AI, Insider Threats, and Compliance Gaps: Mainframes Need Modern Security

Mainframes are quietly running the backbone of modern life—from processing ATM withdrawals and airline bookings to handling your insurance claims and government records. Mainframes have earned a reputation through the years for being “inherently secure,” especially when compared to cloud.

However, this belief can lead IT teams to lull themselves into a false sense of security and let their guard down. The truth is that mainframes are not impenetrable.

More and more data breaches are making headlines. In the fourth quarter of 2024 alone, they accounted for 10% of all cyber incidents reported to the Cyber999 Incident Response Centre, according to MyCERT. While these incidents span across various IT systems, they reflect a growing threat landscape that no platform, including mainframes, can afford to ignore.

Given the volume of sensitive data mainframes handle, any security gaps could have outsized consequences. The problem is that many users still access mainframe applications using outdated methods like terminal emulators that are only secured by simple passwords. If you have been keeping score, you will know that passwords are increasingly falling out of favour in the security scene because they are just too easy for today’s hackers to bypass or steal.

With Artificial Intelligence (AI)-driven threats and insider risks on the rise, it is becoming easier for attackers to slip through mainframe defenses.

Three Significant Risks Threatening Your Mainframe

1. Insider threats

Not all threats come from outside. Some of the most dangerous breaches start from within. It could be something innocent, like a distracted employee unknowingly clicking on the wrong link or mishandling credentials, or something more malicious, such as a disgruntled worker or a bad actor hired into a sensitive role. Either way, the damage can be serious, especially when they have lateral access across systems.

Insider threats are not always technical, either. There have been notable cases of internal fraud involving ghost employees, where internal actors create fake payroll records to siphon off funds. One major case that stands out in recent years includes a Shanghai HR manager who fabricated 22 ghost employees to embezzle USD$2.2 million over eight years.

With insider risks ranging from negligence to fraud, the lack of modern access controls and monitoring leaves mainframes dangerously exposed from within.

2. Artificial Intelligence powering more convincing, targeted attacks

Artificial Intelligence is changing the face of business, no doubt about it. But at the same time, it is also enabling ever more sophisticated attacks and social engineering tactics. From deepfake voice calls to hyper-personalised phishing messages, AI is making social engineering harder to detect and easier to execute.

According to Anti-Scam Alliance’s 2024 report, Malaysians lose USD$12.8 billion annually to scams, equivalent to 3% of the country’s GDP. Alarmingly, 74% of people report encountering scams at least once a month.

With the increasing accessibility of AI, it is easier for cybercriminals to manipulate victims, spoof identities, exploit weak points in identity verification, and commit all kinds of scams, fraud, impersonation, and insider breaches. Mainframes without modern identity and access safeguards are becoming soft targets.

3. Steady advancement of data and IT security regulations

For many, the compliance clock is ticking. Regulatory bodies everywhere are tightening security regulations around data and IT with stricter deadlines and harsher penalties, and yes, this also applies to mainframes.

In Malaysia, the Cybersecurity Act 2024 has laid down clear standards for robust cybersecurity and threat management practices to better protect critical national infrastructure. Alongside this, Bank Negara Malaysia’s RMiT policy pushes financial institutions to maintain full visibility across all technology platforms and third-party providers so that they are able to detect and respond to threats without delay.

Three Ways to Protect Your Organisation Going Forward

At Rocket Software, we recommend three simple actions to help protect your organisation even as challenges continue to grow:

1. Modernise how users connect to mainframes.

Green-screen terminals may look outdated, but they are a gateway to highly sensitive data like personal information or financial records. Therefore, they must be treated with the same security priority as any modern system.

To strengthen protection, access to these systems should be modernised. Organisations should offer inherently secure web-based terminal emulator or enforced VPN usage. Emulators should also support modern security standards like TLS 1.3 and multi-factor authentication (MFA).

2. Monitor for anomalous behaviour and create an audit trail.

Unusual behaviour, like logins from odd locations or at strange hours, can be early signs of compromise. That is why organisations should apply continuous behavioural monitoring and automated analysis to all users, including those accessing mainframes directly.

A well-integrated identity access management system (IAM) can make a real difference here. In addition to enforcing access rules and tracking user behaviour, when integrated with monitoring tools, it creates detailed audit trails that help teams spot threats early and stay compliant.

3. Work with vendors who follow a secure software development lifecycle (SDL).

Software vendors must be secure links in the supply chain. Otherwise, vulnerabilities in their code could expose your systems to unnecessary risks. They should be able to show how they manage security from development to deployment, and how they adapt to new regulations that affect you and your industry.

Stop Leaving Your Mainframe Exposed

Mainframes are no longer overlooked. Nowadays, they stand squarely in the sights of hackers, thieves, and criminals. Passwords used to do the job, but modern organisations can no longer afford to use them as the only security barrier. Not when the stakes are higher than ever and businesses are facing increasingly sophisticated threats from both human hackers and AI-driven attacks.

It is time to rethink security and build a fortress around mainframes, starting right where the green screen meets the user.