How to Meet Cyber Insurance Requirements for IBM i

Cybercrime is a threat that continues to grow in terms of both instances and severity. In 2022, the number of ransomware complaints reported to the FBI totaled 150 million – a 400% increase since 2020.

The days of IBM i being on an island of its own are long gone, and the same growing threats that face other organizations are growing among IBM i users as well.

Cyberattacks can be detrimental and frequently result in victims going out of business. It’s no wonder that cyber insurance is projected to be a $500 billion industry within the next 10 years.

What Is Cyber Insurance?

Cyber insurance covers costs associated with data breaches and cyberattacks on businesses. These typically include lost income due to downtime, repair of hardware/systems, liability, and more. Having this coverage is especially critical in the event of a data breach involving the compromise of customers’ sensitive personal information such as credit card numbers, social security numbers, or even health records.

What Do I Need to Qualify for Cyber Insurance?

Since suffering heavy losses in 2020, cyber insurers have discovered the importance of requiring their insured to maintain basic cybersecurity hygiene.

So, to qualify for cyber insurance or to lower premiums considerably, organizations are required to implement various security controls. On IBM i, solutions to consider include:

• Multifactor Authentication (MFA): Stolen user credentials play a significant role in the majority of successful cyberattacks. MFA solutions combat this risk by requiring an additional verification step on top of the routine entrance of username and password information. This additional verification step can take the form of a push notification sent to a user’s mobile device, a one-time passcode, or biometric scanning (fingerprints, facial recognition, etc). Integration with other authentication providers via the RADIUS protocol helps to extend the range of such solutions.
• Security Information and Event Management: For IBM i shops, it’s critical to have a solution in place that can ingest raw security event data from IBM i and translate it into a meaningful format for security operations staff. Advanced solutions enable flexible filtering of audit journal entries and system messages so that IT knows exactly what’s happening on their IBM i.
• Data Encryption: If an attacker gains access to your IBM i systems and your sensitive data is not encrypted, then they will have unimpeded access to that data. Encrypting your data makes it of limited use to attackers in the event of a data breach.
• Antivirus and Anti-Ransomware: To ensure that no malware is present on an organizations’ systems, it is critical that virus scans are performed frequently. IBM i antivirus solutions need to be able to scan natively on the IBM i and on an enterprise-level scale. They also should be able to detect the latest threats. Anti-ransomware should detect ransomware activity on IBM I and prevent malicious encryption of files on the IBM I.
• Exit Programs: Exit points mark points of access to an organization’s IBM i. Security solutions can integrate with these exit points that allow/deny access based on rules defined in the solution, and to log access requests. Solutions that integrate with exit points are important for locking down accesses to your systems and tracking who accessed what information and functionality and how.

How Fortra Can Help You Get Started

Having solutions and procedures in place that cover these six areas of IBM i security is essential. Doing so offers your organization a solid cybersecurity foundation which substantially lowers your risk of falling victim to a cyberattack – thus making you a much more insurable client. Fortra carries products that can assist your organization in fulfilling all five security fundamentals – so if you’d like to begin your journey towards being cyber insured – we encourage you to reach out.