We Know Security Is A Concern, But What Is Actually Going On?

March 6, 2023

Timothy Prickett Morgan

It is an uncomfortable truth that security is a very high concern among IBM i shops – and consistently has polled as the most important concern for the past several years – but that concern does not always translate into dedicating more resources to security tools or the expertise of others with managed services who can help.

It is one thing to know that security is top of mind, but it is another thing entirely to have a sense of the relative prevalence of different kinds of attacks and the actions of hackers in the wake of a successful attack.

To help sort it out, and give its customers some insight on what is going on and what they need to defend against, Big Blue has just released its Security X-Force Threat Intelligence Index 2023 report, which you can download here and which we strongly suggest you – or whoever is responsible for securing you IBM i and other platforms in your IT shop – do.

First, let’s take a look at where the attacks are happening:

This is very interesting. In 2022, data from which is used to come up with the 2023 threat intelligence index, manufacturing companies accounted for 24.8 percent of attacks, but interestingly only represented 10.7 percent of the gross domestic product in the United States from 2021. (We don’t have final GDP figures for 2022 as yet.) Manufacturers tend to have a lot of older systems running their facilities and their back offices, and this may be a measure of opportunity.

This stands to reason some. You have to figure that the IT security at financial services companies – those engaging in banking, insurance, and real estate – that comprised 21 percent of US GDP in 2022 would have a lower share of attacks given the stauncher security requirements at such companies. But financial firms accounted for 21 percent of GDP in 2021 and 18.9 percent of attacks in 2022, figures that are within spitting distance of each other. You would have figured that many attackers would be leery of attacking financial services firms, but clearly, it works based on the data compiled by IBM’s Security X-Force division. The share of attacks (14.6) and the relative size of professional services in terms of GDP (13 percent) are close. The share of retail and wholesale GDP (6 percent) is smaller than the attacks in these industries (8.7 percent), which tells us there is something about these industries that seems to make them easier to target but not the most frequently targeted industries.

The ransomware epidemic is rising because the attacks are successful, although IBM pointed out that 67 percent of the backdoor cases were failed ransomware attacks and the companies were able to find it and shut it down before the extortion or damage from the attackers was done.

People have been worried about having their data stolen and their systems compromised for decades in the IBM i market, but it seems far more likely these days that attackers will try to extort money. And companies that have insurance against hackers and malware have to be careful to be able to demonstrate that they are doing their due diligence and either having or renting the expertise to keep their systems locked down against threats.

Theft of data is a close second to extortion, as you can see, and hackers are also interested in harvesting credentials of employees and partners and in getting their hands on data or soiled the reputation of the companies they hack.

We have said this before and we will say it again. We think that at most IBM i shops, the applications and extending them with new functionality and supporting them (sometimes at scale) is the key responsibility of the IBM i part of the IT organization. This is the core competency of the organization, and it probably has been that way for decades. But locking down systems against threats is not a core competency for most companies, and it is not only the easiest thing to offload to a managed services provider but it is also the one that should be offloaded first. The best insurance policy is not one underwritten by a big insurance company, but in acquiring the expertise to lock down the IBM i systems and its applications and databases. Security should be the first thing – and maybe the only thing – that IBM i shops should offload to a well-respected, knowledgeable third party.

RELATED STORIES

Security Still Top Concern, IBM i Marketplace Study Says

Trinity Guard Brings Security Suite Up to Speed with IBM i 7.5

Kisco Makes Moves In the IBM i Security Business

Two Weeks Of Webinars On IBM i Security

Thoroughly Modern: Good Security Is Just As Important As Good Code

COMMON Launches IBM i Security Conference

Top Five Failures In State of IBM i Security For 2022

How Fresche Fills Security Gap with Trinity Guard

Fresche Takes On IBM i Security With Trinity Guard Acquisition

Ransomware Epidemic Hits Epic Proportions, And IBM i Shops Take Notice

Four Hundred Monitor, March 6

March 6, 2023

Jenny Thomas

The topic of artificial intelligence has really heated up in recent weeks. ChatGPT took over the news cycle recently, and not just because it has teachers pulling their hair out as they try to contend with how to prevent students from plagiarizing essays. We’re seeing AI make headlines in our industry this week, which isn’t as surprising, but we must admit the story of a giant 3-D printer building a neighborhood in Texas did catch our attention. (You can find that one in the Top Stories below.) And another reminder to check out all that is available to you on our Calendar. There are so many great new learning and networking opportunities available to you!

Top Stories From Around The Jungle

(Fortune) Arvind Krishna, chairman and CEO of IBM, says it might be a good thing that AI robots are coming for your jobs.

(IBM Newsroom) Despite improved detection, ransomware continues to proliferate.

(ARN) IBM is named among the leaders in the platform-as-a-service (PaaS) market.

(Bloomberg) A 3-D printed neighborhood in Texas promises to deliver energy-efficient homes that can be built faster and more affordably.

