Table of Contents
Earlier this year, the modern mainframe celebrated its 60th anniversary, underscoring its ongoing significance. According to this 2024 Forrester report, 61% of global infrastructure hardware decision-makers confirm their firms still rely on mainframes, with more than half planning to expand their use in the next two years. As digital transformation accelerates across industries, the mainframe remains a critical backbone of operations; however, its security is often overlooked.
Cybersecurity strategies for mainframes should be top of mind for organizations especially considering mainframes are essential to the operations of leading enterprises: 45 of the world’s top-grossing banks, 67 of the Fortune 100 companies, and 8 out of 10 major telecommunications and insurance providers depend on these systems. Given their role in maintaining key functions, from keeping planes in the air to trains moving to facilitating seamless financial transactions, a strategy which aligns a mainframe vulnerability management process to the organization’s requirements and critical success factors, as well as risk metrics are vital for protecting organizational assets and maintaining trust in organization’s data security.
Understanding Current Threats
The cyber threat landscape is becoming increasingly dangerous as malicious actors gain access to an ever-expanding arsenal of tools and techniques. These attackers are also becoming more aggressive; in 2023 alone, over 3,200 data breaches in the U.S. impacted more than 350 million individuals. While familiar attack methods (like ransomware and DDoS attacks) remain prevalent, advances in technology have opened the door to even more harmful activities. According to the World Economic Forum’s Global Cybersecurity Outlook 2024 report, Generative AI chatbots, for example, now allow cybercriminals to craft highly convincing phishing emails and custom malware with alarming ease. Despite built-in safeguards in commercial AI chatbots, some cybercriminals have turned to models like FraudGPT and WormGPT, which enable subscription-based services for executing complex attacks with minimal technical expertise.
The same leading-edge technologies used by bad actors, however, also offer new opportunities for defense. Applying advanced tools to strengthen foundational security measures can help address the long-standing challenges of reliability and availability many organizations face. Emerging technologies, when combined with an exposure management strategy, can fortify an organization’s defenses against sophisticated threats – we’ll cover this further down.
As technological advancements empower cybercriminals, they also underscore the need for companies to implement robust, layered cybersecurity strategies that encompass mainframe security. By integrating encryption, AI, and continuous monitoring into a comprehensive security framework, organizations can significantly improve their resilience against complex and evolving cyber threats.
Common Misconceptions About Mainframe Security
However, misperceptions around mainframe security can leave these critical systems exposed. One myth is that mainframes are inherently secure due to limited access and the architecture. While they do provide a solid security foundation, this belief can be detrimental. Mainframes are attractive targets for hackers, as they have IP addresses and are vulnerable to classic cyber threats, with attackers continuously adapting to exploit even minor oversights in security.
Another misconception is that mainframe security operates independently from broader IT security initiatives. However, mainframes must be integrated into an organization’s overall cybersecurity strategy. The complexity of IT infrastructures can create security gaps, leading to delayed breach detection where organizations might remain unaware of attacks for months.
The rising threat of identity-based phishing attacks emphasizes the need for an integrated security approach, as these attacks can yield stolen passwords that grant access to critical business data on mainframes. It’s pertinent for enterprises to recognize that mainframes can easily fall off the security radar, causing IT professionals to underestimate their risk. Ultimately, mainframes are among the most secure platforms, but only when equipped with the right tools, personnel and strategies.
Best Practices for Encryption, Threat Detection, and Employee Empowerment
Securing mainframe environments against cyber threats requires a proactive approach to encryption, early threat detection, AI, and investing in the upskilling and reskilling of cybersecurity teams. According to IBM Security’s 2024 Cost of a Data Breach Report, the global average cost of a data breach in 2024 increased by 10% over the previous year, reaching $4.88 million (the US led the charge with the highest average cost at $9.36 million), revealing the financial stakes are high–underscoring the urgency of quick and effective threat detection. Beyond just the financial impact, these breaches can also inflict significant reputational damage, and once public trust is lost, it can be incredibly challenging to regain. Prioritizing these best practices strengthens defense capabilities and enhances organizational resilience against potential breaches.
Encryption: A Double-Edged Sword
While encryption is a vital defense against cyberattacks on sensitive data, it can also be exploited by malicious actors. Hackers often leverage encryption as an attack vector, infiltrating systems, initiating malicious encryption, and demanding ransom for decryption keys. To combat these threats, organizations must establish reliable methods for early detection of unauthorized encryption activities. However, excessive alerts can overwhelm support staff and hinder effective responses to genuine threats, making the implementation of automated response systems essential.
