Mainframes remain the quiet engine powering many essential services. From ATM transactions and flight bookings to processing insurance claims and maintaining government records. Their reputation for being more secure than cloud platforms has led many organizations to view them as inherently low-risk.
But this perception is increasingly dangerous. Over-reliance on the mainframe’s long-held reputation can lead to complacency, leaving critical systems exposed to modern threats that evolve faster than traditional defenses.
In the Philippines, the growing threat landscape is hard to ignore. The Cybercrime Investigation and Coordinating Center (CICC) reported over 10,000 cybercrime complaints in 2024, a threefold increase from the previous year, with estimated losses amounting to PHP 198 million ($3.39 million). These incidents range from consumer fraud and financial scams, to identity theft and unauthorized system access.
Such attacks span a wide range of platforms, but they underscore a critical reality: no system is exempt, not even mainframes. Given the massive volume of sensitive data and mission-critical transactions that they handle, even minor security lapses could result in disproportionate consequences.
Yet, many organizations still connect to mainframe applications through terminal emulators, software that bridges core systems with today’s contemporary infrastructure. While terminal emulators remain vital in maintaining operational continuity, it often relies on basic password protection and outdated protocols.
Organizations that continue to depend on this method must ensure it is equipped with modern safeguards. As AI driven cyber threats grow, along with insider risks and stricter regulations, traditional approaches simply aren’t enough.
Three Pressing Challenges Putting Your Mainframe at Risk
Even the most resilient infrastructure can be undone by modern risks that traditional systems weren’t built to handle. Here are three pressing threats that demand the attention of any organization:
1. Identity and Access
Aside from how users access the mainframes, the biggest risk also stems from who has access to it. Whether it’s a distracted employee mishandling credentials or a malicious actor exploiting stolen ones, access-related threats are rising in both volume and complexity.
AI has made the problem worse with deepfakes, voice cloning, and more sophisticated phishing tactics. Attackers can now impersonate legitimate users with disturbing ease. In 2024, over 6.15 million SMS scams were reported in the country, showing just how widespread and effective these threats have become.
2. Insider Risks
Cyber threats don’t always come from outside. In some cases, significant security breaches begin within the organization. This includes employee carelessness, poor access practices, or intentional misuse of access privileges.
What happens when a trusted employee exploits their system knowledge for personal gain? One striking case involved a Shanghai HR manager who reportedly created 22 ghost employees to embezzle $2.2 million over eight years. While not a technical breach, it underscores a serious vulnerability: the misuse of trusted access.
These kinds of threats often go unnoticed until it’s too late. In mainframe environments where oversight tools may be outdated or siloed, organizations must check for early warning signs. Look for unusual behaviors, such as logins from unfamiliar locations or access at odd hours — these can be early indicators of compromise.
To stay ahead of such risks, organizations with mainframes must implement continuous behavioral monitoring and automated analytics across all users, including those who work on the mainframe. A well-integrated identity and access management (IAM) framework plays a crucial role here.
When combined with security monitoring tools, IAM solutions not only enforce access policies but also generate detailed audit trails – helping IT teams catch suspicious activity early and stay compliant with evolving regulations.
3. Regulatory Pressure
The government and policy makers are steadily raising the bar when it comes to cybersecurity and data protection. In the Philippines, the National Cybersecurity Plan (NCSP) 2023-2028 outlines a long-term strategy to boost national cyber resilience, including securing critical infrastructure.
Alongside this, the Data Privacy Act of 2012 continues to serve as the country’s primary legal framework for holding personal information. It holds organizations accountable for how they collect, store, process, and protect sensitive data.
Mainframes, which often handle vast volumes of personal and financial records, are under close scrutiny for compliance. These systems are expected to meet the same security standards as modern digital infrastructure. Falling short doesn’t just lead to penalties; it also risks reputational harm and operational disruption.
Importantly, compliance doesn’t end with your internal systems. Third-party software vendors are considered part of the risk surface. If their tools contain vulnerabilities, your organization could face the fallout. Vendors must be able to demonstrate how security is embedded throughout their development lifecycle and show readiness to comply with evolving regulations relevant to your industry.
Rethink Mainframe Security Before It’s Too Late
Mainframes hold a treasure trove of personal data and sensitive transactions; they are simply too valuable to leave under protected. Relying on traditional passwords alone is no longer enough. The evolving threat landscape demands a more robust, layered approach to security.
To protect what matters most, organizations must modernize their defenses. This starts at the very point where users access the system.
The author is the vice president for Asia Pacific at Rocket Software
