Fight IBM i Cybersecurity Threats

Cybersecurity threats are on the increase. Ransomware attacks are more common than ever; a new attack is detected every 11 seconds. Malware tools are easy to obtain, priced at around $50 on the dark web.

The cost of cybersecurity attacks is staggering. Studies show that just over a quarter of victims ultimately choose to make ransom payments to unlock their data. In 2020, the average payoff for large companies was conservatively estimated to amount to $180,000. For small businesses, it was around $6,000.

Some estimates are considerably higher. The report entitled “Combating Ransomware: A Comprehensive Framework for Action,” reported that the average payment in 2020 increased to $312,493, a 171% increase when compared to 2019 figures.

The hackers have a clear understanding of the value of corporate data and of each organization’s ability to pay. Consequently, the price tag can come in significantly higher for sizable organizations. The Colonial Pipeline hack in May of 2021, for example, cost that company $4.4 million.

The Growing Threat

Bad actors know all too well that most IT systems remain vulnerable. Until that changes, ransomware attacks will inevitably continue on an upward trajectory.

The COVID pandemic contributed to the problem, as vast numbers of employees transitioned to remote work, blurring the boundaries between internal IT systems and employees’ home-office computers and local networks. Hackers took advantage of the hunger for more information about COVID, creating rogue websites that pretended to report on pandemic issues. Email phishing scams preyed upon people’s inherent curiosity about the coronavirus and its effects.

These strategies proved to be an effective means of capturing login data for critical business systems, giving hackers exactly what they needed to compromise corporate IT networks. Despite warnings not to use duplicate login/password combinations in multiple systems, many users continue to do so. That creates an even bigger problem because it allows hackers to launch “credential stuffing” bots to automatically seek out new points of attack.

Cyber attackers also make use of specialized tools designed to steal a user’s logins and passwords whenever a web browser processes that information.

If a particular user’s stolen credentials allow for elevated privileges or administrative access, the criminals have everything they need to launch a ransomware attack. After gaining access with stolen credentials, bad actors need only to install malware before springing their trap.

Understanding Your Risks

A sound approach to cybersecurity begins with a thorough risk assessment. Every organization should have a formal security policy that takes into account factors such as remote work, access control, and regulatory requirements for privacy and security.

Your organization should be performing these assessments on a regular basis. Security is not a one-and-done proposition; it requires constant evaluation in the context of a changing threat environment and your organization’s evolving IT landscape.

Enterprises should routinely perform penetration tests. IT personnel should be checking audit logs on a regular basis. Security health checks should be a periodic exercise as well.

Reduce Your Risks with Access Control

IBM i systems often house an organization’s most mission-critical data. As such, it has become an increasingly popular target for hackers seeking lucrative ransomware opportunities.

The IBM i platform has an outstanding reputation as a highly secure system. That’s good, of course, but it tends to offer some people a false sense of safety. IBM i is securable, but it’s not secure by default.

Automated security tools provide a much-needed layer of protection to backstop the efforts of in-house security personnel. With the right IBM i security tools, IT administrators can rest easy knowing that best practices are in place to protect mission-critical systems by default.

There are three distinct factors that you must address to reduce the risk that unauthorized parties will be able gain access to your IBM i system:

1. System access
2. Authentication
3. Elevated authorities

1. System Access

Prior to 1990, IBM i systems were largely isolated, but today we live in an increasingly connected world where employees, contractors, business partners, and others must access some elements of the company’s internal systems. Programmatic access is also common, as a host of applications and services routinely interface with data and applications on the IBM i platform. Legacy protocols now co-exist with newer open-source protocols, creating a cumbersome mix of technologies.

Administrators must attend to four categories of access:

1. Network access
2. Communication port access
3. Database access
4. Command access.

To cover all the bases, look for an access control solution that provides comprehensive control of both internal and external access. Also look for a solution that is easy to manage, with standard configuration and simple deployment processes, rules-based access control, and simulation mode for rules testing.

2. Authentication

IT administrators also have powerful tools available for user authentication. Historically, the answer was to add more complexity to passwords, and/or to require frequent changes. Those measures often prompt users to write down their passwords, or they lead to frequent instances of forgotten passwords.

Multifactor authentication (MFA) has emerged as a best practice and has become a regulatory or industry requirement for many organizations. PCI-DSS 3.2 or greater, 23 NYCRR 500, and GLBA, for example, all require that organizations implement an MFA solution.

Selective use of MFA solves the problem of weak passwords or complex passwords, adding a strong measure of security to your IBM i system. Look for a solution that offers a range of different authentication mechanisms such as:

• SMS text message
• Email response
• Biometric device
• Token
• Phone call

Look for an MFA solution that integrates seamlessly with the IBM i sign-on screen and other IBM i applications and processes.

3. Elevated Authorities

System administrators must address the problem of elevated authorities. It will always be necessary to grant elevated authority to certain individuals. Nevertheless, we see far too many IBM i systems in which users have privileges that are simply not required. Having too many powerful users leaves your system vulnerable, and it’s likely to garner the attention of security auditors.

Administrators should only grant elevated authorities when necessary and should revoke those privileges immediately when they no longer serve a valid purpose. Even administrators should be subject to routine monitoring to ensure their behavior aligns with the organization’s security policies and standards.

A good elevated authority solution for IBM i should limit the number of powerful users automatically. It should also help manage requests for additional privileges and produce alerts, reports, and a comprehensive audit trail.

To learn more about building a comprehensive cybersecurity strategy for your IBM i systems, read our free e-book, Passing Your Next Audit: Challenges of Properly Securing Your IBM i and Maintaining Compliance.