(Nextgov) We talk a lot about the world of quantum computing, but this article looks at who can be part of the future quantum workforce.

Redbooks, White Papers, Blogs, Podcasts, and Other Resources

(Manta Technologies) The Manta Spring Sale is on! Save 20 percent off any Manta Combination Package, including the complete IBM i Training Library. Now through April 30.

(Connectria) This blog looks at different ways to optimize cloud spend and reduce costs without sacrificing reliability and performance.

(COMMON) The POWERUp 2023 advance program includes a sample session guide, event teasers, and information about the COMMON Education Foundation. POWERUp 2023 will be held at Sheraton Denver Downtown from April 24 – 27.

(Micro Focus) This blog ponders why it’s time to make the move and modernize.

(System i Developer) Join Paul Tuohy, Susan Gantner, and Jon Paris for a free Summit Lunch & Learn Series focused on the latest IBM i development techniques and tools. Each Lunch and Learn day includes bite-sized technical tips from Susan, Jon, or Paul; a demo of an IBM i development tool; and a live Q&A. Check out the topics and register free for select sessions or the whole series. The series begins March 14 and runs through March 30.

Chats, Webinars, Seminars, Shows, and Other Happenings

March 8 – Webinar – Join Rocket Software for a Women Leaders In Technology (WLIT) coffee talk for International Women’s Day. The team from reacHIRE will be discussing how they support women in building their leadership skills, relationships, and community so that their careers and lives thrive, which also enables organizations to build a strong and diverse leadership pipeline.

March 10 – Online Meeting – Learn to “look at your data with a different view point” with Simon Hutchinson (RPGPGM.COM) at the March meeting of the AEANZK AIX/IBM i/Linux on Power, Singapore. This is a free event open to non-members.

March 14-16 – Delavan, Wisconsin – The Wisconsin Midrange Computer Professional Association (WMCPA) will be having its annual Spring technical conference in-person at Lake Lawn Resort in 2023.

March 14 – Webinar – IBM i Services for RPGers with Susan Gantner AND Build a Phenomenal Web App on IBM i in Under 10 Minutes – No Coding Required! with Rob Swanson are featured in this Summit Lunch & Learn starting at 1 p.m. Eastern.

March 15 – Webinar – The Latest in RPG with Jon Paris AND XREF: Index and Search All Sources Everywhere (even outside the IBM i!) with Wim Jongman and Kirk Francis are featured in this Summit Lunch & Learn starting at 1 p.m. Eastern.

March 16 – Webinar – Indexing Basics with Paul Tuohy AND High Performance, Resilient APIs for Your IBM i Using Kafka with Dan Magid are featured in this Summit Lunch & Learn starting at 1 p.m. Eastern.

March 21 – Webinar – Processing JSON with SQL with Paul Tuohy AND Simplifying IBM i Application Management with X-Analysis with Ray Everhart are featured in this Summit Lunch & Learn starting at 1 p.m. Eastern.

March 21 – Online Meeting – Two presentations by Patrick Behr “Why Procedures Are Better Than Subroutines” and “What the Heck is Binder Source and Why Do I Care?” at the March meeting of the Central Texas IBM i User Group (CTXiUG). This is a free event open to non-members.

March 22 – Webinar – DDS to DDL with Paul Tuohy AND What’s New in Open Source on IBM i in 2023 with Alan Seiden are featured in this Summit Lunch & Learn starting at 1 p.m. Eastern.

March 23 – Webinar – Hidden Gems in RDi with Susan Gantner AND Professional Low-code and Embedded Analytics for IBM i Developers with Eugene King and Andrew Vaiciunas are featured in this Summit Lunch & Learn starting at 1 p.m. Eastern.

March 28 – Webinar – RPG Arrays for Today: Part 1 with Jon Paris AND Four Technologies That You Will Need in the Future with Scott Klement and Donna Westmoreland are featured in this Summit Lunch & Learn starting at 1 p.m. Eastern.

March 29 – Webinar – RPG Arrays for Today: Part 2 with Jon Paris AND Modernizing IBM i? Let’s Take Another Look at Data Access with Bill Langston are featured in this Summit Lunch & Learn starting at 1 p.m. Eastern.

March 30 – Webinar – VS Code for RPGers with Susan Gantner AND VS Code and IBM i – Git Makes it Work with Andrew Clark and Jeff Tickner are featured in this Summit Lunch & Learn starting at 1 p.m. Eastern.

April 12-13 – Online Event – Join more than 1,000 IBM i professionals from around the world at iAdmin. This two-day virtual conference will bring some of the most experienced individuals in the IBM i community straight to your computer screen to share what they know best.

April 24-27 – Denver, Colorado – COMMON’s POWERUp 2023 will feature 300 sessions covering over 20 areas of IT, a giant Expo where attendees can meet experts behind the solutions, and social events to meet renowned speakers and peers.