Resources Inc., the leader in mainframe vulnerability scanning
solutions and consultancy, today announced the findings of its survey
into mainframe security complacency among enterprises. “Don’t Let
Mainframe Security Complacency Leave Your Critical Customer Data At
Risk” reveals that while 85 percent of companies say mainframe security
is a top priority, just 33 percent always or often make mainframe
decisions based on security. The commissioned study, conducted by
Forrester Consulting on behalf of KRI, surveyed 225 IT management and
security decision makers at North American companies with $500 million
or more in annual revenue.
“Despite widespread awareness concerning the stakes, enterprises simply
aren’t devoting enough attention and resources to mainframe security,”
said Ray Overby, president and co-founder of Key Resources Inc. “All it
takes is one mainframe data breach to bring an organization to its
knees. But, many organizations lack the tools, personnel, and in some
cases, knowledge, they need to protect their mainframes and all the
mission-critical data they hold.”
Complacency in the Face of Massive Business Risk
organizations are actively working to secure their cloud infrastructure,
but are they taking the appropriate steps to ensure the security of
cloud-facing mainframes? Companies know that mainframe security is
important, but they’re not taking actions that reflect their priorities.
Even though 95 percent of respondents say they’re concerned about the
potential of customer data breaches on the mainframe, 67 percent admit
that only sometimes or rarely are they factoring security into mainframe
decisions. This complacency puts their most critical IT systems at
Addressing the problem means prioritizing scanning mainframe operating
systems for zero-day vulnerabilities, which are a significant attack
vector in data breaches. Yet, vulnerability scanning ranked last when
respondents were asked to prioritize which factors are most important
when managing mainframe security.
Misconceptions About How to Secure the Mainframe
top mainframe priorities are data breach prevention, compliance, risk
management, IT cost reduction/optimization and application availability.
But despite this desire for data breach prevention, scanning for OS
vulnerabilities is consistently ranked as a low priority. There’s a
fundamental misunderstanding among IT managers and security
professionals about what it takes to secure the mainframe. Scanning for
OS vulnerabilities is one of the most effective ways to prevent a breach.
IT managers do know, however, that they need help with their mainframe
security. And while they find it easy to find the right mainframe
security tools (65 percent), they overwhelmingly struggle to find the
right personnel. The majority of respondents are either bringing in
third-party mainframe security technology (96 percent) or outside
resources to review security and compliance (95 percent). And, nearly
three-quarters expect to experience a reduced risk of data breaches as a
result of using mainframe security tools.
Protection Against Zero-Day Attacks
Eighty-six percent of IT management and security decision makers say
that protecting systems from zero-day attacks is their biggest
mainframe security challenge.
Additionally, 66 percent struggle to quickly identify vulnerabilities,
while 63 percent struggle to ensure the integrity of vendor software.
They expect that using automated mainframe security tools will help them
reduce the risk of breaches (73 percent) and decrease vulnerabilities
(63 percent). Yet, the study shows that they view tasks like application
scanning, penetration testing and gathering resources to secure the
environment as critical or high priorities, while scanning for OS-level
vulnerabilities ranks as the lowest priority.
“Many organizations lack the awareness needed to secure their operating
system, which is what hackers exploit to gain access to critical
corporate data through escalation of security authorities,” said Overby.
“One of the most important things they can do is set up a process to
scan for zero-day vulnerabilities.”
The full “Don’t Let Mainframe Security Complacency Leave Your Critical
Customer Data At Risk” report is available for download here.
About Key Resources Inc.
Key Resources Inc. is the leading
expert on mainframe security vulnerabilities, empowering some of the
world’s largest corporations in finance, insurance, healthcare and
beyond to keep their most important IT systems secure. Since 1988, Key
Resources Inc. has provided software, services and consulting to
enterprises running critical apps on IBM® z/OS. We help CIOs, CISOs and
programmers take control of mainframe security so they can protect their
data, avoid costly breaches and maintain regulatory compliance. To learn
more, visit www.krisecurity.com.