Deficiencies and gaps in security inevitably leads to data breaches, compliance fines, and data loss. But despite the risks, a recent Forrester study found that only 45% of security decision-makers identify mainframe security as an organizational priority.

The good news? In 2022, leaders are increasingly viewing the mainframe as a strategic asset and investing in security improvements. With critical data like ATM, mobile banking, retailer credit card, and healthcare transactions processed on mainframes, security leaders are finally recognizing the urgency of enhanced mainframe security and incorporating it into their business strategies.

Ransomware attacks target the mainframe

Following a year of high-profile ransomware attacks on critical infrastructure and software, cyber criminals are ramping up their efforts to target sensitive user data in 2022. Ransomware hackers will start layering in other types of threats, combining various tactics to breach the organization’s perimeter before ultimately setting their sights on the platform that holds the most sensitive data: the mainframe.

Mainframes process 30 billion transactions a day, accounting for 92 of the world’s top 100 banks, 23 of the top 25 airlines, and the world’s top 10 insurers. With so much critical data stored on these systems, it’s a mistake to make assumptions and decisions based on the false belief about the inherent security of mainframe technology. Mainframe security is only as good as the effort and resources organizations invest in it.

Vulnerability scanning and pen testing will become standard processes in a larger modern mainframe security strategy

The mainframe continues to host critical core IT for 71% of Fortune 500 companies due its ability to handle volumes of data and provide microsecond delivery times.

If we learned anything in 2021, it’s that even the most powerful organizations can (and will) fall victim to increasingly sophisticated hacks. But the need for speed and innovation has led many software vendors to sacrifice QA best practices as they strive to compete. Penetration testing can reveal some — but not all — of the gaps in these products.

The gaps that are not identified in pen testing can be discovered through vulnerability scanning. Any integrity vulnerabilities inadvertently opened in active OS-level code by vendors can be addressed before hackers use them to access the mainframe. We can expect hackers to go the extra mile in 2022, so your mainframe security strategy should include both pen testing and vulnerability scanning.

No system is immune to the relentless software hacks we saw in 2021. As hackers expand their efforts to target mainframes, it’s vital to make mainframe security a top priority and prioritize initiatives to counter the risk of ransomware.  And in 2022, that means placing vulnerability scanning and pen testing at the center of a layered cybersecurity defense strategy designed to keep the bad guys at bay.