14th November 2022

IBM i Security, it’s not easy but it doesn’t have to be hard either…

IBM i cyber security

Establishing a foundation for IBM i cyber security

For many reasons, IBM i enterprises are overwhelmed with securing their IT infrastructure. 

You’re busy with the day-to-day maintenance, support and actual build of the IBM i applications that run your business. 

So, where does IBM i security fit in, what do you need to do and how do you manage it? 

Many IBM i shops already have systems, policies, procedures and tools already set-up that are working – and, despite a moving security landscape, many of these elements have been in place for years. 

If you’re considering reviewing, revising and replacing these systems, or you’re considering systems for the first time, check out our Cyber Security webinar with Andy Nicholson  to discover a foundation for cyber security on IBM i on the link below.

View the Webinar

 

Surveys highlight IBM i cyber security as top concern

For the sixth year running, cyber security has ranked as the number one concern for IBM i IT professionals in HelpSystems (always) insightful IBM i Marketplace survey.

Why is cybersecurity at the top of the survey’s concerns? 

Well, Fresche, IBM and Forbes asked that same question within their 2022 cyber security report.  

The findings made grim reading.

  • 43% of organisation don’t have any cyber security in place
  • 61% of SMBs reported at least one cyber attack in 2021
  • A penetration testing study revealed cyber criminals can penetrate 93% of company networks
  • 83% of organisation are not financially prepared to recover from a cyber attack
  • Nearly 50% of IBM i shops have little to no security knowledge and skills (with concerns that there are indeed limited security knowledge or skills within the IBM i community as a whole).

[SOURCE: Fresche, IBM & Forbes Cybersecurity in 2022 Report]

 

But the IBM i secure, right? Dispelling the myth that IBM i is impenetrable

IBM i is a safe platform, right? 

Well, not entirely.

For so many years, there’s been a general feeling that the IBM i is an impenetrable platform, immune to any kind of cyber threat.

And while the architecture of IBM i certainly makes it less likely than other platforms, unfortunately, there are always security fault lines in every business and flaws that can be exploited in every system.

And what about those particular fault lines and flaws? 

During the webinar, Andy will examine these  the top four risks as reported by IBM in greater detail – and crucially provide some practical guidance to combat these particular risks.

 

Malware

Malware or malicious software refers to worms, viruses, Trojans, and spyware — that provide unauthorised access or damage to the computer. 

Ransomware

Ransomware is a type of malware that locks down files, data or systems, and threatens to make public, erase, encrypt or even destroy data unless a ransom payment is made to the criminal.

Phishing

Phishing is a form of social engineering that tricks users into providing their credential or sensitive information. These are normally delivered via email or text messages disguised as a legitimate company – say a bank, government institution or business.

Inside Threats / Credential abuse

Typically, these come in the form of former employees, business partners, contractors or anyone who has had access to systems or networks. These can be considered a threat if they abuse their access permissions and as a result are invisible to firewall and intrusion detection systems.

 

Laying the foundation for security on your IBM i

Now we understand the types of cyber threats that can impact our IBM i, we can lay the foundations for protecting our infrastructure – and the application running on it.

During the webinar, Andy will provide practical advice and suggestions for IBM i security ranging from 

  • Profile management
  • User privileges
  • Managing passwords
  • Restricting access to your IBM i (closing the backdoor)
  • IFS security
  • Preventing phishing attacks through staff education
  • Backup and recovery 
  • High availability
  • Creating plans and policies
  • Importance of applying PTFs in a timely manner
  • Implementing field-level data encryption
  • Gaining cyber security accreditation
  • Having appropriate cyber security insurance.

 

Protecting your IBM i never stops

Cyber Security is not just ‘implement once’ and move forward, it’s a continually evolving landscape with new threats being introduced on a weekly, if not daily basis.  

Businesses need robust methods, policy and solutions in order to be able to counter and succeed.

Proximity has travelled this path, it’s not easy, but with support and some really terrific products on the market, it doesn’t have to be that difficult either. 

 

View the webinar today to learn the foundations for your cyber security

View the Webinar

 

In the meantime, if you’d like to discuss your IBM i security, do not hesitate to drop Andy Nicholson an email on andy.nicholson[@]proximity.co.uk.

Posted by Paul on 14th November 2022.