Jeff Goldblum and Laura Dern’s characters as they speed through the wildlife park in a Jeep. The camera pans to the car’s side mirror, which reads, “Objects in mirror are closer than they appear” — a minute yet clever detail that shows the audience just how close the creature is to ravaging the vehicle.


While a cyberthreat does not incite the same type of fear as a T. rex, IT teams should be worried because cyberthreats are now at the doorstep of the mainframe.


Organizations today have supplier ecosystems with hundreds of vendors and third-party solutions to meet growing business needs. But the rise in IT connectedness also presents plenty of opportunities for bad actors to infiltrate networks due to vulnerabilities in the software supply chain. In 2021, 61% of security breaches occurred at weak points in the supply chain — up from 44% the previous year.


Although the mainframe remains central to nearly three-quarters of all business strategies, we seldom hear about the mainframe infrastructure’s involvement in cyberattacks. This is a significant oversight considering the vast amount of data stored and processed on the mainframe. It’s time to stop ignoring the risks posed to this vital infrastructure and implement a proactive approach to cybersecurity with vetted vendors by your side.


The biggest cyberthreat: Overlooking mainframe security

The global IT outsourcing market is expected to grow by $98 billion from 2020 to 2024 as organizations increasingly rely on third-party software and cloud services. Threats hidden in third-party software can reach even the most seemingly secure components of an organization’s IT framework — like the mainframe.


Access to the mainframe is a goldmine for bad actors who can take advantage of vulnerabilities to gain control of security, encrypt data and demand a ransom. Despite the rise in attacks, we don’t often hear about their impact on mainframe security. Most organizations uphold the “conspiracy of silence,” which deters them from reporting mainframe attacks. And since there are fewer reports of mainframe attacks, many security teams assume their mainframes are inherently guarded — a false sense of security that hackers continuously exploit.


For the many organizations that store sensitive data on the mainframe — and routinely use third-party software — bolstering cybersecurity at each point along the software supply chain should be a top priority.


3 actions to shield the mainframe from supply chain attacks

Organizations of all sizes rely on the mainframe for transaction processing, client data storage and inventory management. Infrastructure as critical as the mainframe should be protected accordingly. With a proactive approach to cybersecurity and methodical partnerships with vendors, you can protect your entire IT infrastructure, the mainframe included.


  1. Proactively hunt for vulnerabilities. No matter how strong an organization’s cyberdefenses are, proactively scanning for vulnerabilities in operating system software and application programs is the most effective way to stop a bad actor in their tracks. This approach enables you to detect zero-day vulnerabilities as well as network and system gaps. You should also develop a cybersecurity strategy that includes both defense mechanisms to prevent attacks and an incident response plan for when you are faced with a threat.


  1. Prioritize patches. Many organizations lack adequate resources and bandwidth to dedicate to patch management. But considering 60% of data breaches stem from known but unpatched software vulnerabilities, fixing vulnerabilities in your system is a surefire way to prevent harmful cyberattacks. Whether you outsource patch management to a managed service provider or reallocate internal resources, establish a playbook for continuous patch management to avoid the 3 to 18 months of downtime it takes to patch the entire system. Most importantly, don’t punish IT teams for downtime due to continual mainframe patching — instead, encourage the initiative.


  1. Assess your vendors. It’s imperative to conduct third-party risk assessments before teaming with a vendor. While it may seem like a daunting task considering the number of vendors an organization can partner with, it will save you time and resources down the line. For full visibility into a vendor’s supply chain standards, ask about their security policies and procedures and how their software is developed and tested. You can also evaluate third-party reviews if they are available to gain unbiased insights about the company. Finally, determine whether the organization performs its own risk assessments on the third parties it engages with.


Ransomware and other types of cyberattacks are on the rise, and the mainframe is a prime target for the bad actors who execute these attacks. But by carefully selecting the right vendors and implementing security checks, you can keep your data and IT infrastructure safe from even the most sophisticated cybercriminals.


It’s time to leave the false sense of security surrounding the mainframe in the rearview — because today, cyberthreats are much closer to the mainframe than they appear.


Ray Overby is CTO and co-founder, KRI






Photo by Mike B: