Key Resources Inc. Drops Predictions on Mobile Payments, Mainframe Security

December 21, 2018         By: Steven Anderson

It’s not just a Marty Robbins song, and it actually hasn’t been just a song for decades now. We’re talking about big iron—mainframes–and their connection to mobile payments. Mainframes keep a lot of what we consider online activity running, and recently, Key Resources—by way of president and CEO Ray Overby—sent some of its predictions for keeping that big iron safely locked down in 2019.

So what does Overby expect to see out of the upcoming year in securing these vital tools? One point Overby raises is that, if mainframes were actually attacked in banking, the result would be “very visible to both businesses and consumers.” Not only would some of the most sensitive data a person has—banking data—be rendered visible, but transactions could be completely shut down. With so much at stake, Overby projects that mainframe protection will continue to be job one for banks.

However, Overby also expects bigger breaches to strike, particularly in the cloud and with other hard-to-secure platforms. Such systems are a clear path to strike the mainframe, so by focusing on these points, they’ll make for an easier approach to the highly-secured mainframe. Since cloud data breaches are already up 300 percent in the time between 2016 and 2018, it’s easy enough to say these will continue to increase.

Overby concludes by noting the biggest threat mainframes face: ignorance. While authentication and configuration do protect against many common attack vectors, they’re not a magic-bullet cure. Code-based vulnerabilities do exist and will be preyed upon, and as long as we continue to offer too much access to the mainframe, it’s likely only a matter of time until a serious problem strikes.

All of these are valid points; considering what’s at stake here—the financial data and ability to shut down transactions—we’ll get attacks from both greed-based hackers as well as hacktivists eager to make a point by killing a bank or similar entity they find distasteful in some way. Thus, further security augmentation will be the only way to protect against this.

Thankfully, we have an understanding of what needs to be done to protect these systems. The only real question is, do we have the guts to do what needs to be done in their protection?