cyber security and the mainframe (v1.3)
TRANSCRIPT
![Page 1: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/1.jpg)
Cyber Security and the Mainframe Rui Miguel Feio RSM Partners Date of presenta<on (03/11/2015) Session <FC>
![Page 2: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/2.jpg)
Delivering the best in z services, soJware, hardware and training. Delivering the best in z services, soJware, hardware and training.
World Class, Full Spectrum, z Services
Cyber Security and the Mainframe Rui Miguel Feio Security Lead
![Page 3: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/3.jpg)
Agenda • Introduc<on • Cyber Crime • Recent APacks • The Mainframe • What to Do • World Wide Real-‐Time Cyber APacks • References and Resources • Ques<ons?
![Page 4: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/4.jpg)
Introduc<on Rui Miguel Feio is…
– Security lead at RSM Partners
– Mainframe technician specialising in mainframe security
– Has been working with mainframes for the past 16 years
– Started as an MVS Systems Programmer
– Experience in other pla\orms as well
![Page 5: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/5.jpg)
Cyber Crime
![Page 6: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/6.jpg)
Cyber Crime – The Actors • Cyber Crime is any criminal act dealing with electronic devices and
networks. Cyber crime also includes tradi<onal crimes conducted through the Internet.
• The typical actors of cyber crime ac<vi<es: – Hackers – Organised Criminal Gangs – Hack<vists – Terrorists – Na<on-‐States – Internal Threats
![Page 7: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/7.jpg)
2015 Cost of Cyber Crime Study • Ponemon Ins<tute report sponsored by HP Enterprise published in
October 2015: – “2015 Cost of Cyber Crime Study: Global”
• Global study at a glance: – 252 companies in 7 countries:
• United States, UK, Germany, Australia, Japan, Russia and Brazil
– 2,128 interviews with company personnel – 1,928 total aPacks used to measure total cost – $7.7 million USD is the average annualised cost – 1.9% net increase over the past year
![Page 8: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/8.jpg)
Average Cost of Cyber Crime 2015
** Cost in millions of US Dollars
Although we see a cost decrease in some of the countries, this is due to exchange rate differences over the past year resul<ng from a strong USD. Adjus<ng for exchange rate differences we actually see a net increase in all countries.
![Page 9: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/9.jpg)
Average Cost by Industry 2015
* Cost in millions of US dollars
![Page 10: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/10.jpg)
Types of Cyber APacks in 2015
![Page 11: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/11.jpg)
Cyber Crime Cost by APack 2015
![Page 12: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/12.jpg)
Report Summary Highlights • Cyber crime con<nues to be on the rise for organisa<ons:
– Cost ranges $310 K -‐ $65 million with an average of $7.7 million
• The most costly cyber crimes are those caused by malicious insiders, denial of services (DoS) and web-‐based aPacks.
• Cyber aPacks can get costly if not resolved quickly – The mean number of days to resolve is 46 with an average cost of $21,155 per
day – Total cost of $973,130 over the 46 day remedia<on period
![Page 13: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/13.jpg)
Report Summary Highlights • Business disrup<on represents 39% of total external costs, followed
by the costs associated with informa<on loss.
• Deployment of security intelligence systems (SIEM) represents an average cost savings of $1.9 million
![Page 14: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/14.jpg)
Recent APacks
![Page 15: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/15.jpg)
Recent APacks
* Informa>on is Beau>ful (hAp://www.informa>onisbeau>ful.net/visualiza>ons/worlds-‐biggest-‐data-‐breaches-‐hacks/)
![Page 16: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/16.jpg)
The Mainframe
![Page 17: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/17.jpg)
“If you give an hacker a new toy, the first thing he'll do is take it apart to figure out how it works.”
Jamie Zawinski
![Page 18: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/18.jpg)
How Secure is the Mainframe? • “The mainframe is the most secured pla\orm there is!”
• “No one Hacks the mainframe!”
• “Only mainframers know how a mainframe works!”
• “You would need to work for the company to be able to do some harm to the mainframe, and no one does it.”
• “Hackers are not interested in the mainframe!”
![Page 19: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/19.jpg)
How Secure is the Mainframe? • “The mainframe is the most secured pla\orm there is!”
