Legacy mainframes are still used by enterprises to handle big data transactions across a range of industries, from financial institutions, telecoms, and internet service providers (ISPs) to airlines and government agencies.
Why are they still in use? As the saying goes: “if it ain’t broke, don’t fix it”. But what if they’re not necessarily “broken”—but unsecure? Exposing a mainframe online, even unintentionally, can be detrimental to the security not only of the company’s crown jewels, but also their customers. This is what we found using data from Shodan, a public search engine for internet-connected devices.