streamlined architecture with fewer vulnerabilities, mainframes are virtually impervious to hackers. There
            is the misconception that they exist in isolation within the enterprise IT framework, disconnected from the
            external world where genuine threats lurk. And then there’s the age factor. People newer to the profession
            have  relatively  little  experience  with  mainframe  systems  when  compared  to  their  more  experienced
            counterparts and will tend to not question their viewpoints or approaches of their leaders or senior team
            members.

            This  state  of affairs  can’t  continue.  In the  contemporary  landscape,  modern  mainframes  are routinely
            accessed  by  employees  and  are  intricately  linked  to  applications  that  encompass  a  wide  array  of
            functions, ranging from processing e-commerce transactions to facilitating personal banking services.

            The implications  of a breach can’t  be overstated.  Given  the substantial  financial  toll of a data  breach,
            estimated to be USD $9.48 million on average, it’s imperative to swiftly detect any potential threat to the
            mainframe.

            To counter this threat to mainframes,  security teams  must look at two key areas: encryption  and early
            warning.




            Encryption is now a weapon, and must be treated accordingly

            Encryption is a double-edged sword in today’s IT environment. On one hand it serves as a crucial defense
            mechanism against cyberattacks  targeting sensitive data. On the other, encryption can be manipulated
            by unscrupulous  individuals,  disgruntled  employees,  or  even rogue  state  actors.  It has  emerged  as a
            favored  attack  vector  among  hackers  due  to  its  remarkable  speed  on  modern  mainframes  and  its
            susceptibility to reversal. Consequently, malicious actors often follow a straightforward modus operandi:
            infiltrate a system, initiate malicious  encryption, and then attempt to sell the decryption  key back to the
            victim.

            It is paramount  to proactively  halt encryption before  it causes substantial  harm. The primary challenge
            lies in establishing  a reliable method  for detecting  encryption in progress, while preventing  the support
            staff from being overwhelmed  with an avalanche of alerts. This is especially important in large business
            and government settings, where the routine exchange of encrypted files is common. A glut of alerts can
            lead to a desensitized response, ultimately leaving the system no more secure than it was.

            To  address  this,  an  immediate  response,  ideally  within  seconds,  is  imperative.  Unfortunately,  relying
            solely  on  human  intervention  falls  short  of  achieving  the  required  speed.  The  solution  lies  in  the
            deployment  of  a specialized  tool  capable  of  swiftly  detecting  the  initiation  of  encryption  and promptly
            initiating corrective measures.



            Achieving near real-time encryption monitoring

            IBM Security's  2023 Cost of a Data Breach Report highlights  a troubling  reality: it takes an average of
            204 days to detect a breach, followed by an additional 73 days to recover. During this prolonged period,






            Cyber Defense eMagazine – January 2024 Edition                                                                                                                                                                                                          113
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.