Years ago when cybercrime expert Patrick Gray tracked down a hacker, he was just as likely to find a high school kid breaking into networks for kicks than someone with more insidious plans.
Not so anymore, said Gray, who spent 20 years investigating computer crime in the FBI.
"No one is doing this for fun today," he said. "They are doing it at your expense."
Over the past year, high-profile data breaches such as Target, Home Depot and J.P. Morgan Chase have put cyber security front and center in the news. Though the mainframe is one of the safest platforms out there, enterprise IT professionals have nonetheless heightened their vigilance as attacks grow ever more sophisticated.
A panel of mainframe security experts shared their insights on the state of mainframe security, as well as their tips for keeping your organization safe, at the panel "Real-Life Cybercrime from the Trenches" at SHARE in Pittsburgh.
Organizations have many solid IT tools at their disposal for preventing criminals from getting into the network, as long as they're used properly. Robert Andrews, co-founder and chief technology officer of Mainstream Security, sees future threats working from the inside out, exploiting companies' most valuable and most unpredictable resource: people.
"A person decides he found a thumb drive, plugs it in and the whole network gets compromised," he said. "That's where the threats are: People who are using facilities and infrastructure get caught in all kinds of traps."
People also cause problems when they see an issue and fail to do anything about it. Surprisingly, organizations sometimes identify unusual activity only to sit on it for days or even weeks before acting. By that point, hackers have gotten what they wanted and moved on. Malware detection software alerted Target, for example, that there was a problem long before it was exposed publicly, Andrews said. No action was taken.
"If you see something, say something," said Chris Jordan, head of the Pittsburgh Police Department's computer crime unit. "That term needs to be ingrained in your mission statement -- even if you detect a false positive."
Gray said the most important thing companies can do in the wake of a cyber crime is call the police -- immediately. Their instinct might be to fix the issue, but that well-intentioned fix could end up making the investigation more difficult for law enforcement.
The best thing organizations can do is prepare a plan so that they know what they'll do, day one, in the event of a breach, said Phil Smith, senior product manager and architect in Voltage Security's mainframe division.
Talk to law enforcement before there's a problem so you know the rules for dealing with a breach and your organization's responsibilities. By making connections now, law enforcement will feel like a partner later in the event of cybercrime. And getting everyone in the company on board before a breach occurs will go a long way toward keeping a potential disaster in check.
"Everyone in the company needs to be involved," Smith said. "A breach is a cross-company problem. It's not just an IT problem."
It's also important for IT to speak about breaches in plain language so that non-IT employees understand what's happening and, later in the investigation, police have the right language to translate the incident to a jury, Jordan said.
He praised the enterprise IT community for their role in protecting assets.
"It goes a long way toward helping us get the bad guys," he said. "Please continue to do what you do. Log everything. It's not what you know; it's what you can prove."
Join SHARE in Seattle! It's not too early to start thinking about SHARE in Seattle, where enterprise IT professionals will gather for more informative sessions on security and other topics vital to the mainframe. Visit www.SHARE.org/seattle for more information and early-bird registration.