Investing in Cybersecurity Talent
Organizations should enable their teams to acquire new cybersecurity skills by investing in comprehensive training programs, including online courses, boot camps, and workshops led by industry experts. Leaders must first assess the team’s current skill set and encourage employee participation, providing the necessary time and resources for learning. Creating safe environments for practical application, such as staging simulated cyberattacks, fosters a culture that values ongoing education. Recognizing employees who take the initiative to learn and apply new skills is also vital.
According to the 2022 (ISC)² Cybersecurity Workforce Study, found that the global cybersecurity workforce has grown to approximately 4.7 million professionals, yet there remains a staggering shortage of 3.4 million skilled workers. This gap has intensified the impact of breaches: in 2024, IBM reported that over half of breached organizations face severe security staffing shortages—a 26.2% increase from 2023—resulting in an additional average of $1.76 million in breach-related costs. This critical talent shortage presents a valuable opportunity for those interested in a cybersecurity career, offering competitive salaries, job stability, and the chance to play a key role in protecting essential infrastructure.
Leveraging AI and Automation
AI and automation are reshaping cybersecurity, streamlining threat detection and response while also enabling cybercriminals to execute attacks at unprecedented scales. According to IBM, organizations using these technologies saw a substantial reduction in average breach costs, from $5.72 million for those without AI and automation to $3.84 million for those extensively utilizing them—a savings of $1.88 million. These tools allowed organizations to identify and contain breaches nearly 100 days faster than those without them, highlighting their critical role with these threats.
To maximize these benefits, security teams need comprehensive visibility across hybrid and multi-cloud environments. Applying Data Security Posture Management (DSPM) and enforcing strong access controls can safeguard data across various platforms. However, as generative AI adoption accelerates, so do its risks. Implementing AI governance and securing training data from theft and manipulation are crucial defenses. Vigilance against AI-specific threats, such as prompt injection and data poisoning, strengthens an organization’s resilience. Moving beyond outdated practices to advanced monitoring technologies can better protect an organization’s critical infrastructure against a rapidly shifting threat landscape.
Achieving Near Real-Time Monitoring
Organizations typically take an average of 258 days to identify and contain a breach, followed by an additional 100 days or more for recovery. During this time, attackers can infiltrate systems, establish backdoors, compromise backups, and encrypt data—all while remaining undetected. For mainframe operators, the risk of these malicious activities slipping through the cracks is significant, highlighting the necessity for early detection as a core component of business and security strategy.
To identify malicious encryption, organizations can implement a whitelist of authorized encryption processes. Regular updates to this whitelist are critical; however, reliance on human intervention can lead to errors. A more efficient approach is to use real-time alerts triggered by software that detects rogue processes. This system can differentiate between legitimate and malicious activities, allowing authorized processes to continue without unnecessary alerts while immediately suspending any unauthorized ones, thereby preventing further damage and enabling support staff to investigate the threat.
Adapting to Future Challenges
As cybersecurity changes in response to new threats and regulatory demands, organizations must shift from isolated security tools to integrated, risk-managed approaches. In 2025 and beyond, adapting to these challenges will require deep, organization-wide assessments that address the specific vulnerabilities of mainframes and other critical infrastructure. This includes minimizing privileged accounts to reduce identity-based attacks, as threat actors increasingly target identity and vulnerability scanning at the operating system layer.
The integration of mainframe security into comprehensive cybersecurity strategies is essential as cyber threats grow more sophisticated. Through understanding current threats, dispelling misconceptions, and following best practices for encryption and threat detection, organizations can build stronger defenses. Taking proactive steps to secure mainframes today will better position organizations to navigate the threats of tomorrow. The time to act is now—secure mainframes, protect your organization, and stay ahead of emerging threats.
As Director of Security, Customer Solutions Engineering at Rocket Software, Cynthia leads the company’s suite of solutions, focusing on mainframe security, cyber defense, and data protection, positioning Rocket Software as a leader in the compliance and risk management space. With over 40 years of industry expertise in sectors including financial services, healthcare, IT, and cybersecurity, she brings a wealth of knowledge in security strategy, executive leadership, and business case development.
As a dedicated advocate for women in cybersecurity and diversity in tech, Cynthia also serves on the Board of Directors at SHARE, where she led the Women in IT initiative, mentoring and developing the next generation of female tech leaders. With a career built on influencing sustained change and promoting leadership development, she strives to drive impactful solutions that enhance the security landscape across industries
