If an insider falls for a phish, that's something that involves an insider. If an insider fails to reset a default password, that's something that involves an insider. If an insider writes his passwords down, that involves an insider. It doesn't have to be malicious to be harmful.
Ransomeware is not a *cause* of databreach, but rather something that requires a prior breach. The prior breach could well involve phishing. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of Joe Monk [joemon...@gmail.com] Sent: Sunday, April 24, 2022 11:20 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IBM (IBM Z) , Lenovo, HPE and Huawei Servers Rank as Most Secure Platforms in ITIC Survey | TechChannel "Given that a healthy percentage of successful attacks involves insiders, there is no way that z/OS is immune to breaches." Umm, you may want to rethink that statement... "Phishing and related attacks — such as smishing (phishing lures sent over SMS messages) and business email compromise (phishing messages sent by someone pretending to be a colleague or a supervisor) — was the most common primary cause of data breaches in 2021. Ransomware was not too far behind, and malware was the third most common cause of data breaches.At the current growth rate, ransomware attacks will pass phishing as the No. 1 root cause of data compromises in 2022, ITRC predicts." https://secure-web.cisco.com/1DyGw4eF1jj1rbDoCTIDarRjOldIm2lOhO3Dc8sq7D-E5psG2m7eEt3YIIaUJqxAO3Rr38VtVKAkAnqigoJspbJ9kC6RcSFuH0EOnrjxpIGUGpB_nosBEw8k9xw8Z286GiKZrntKGQx1GIBgYt3w48fFljbWlwys9ProIRbUNuNlKBDGMVfE-1aUzIVqYWoudvwrrhoT0TD93C6i9lM0jo11SNBTqJYjDxDL7y7U7iSytRCab1T5xEXdqsSxRRgfl8TebDfqDOCJVFO7Wux-cBbfaiyZ4lvfq7UWdToZXh2yn-WyWHlb7CKwSsqAv_s_-NsqAMHKrfyTcUK3CbdcscTX6IvhNgNSSXDKlalwruJzGB9KIGRKX92dfWDjsl_R7Bb_l6qPbAYGuI4RiwyUG70w142bkQvEZV9DMMtQsKkHPtAGjDBmKjkpfIn-PIdy8V1qSO8UcJHXsGRZg-2bW3w/https%3A%2F%2Fwww.darkreading.com%2Fedge-threat-monitor%2Fmost-common-cause-of-data-breach-in-2021-phishing-smishing-bec Last I checked, Outlook doesnt run on z/OS... Joe On Sun, Apr 24, 2022 at 8:11 AM Seymour J Metz <sme...@gmu.edu> wrote: > Given that a healthy percentage of successful attacks involves insiders, > there is no way that z/OS is immune to breaches. The best that can be said > is that, properly administered, it is more secure than some other platforms. > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > ________________________________________ > From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf > of Bob Bridges [robhbrid...@gmail.com] > Sent: Friday, April 22, 2022 7:53 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: IBM (IBM Z) , Lenovo, HPE and Huawei Servers Rank as Most > Secure Platforms in ITIC Survey | TechChannel > > Don't get me wrong: I do believe that IBM mainframes belong at the top of > the list for security capabilities. But it occurs to me that if they > determined this by poll, then their results may be skewed by a) the belief, > on the part of mainframers like me, that IBM is best, and b) a reluctance > on the part of some corporations to report breaches even in polls that > claim they're anonymous. > > That said, I'm a little surprised that IBM had "fastest mean time to > detection (MTTD) from the onset of the attempted attack until the company > isolated and shut it down". I know real-time reporting products are out > there for mainframes, but I had the impression they're not used much. > > It's also interesting, given the size of the companies that use > mainframes, that they also report "The least amount of monetary losses due > to a successful security hack". Although see item b) above again. > > --- > Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313 > > /* Believe me! The secret of reaping the greatest fruitfulness and the > greatest enjoyment from life is to live dangerously! -Friedrich Nietzsche > */ > > -----Original Message----- > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf > Of Mark Regan > Sent: Friday, April 22, 2022 16:40 > > > https://secure-web.cisco.com/1JxdfsqHGjnUuRPmN2YNUOcWs_oODuUS43Hv9Kt5RRL9WJqsH4-fcqaxAXUsKZBF9zoWi22K6jgKVsMSVPfKlDoW0UfoK79vCd9b50dV2JBh9vI68wnxNs7IlnkymdAD8cyIP56U6bVR040KuFDUTTuIm5pJ-Df--mvQFXgIdElA0-JyZ-oaTwuV5H6T-3i1K_F5DTaJAl-B3_JifnuvpwG4jUx7XVsR5-xort_nGKKaysCiPyiHN5-RFCI82FqYnnvedHtDh3gukxo4ItD6HjpJa03Rb3BLbhb4TcscdsNUrTw7SkN15BCeem2_sCAEqp2x9meCeTgwhIUlAe2hust6LZz92uDc81LbxklmQbXf-yTlzFKn0LgmFtjRFDmvIXdZoAO5ywdpP84gAyTxS6JzKVRslOJU3wNPS_MzwRUNAqb_qR-fApdtTNIjp76XHmE6YTBvTCfHZWq09QjxB-w/https%3A%2F%2Ftechchannel.com%2FEnterprise%2F04%2F2022%2Fsecure-platforms-itic-survey > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