– It’s definitely highly securable but that requires work and focus • “No one Hacks the mainframe!”
– There are several documented cases of mainframes being hacked
• “Only mainframers know how a mainframe works!” – Mainframe documenta>on is available for free on the internet?!
• “You would need to work for the company to be able to do some harm to the mainframe, and no one does it.” – Given the opportunity any employee may take advantage (and they have!)
• “Hackers are not interested in the mainframe!” – Oh boy, you are coming for a surprise!!
![Page 20: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/20.jpg)
“There are regular ac>ons that an aAacker takes because they are aAackers. They don’t know your network the way you do. They don’t know which accounts have greater access. They don’t know which file servers contain more data. They have to discover it all.”
ScoP Kennedy, Cloudshield blog
![Page 21: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/21.jpg)
A Typical Company
Mainframe “Shared” Servers
Servers
Service Providers Customers
Company Servers
Unaccounted Servers Decommissioned
Servers
![Page 22: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/22.jpg)
“Shared” Servers – Candy Shops • Technical documenta<on • Processes & Procedures • Instruc<ons • Training material • Contacts • Departments/teams structure • Confiden<al documenta<on • Team backups • Personal backups…
![Page 23: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/23.jpg)
Personal Backups… • Technical notes • Technical documents • Confiden<al informa<on • Personal informa<on • Contacts • Passwords • Email account backups • Pics of girls in bikini!!
![Page 24: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/24.jpg)
“The hacker is going to look for the crack in the wall…”
Kevin Mitnick in “The Art of Intrusion”
![Page 25: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/25.jpg)
What to Do?
![Page 26: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/26.jpg)
How to Prevent? • Security must be seen as a whole • Company needs to work as One • Review en<re technological estate • Review processes / procedures • Educate employees and externals • Get external expert help and support • Keep updated and up-‐to-‐date • Repeat all these steps on a regular basis
• OR You can get Chuck and his seal of approval
![Page 27: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/27.jpg)
For those of you who are going senile…
![Page 28: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/28.jpg)
Contact Chuck via Gmail
![Page 29: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/29.jpg)
World Wide Real-‐Time Cyber APacks
![Page 30: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/30.jpg)
* NORSE IPViking (hAp://map.ipviking.com/)
Cyber APacks – Norse IPViking
![Page 31: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/31.jpg)
Cyber APacks – Blitzortung
* Blitzortung (hAp://www.blitzortung.org/Webpages/index.php?lang=en)
![Page 32: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/32.jpg)
References & Resources
![Page 33: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/33.jpg)
References & Resources • “2015 Cost of Cyber Crime Study: Global”, Ponemon Ins<tute • “The Art of Intrusion”, Kevin Mitnick -‐ John Wiley & Sons (2005) • “Future Crimes”, Marc Goodman -‐ Bantam Press (2015) • “How to Think Like a Cyber APacker”, ScoP Kennedy – Cloudshield blog • Ponemon Ins<tute: www.ponemon.org • Informa<on is Beau<ful: www.informa<onisbeau<ful.net • NORSE – IPViking: map.ipviking.com • Blitzortung: www.blitzortung.org/Webpages/index.php?lang=en • Jamie Zawinski: en.wikipedia.org/wiki/Jamie_Zawinski • Kevin Mitnick: en.wikipedia.org/wiki/Kevin_Mitnick
![Page 34: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/34.jpg)
Ques<ons? Ask now or forever be quiet!!
![Page 35: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/35.jpg)
Rui Miguel Feio, RSM Partners [email protected] mobile: +44 (0) 7570 911459 linkedin: www.linkedin.com/in/rfeio www.rsmpartners.com
Contact
![Page 36: Cyber security and the mainframe (v1.3)](https://reader031.vdocuments.mx/reader031/viewer/2022030301/587f04631a28abc26f8b48d9/html5/thumbnails/36.jpg)
Session feedback – Do it online at conferences.gse.org.uk/2015/feedback/nn
Session feedback
• Please submit your feedback at http://conferences.gse.org.uk/2015/feedback/FC
• Session is <FC>
This is the last slide in the deck
36