By Andrew Grzywacz
When you hear the word “hacker,” what’s the first thing that comes to mind? Odds are it’s a young, 20-something-year-old, alone in a basement, black hoodie drawn over his head, staring intently at a bright computer screen. And, in the old days, you wouldn’t be far off the mark. Hackers used to be basement dwellers, furiously typing away to either cause trouble for the sake of trouble or because they were just curious about what exactly hacking was and could do.
That caricature couldn’t be further from the truth today, though. Hackers aren’t just 20-year-old troublemakers anymore; they’re well-organized professionals who routinely and successfully breach some of the world’s most prolific governments and corporations, yielding big profits and enormous caches of stolen personal data.
It may come as a surprise that many of these hackers are employed by, or are members of, organized crime syndicates. These can range from newer, online-exclusive crime rings like the Russian Business Network and the Carbanak Group, to more “traditional” syndicates like the Cosa Nostra, Yakuza and Mexican drug cartels. We don’t often associate those latter groups with hacking and data breaches, but think about it: Criminals and gangsters, even the old-school ones we’re familiar with from movies like “Goodfellas” and “Scarface,” are always chasing money. For much of our history, that meant flesh-and-blood crooks robbing banks or pulling off heists to steal the largest sums of money from the most powerful or profitable people around.
But now, those people and institutions are on the internet. Over the last 20 years, the biggest names in the world – from national governments to Fortune 500 companies and billion-dollar entrepreneurs – have shifted their resources and funds into online, always-connected platforms like the cloud and the Internet of Things. This online migration allows for greater efficiency, productivity and convenience, whether it’s sending emails, checking your bank statements and stock portfolios, paying your bills or buying something off Amazon. The big money is all online now; the internet itself is an enormous, globe-spanning concentration of wealth hidden behind varying degrees of secure and unsecure layers of protection. Over the next five years, the IoT alone will account for over 50 billion connected devices, representing more than $6 trillion. Personal data, corporate data, trade secrets, military and government intelligence are all classified, confidential records with an enormous dollar-sign value, ripe for the taking and illegal resale.
So of course organized crime syndicates are now gravitating to employ hackers or become hackers themselves to further their own lucrative ends. And they’re clearly doing quite well for themselves, instigating countless data breaches per year, stealing millions of personal records worth billions of dollars in underground markets like the Dark Web.
If it feels like the bad guys seem to be several steps ahead of the good guys here…well, they are. Cybersecurity is a game of constantly playing catch-up, patching vulnerabilities and raising new defenses to protect weaknesses that have been successfully exploited by these criminals before. But, that shouldn’t be taken as a license to just give up, either!
The mainframe is a perfect example of this conundrum. On paper, the mainframe offers one of the most securable environments on the planet for sensitive data; the key word there being “securable,” not “secured.” Mainframe professionals need to work at ensuring their systems are always being brought up-to-date in their levels of security.
IBM has been doing its part in keeping the mainframe in sync with new technologies, like enterprise cloud computing and enterprise mobility. But it’s on the IT teams that oversee their company’s mainframe to ensure that security settings are constantly under review, and that they’re leveraging the resources necessary – such as proper mainframe training sessions – for keeping the system as secure as possible against this growing wave of professional, organized cybercrime rings.