Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cyber security and the mainframe (v1.3)


Published on

In a digital age of cloud computing and mobile systems; where cyber security, cyber crime and cyber war are part of the day-to-day vocabulary, how secure is the mainframe? Is it safe to assume that the mainframe is secure by default? Can we ignore the fact that the mainframe is just another platform in the great scheme of things? How vital is the mainframe and the data that it stores for you and your company?

Published in: Technology
  • Be the first to comment

Cyber security and the mainframe (v1.3)

  1. 1. Cyber  Security  and  the   Mainframe   Rui  Miguel  Feio   RSM  Partners     Date  of  presenta<on  (03/11/2015)   Session  <FC>  
  2. 2. Delivering  the  best  in  z  services,  soJware,  hardware  and  training.  Delivering  the  best  in  z  services,  soJware,  hardware  and  training.   World  Class,  Full  Spectrum,  z  Services   Cyber  Security  and  the  Mainframe   Rui  Miguel  Feio   Security  Lead  
  3. 3. Agenda     •  Introduc<on   •  Cyber  Crime   •  Recent  APacks   •  The  Mainframe   •  What  to  Do   •  World  Wide  Real-­‐Time  Cyber  APacks   •  References  and  Resources   •  Ques<ons?  
  4. 4. Introduc<on   Rui  Miguel  Feio  is…   –  Security  lead  at  RSM  Partners   –  Mainframe  technician  specialising  in  mainframe  security   –  Has  been  working  with  mainframes  for  the  past  16  years   –  Started  as  an  MVS  Systems  Programmer   –  Experience  in  other  plaorms  as  well  
  5. 5. Cyber  Crime  
  6. 6. Cyber  Crime  –  The  Actors   •  Cyber  Crime  is  any  criminal  act  dealing  with  electronic  devices  and   networks.  Cyber  crime  also  includes  tradi<onal  crimes  conducted   through  the  Internet.     •  The  typical  actors  of  cyber  crime  ac<vi<es:   –  Hackers   –  Organised  Criminal  Gangs   –  Hack<vists   –  Terrorists   –  Na<on-­‐States   –  Internal  Threats  
  7. 7. 2015  Cost  of  Cyber  Crime  Study   •  Ponemon  Ins<tute  report  sponsored  by  HP  Enterprise  published  in   October  2015:   –  “2015  Cost  of  Cyber  Crime  Study:  Global”   •  Global  study  at  a  glance:   –  252  companies  in  7  countries:   •  United  States,  UK,  Germany,  Australia,  Japan,  Russia  and  Brazil   –  2,128  interviews  with  company  personnel   –  1,928  total  aPacks  used  to  measure  total  cost   –  $7.7  million  USD  is  the  average  annualised  cost   –  1.9%  net  increase  over  the  past  year  
  8. 8. Average  Cost  of  Cyber  Crime  2015   **  Cost  in  millions  of  US  Dollars   Although  we  see  a  cost  decrease   in  some  of  the  countries,  this  is   due  to  exchange  rate  differences   over  the  past  year  resul<ng  from   a  strong  USD.     Adjus<ng  for  exchange  rate   differences  we  actually  see  a  net   increase  in  all  countries.  
  9. 9. Average  Cost  by  Industry  2015   *  Cost  in  millions  of   US  dollars    
  10. 10. Types  of  Cyber  APacks  in  2015  
  11. 11. Cyber  Crime  Cost  by  APack  2015  
  12. 12. Report  Summary  Highlights   •  Cyber  crime  con<nues  to  be  on  the  rise  for  organisa<ons:   –  Cost  ranges  $310  K  -­‐  $65  million  with  an  average  of  $7.7  million   •  The  most  costly  cyber  crimes  are  those  caused  by  malicious   insiders,  denial  of  services  (DoS)  and  web-­‐based  aPacks.   •  Cyber  aPacks  can  get  costly  if  not  resolved  quickly   –  The  mean  number  of  days  to  resolve  is  46  with  an  average  cost  of  $21,155  per   day   –  Total  cost  of  $973,130  over  the  46  day  remedia<on  period  
  13. 13. Report  Summary  Highlights   •  Business  disrup<on  represents  39%  of  total  external  costs,  followed   by  the  costs  associated  with  informa<on  loss.   •  Deployment  of  security  intelligence  systems  (SIEM)  represents  an   average  cost  savings  of  $1.9  million  
  14. 14. Recent  APacks  
  15. 15. Recent  APacks   *  Informa>on  is  Beau>ful  (hAp://www.informa>onisbeau>>ons/worlds-­‐biggest-­‐data-­‐breaches-­‐hacks/)  
