Increasing threats from ransomware and geo-political threats of cyber warfare mean these are challenging times for those responsible for IT security. Earlier this year, US President Joe Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act. In addition, the White House recommended companies execute multiple strategies to protect critical services and systems in a statement titled “Act Now to Protect Against Potential Cyberattacks." Many of these recommendations are particularly relevant to the IBM i community. There are specific recommendations in security tools, response strategies, and preventive measures all IBM i companies should be implementing.
Watch this on-demand webinar to learn about:
• Specific recommendations from the US government
• Applying these recommendations to your IBM i environment
• How Precisely can help
3. Malware and Ransomware
3
• A growing range of cyber-attack products and services
• Marketed and sold by a wide range of ‘companies’
• Steady, organized industrialization of cyber-attack tools
and services
• Ransomware as a Service sector
• Operating in the very efficient ‘Dark Web’ marketplace
• Highly developed, broadly marketed, extremely
profitable, industrial-scale
4. Architecture
of Malware
Attacks
Actively guided
and executed
Stealthy, nearly
invisible
• Not chunks of malicious code /payloads
• Not a single, standardized sequence of
actions
• Skilled human hacker gains access,
studies your systems
• Fully customized and carefully timed
and sequenced
• Nearly impossible to distinguish from
‘normal’ user or application activity
• Main activity is… inactivity
• Quietly evaluates potential targets,
learns your security patterns and gaps,
considers tactics
Immediate
monetary reward
Crypto-Currency
enabled
• Direct payment from victim, not resale of
information
• (Actually, they often do that as well,
even after ransom is paid)
• Hackers world-wide investing heavily in
malware skills development, computing
and network resources
• The “Unmarked Bills” for all 21st
century cyber-extortion
• Easily traded and /or converted to
conventional currencies
• Crypto transactions are (currently)
effectively beyond the reach of law
enforcement agencies and modern
global financial controls.
4
5. The threat to IBM i
5
IBM i has a sterling reputation for system security and
data protection
• But even IBM itself says that IBM i highly securable,
not inherently secure.
• Still requires all appropriate security options it offers
are properly implemented.
IBM i no longer a Security Island
• IBM i hardware, applications and data are
increasingly integrating with other platforms
• Web partners, service providers, cloud-based e-
commerce systems, more…
7. • Policy Improvements
• Removing Barriers to Sharing Threat Information
• Modernizing Federal Government Cybersecurity
• Enhancing Software Supply Chain Security
• Establishing a Cyber Safety Review Board
• Standardizing the Federal Government’s
Playbook for Responding to Cybersecurity
Vulnerabilities and Incidents
• Improving the Federal Government’s
Investigative and Remediation Capabilities
• National Security Systems
Executive Order
8. Act Now to Protect
Against Potential
Cyberattacks
9. • Continuing growth in ransomware attacks
• Response to unprecedented economic
sanctions
• Increasing likelihood of foreign, state-
sponsored attacks
• Every organization—large and small—
must be prepared to respond to disruptive
cyber incidents
Strengthening
Cybersecurity
11. Multi-factor Authentication
Deploy MFA on all systems
IBM i RECOMMENDATIONS
• This is the #1 defense against malware – mitigates risk of
stolen passwords
• Don’t neglect IBM i in your MFA coverage
• Multiple authentication options that align with your budget
and current authenticators
• Use an MFA solution that can protect more than just user
logon
12. Modern Security Tools
Deploy security tools
IBM i RECOMMENDATIONS
• Highly securable platform but not secure by default
• Understand IBM i security settings and customize for your
company
• Modern tools can continuously look for and mitigate threats
13. Cybersecurity Expertise
Work with cybersecurity professionals
IBM i RECOMMENDATIONS
• Make sure that your systems are patched and protected
• Testing against all known vulnerabilities
• Change passwords across your networks so that previously
stolen credentials are useless to malicious actors
14. Data Protection
Back up your data
IBM i RECOMMENDATIONS
• Extend your backup and DR plans to include security
protections
• “Air-gapped” copies of your backups beyond the reach of
malicious actors
• Test your recovery processes from these copies
15. Security Testing
Run security exercises
IBM i RECOMMENDATIONS
• Test security response plans like you run disaster recovery tests
• Critical to be able to respond quickly to minimize the impact of
any attack
• Coordinate the security testing with you DR testing
• Outside contractors can be very valuable
16. Data Encryption
Encrypt your data
IBM i RECOMMENDATIONS
• IBM i systems contain high value data including personally
identifiable information (PII)
• Encryption keeps bad actors from reading and using your data
• Encryption is key to many compliance requirements
• Consider both data at rest and data in motion when using
encryption
17. Employee Education
Educate your employees
IBM i RECOMMENDATIONS
• Include education on common tactics that attackers will use
over email or through websites
• Develop employee education that specifically covers IBM i
access.
• Encourage employees to report if their computers or phones
have shown unusual behavior
18. Establish Relationships
Initiate connections with
government agencies
IBM i RECOMMENDATIONS
• Please encourage your IT and Security leadership to be
proactive in establishing relationships
• Engage with your local FBI field office or CISA Regional Office
before you need them
• Visit the websites of CISA and the FBI to find technical
information and other useful resources
The Biden-Harris Administration has warned repeatedly about the potential for Russia to engage in malicious cyber activity against the United States in response to the unprecedented economic sanctions we have imposed. There is now evolving intelligence that Russia may be exploring options for potential cyberattacks.
The Administration has prioritized strengthening cybersecurity defenses to prepare our Nation for threats since day one. President Biden’s Executive Order is modernizing the Federal Government defenses and improving the security of widely-used technology. The President has launched public-private action plans to shore up the cybersecurity of the electricity, pipeline, and water sectors and has directed Departments and Agencies to use all existing government authorities to mandate new cybersecurity and network defense measures. Internationally, the Administration brought together more than 30 allies and partners to cooperate to detect and disrupt ransomware threats, rallied G7 countries to hold accountable nations who harbor ransomware criminals, and taken steps with partners and allies to publicly attribute malicious activity.
We accelerated our work in November of last year as Russian President Vladimir Putin escalated his aggression ahead of his further invasion of Ukraine with extensive briefings and advisories to U.S. businesses regarding potential threats and cybersecurity protections. The U.S. Government will continue our efforts to provide resources and tools to the private sector, including via CISA’s Shields-Up campaign and we will do everything in our power to defend the Nation and respond to cyberattacks. But the reality is that much of the Nation’s critical infrastructure is owned and operated by the private sector and the private sector must act to protect the critical services on which all Americans rely.