SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
The rising importance of mainframe security
Thu, 28th Oct 2021
FYI, this story is more than a year old

For organisations relying on mainframes, security is a constantly evolving concern. This is likely to become even more pronounced with the upcoming changes to critical infrastructure laws.

Under the new laws, the Government will designate organisations in more industries as critical infrastructure operators. As such, they will be required to bolster their IT security to help protect Australia's national interests.

Complying with new security regulations and ensuring appropriate employee access, especially in light of evolving hybrid office and remote working practices, is emerging as a key challenge for all organisations. At the same time, businesses are seeing an increase in cyber-attacks and security breaches across the board. However, there are ways that mainframe-reliant organisations can secure core systems.

Australian and New Zealand organisations have been on high alert in terms of cybersecurity for some time. As technologies become more advanced, so, too, do the ways in which cyber-attackers use them, and the threat of cybercrime continues to increase as a result.

Data from the Office of the Australian Information Commissioner (OAIC) revealed that the number of data breach notifications increased by 16% from January to June 2020 compared to the same period in 2019, and this rate may continue to grow in the 2021 reporting period.

Changes to the ways of working for many organisations include a rise in bring your own device (BYOD), remote working practices, and an increase in cloud-based business apps. This increased connectivity and lowered visibility have led to significant risks for businesses. Mainframe-reliant organisations must maintain a robust security posture to ensure that core systems and data remain secure, including those buried deep within the organisation.

The potential attack surface that can be exploited continues to expand as new apps, devices, and unsecured home networks are added to the organisational network. Malicious actors can use these vectors to access one of the organisation's most important systems: the mainframe.

Unfortunately, many IT departments tend to neglect their mainframes, considering them to be legacy technology that is mostly insulated from today's cyberthreats. This isn't the case, and organisations must act immediately to secure the mainframe.

One of the most efficient defences that businesses can leverage to protect their organisation is also one of the simplest: multifactor authentication (MFA).

MFA requires users to provide two or more methods of identification to access systems and devices. Usually, this is broken down into something the user knows and something the user has. In practice, this means users need to provide more than just a password; companies can leverage additional factors such as access passes, hardware tokens, location information, biometrics such as fingerprints, or numerical codes.

Using MFA to protect systems and organisational networks lets businesses put multiple levels of defence and protection between external users and data.

Crucially, MFA is compatible with mainframes and lets organisations provide an added layer of protection on top of additional cybersecurity technologies while remaining compliant with relevant industry, regulatory, and client requirements.

Integrating MFA protections into an organisation lets companies increase their level of security by establishing additional barriers that threat actors would need to overcome to breach the network. This increases the level of difficulty for cyber-attackers to penetrate network security and is essential to today's mainframe-reliant organisations.