  16. 16. The  Mainframe  
  17. 17.   “If  you  give  an  hacker  a  new  toy,   the  first  thing  he'll  do  is  take  it   apart  to  figure  out  how  it  works.”   Jamie  Zawinski  
  18. 18. How  Secure  is  the  Mainframe?   •  “The  mainframe  is  the  most  secured  plaorm  there  is!”   •  “No  one  Hacks  the  mainframe!”   •  “Only  mainframers  know  how  a  mainframe  works!”   •  “You  would  need  to  work  for  the  company  to  be  able  to  do  some   harm  to  the  mainframe,  and  no  one  does  it.”   •  “Hackers  are  not  interested  in  the  mainframe!”  
  19. 19. How  Secure  is  the  Mainframe?   •  “The  mainframe  is  the  most  secured  plaorm  there  is!”   –  It’s  definitely  highly  securable  but  that  requires  work  and  focus   •  “No  one  Hacks  the  mainframe!”   –  There  are  several  documented  cases  of  mainframes  being  hacked   •  “Only  mainframers  know  how  a  mainframe  works!”   –  Mainframe  documenta>on  is  available  for  free  on  the  internet?!   •  “You  would  need  to  work  for  the  company  to  be  able  to  do  some   harm  to  the  mainframe,  and  no  one  does  it.”   –  Given  the  opportunity  any  employee  may  take  advantage  (and  they  have!)   •  “Hackers  are  not  interested  in  the  mainframe!”   –  Oh  boy,  you  are  coming  for  a  surprise!!  
  20. 20. “There  are  regular  ac>ons  that  an  aAacker  takes   because  they  are  aAackers.  They  don’t  know  your   network  the  way  you  do.  They  don’t  know  which   accounts  have  greater  access.  They  don’t  know  which   file  servers  contain  more  data.  They  have  to  discover   it  all.”   ScoP  Kennedy,  Cloudshield  blog  
  21. 21. A  Typical  Company   Mainframe   “Shared”  Servers   Servers   Service  Providers   Customers   Company  Servers   Unaccounted     Servers   Decommissioned   Servers  
  22. 22. “Shared”  Servers  –  Candy  Shops   •  Technical  documenta<on   •  Processes  &  Procedures   •  Instruc<ons   •  Training  material   •  Contacts   •  Departments/teams  structure   •  Confiden<al  documenta<on   •  Team  backups   •  Personal  backups…  
  23. 23. Personal  Backups…   •  Technical  notes     •  Technical  documents   •  Confiden<al  informa<on   •  Personal  informa<on   •  Contacts   •  Passwords   •  Email  account  backups   •  Pics  of  girls  in  bikini!!  
  24. 24.   “The  hacker  is  going  to  look  for   the  crack  in  the  wall…”     Kevin  Mitnick  in  “The  Art  of  Intrusion”  
  25. 25. What  to  Do?  
  26. 26. How  to  Prevent?   •  Security  must  be  seen  as  a  whole   •  Company  needs  to  work  as  One   •  Review  en<re  technological  estate   •  Review  processes  /  procedures   •  Educate  employees  and  externals   •  Get  external  expert  help  and  support   •  Keep  updated  and  up-­‐to-­‐date   •  Repeat  all  these  steps  on  a  regular  basis   •  OR  You  can  get  Chuck  and  his  seal  of  approval  
  27. 27. For  those  of  you  who  are  going  senile…  
  28. 28. Contact  Chuck  via  Gmail  
  29. 29. World  Wide     Real-­‐Time  Cyber  APacks    
  30. 30. *  NORSE  IPViking  (hAp://   Cyber  APacks  –  Norse  IPViking  
  31. 31. Cyber  APacks  –  Blitzortung   *  Blitzortung  (hAp://  
  32. 32. References  &  Resources  
  33. 33. References  &  Resources   •  “2015  Cost  of  Cyber  Crime  Study:  Global”,  Ponemon  Ins<tute   •  “The  Art  of  Intrusion”,  Kevin  Mitnick  -­‐  John  Wiley  &  Sons  (2005)   •  “Future  Crimes”,  Marc  Goodman  -­‐  Bantam  Press  (2015)   •  “How  to  Think  Like  a  Cyber  APacker”,  ScoP  Kennedy  –  Cloudshield  blog   •  Ponemon  Ins<tute:   •  Informa<on  is  Beau<ful:  www.informa<onisbeau<   •  NORSE  –  IPViking:   •  Blitzortung:   •  Jamie  Zawinski:   •  Kevin  Mitnick:  
  34. 34. Ques<ons?     Ask  now  or  forever  be  quiet!!  
  35. 35. Rui  Miguel  Feio,  RSM  Partners   mobile:  +44  (0)  7570  911459   linkedin:   Contact  
  36. 36. Session feedback – Do it online at Session feedback •  Please submit your feedback at •  Session is <FC> This is the last slide in the deck 36