From Nordea to LensCrafters: Cybersecurity Lessons DORA and NIS2 Force Us to Learn in z/OS Environments

Sometimes we think giants are untouchable. We look at massive corporations and assume their digital walls are impenetrable. But reality, stubborn as it is, proves us wrong time and time again. The Nordea case should keep more than one CISO awake at night. It wasn't just a simple DDoS attack that made the news. The reality is far more unsettling: attackers were infiltrated for nearly a year, operating silently from Cambodia. During all that time, they dedicated themselves to exhaustive footprinting, mapping every corner of the infrastructure and studying defenses without anyone noticing. A whole year inside the kitchen before breaking the plates. If we add the LensCrafters data breach to the mix, which exposed sensitive patient information, the conclusion is clear: let's not kid ourselves, security by obscurity is dead. And here is where we address the elephant in the room: the false sense of security in the Mainframe environment. For decades, we’ve repeated the mantra that the z/OS platform (or "big iron") is invulnerable by design. And yes, it is robust, but it’s not magic. If someone can spend a year walking through your networks unseen, your "iron" isn't safe.

The Rules Have Changed: DORA and NIS2

Here is where European legislation has slammed its fist on the table. With the DORA regulation 2022 (Digital Operational Resilience Act) and the NIS2 directive coming into play, the landscape has shifted radically. We are no longer talking about just meeting GDPR requirements or avoiding a fine. We are talking about operational survival. DORA requires financial entities (and their critical ICT providers) to demonstrate they can withstand, respond to, and recover from threats. It’s not enough to build a wall; you need to know if someone is climbing it. Meanwhile, NIS2 compliance expands the scope to essential sectors, forcing executives to take cybersecurity personally. But it’s not just about Europe. The regulatory pressure is global and interconnected. Whether you are dealing with Sarbanes-Oxley standards (SOX) for internal control, aligning with Basel III for risk management, or adhering to Solvency II, the message is the same: resilience.

Integration is Key: SIEM, SOC, and Compliance

Many ask what a SIEM or a SOC is in the context of a Mainframe. Historically, these systems lived with their backs to z/OS. That’s over. To comply with the strict PCI DSS 12 requirements and avoid pulling a "Nordea," we need total visibility. A SIEM must ingest and correlate Mainframe events in real-time. If your SOC doesn't see what's happening in the Mainframe, you are blind in the most critical part of your infrastructure. Integrating z/OS logs is the only way to detect silent footprinting or lateral movements. This is crucial not just for PCI data security standard compliance, but also for meeting ISO 27001 certification standards. You can't rely on a firewall alone; you need active monitoring and ethical hacking to test your defenses.

Continuous Audit: Beyond the Snapshot

This is the painful part. Many organizations still rely on static annual audits. Doing an audit once a year is like looking at your watch once a day: it gives you the exact time in that moment, but you have no clue what happened the rest of the day. Threats are dynamic. That’s why increasing the frequency and depth of cyclical audit services, such as DATAPASS, is essential. It’s not about ticking a box for PCI DSS compliance cost or getting a PCI accreditation. It’s about a continuous-improvement system for Mainframe security. DATAPASS allows you to regularly identify vulnerabilities in configuration, software, or user permissions. In a world where NIST 2, ISO 27001, and DORA demand proactive responsibility, continuous auditing is your only real life jacket.

Conclusion: Resilience is an Attitude

Nordea and LensCrafters teach us that technology fails and attackers have patience. The difference between an incident and a catastrophe lies in preparation. Whether you manage a critical LPAR, are worried about the ISO 27001 certification cost for the company, or are responsible for payment card industry data, the message is clear: modernize your surveillance, integrate your Mainframe into the SOC, and adopt continuous auditing. Because when they’ve been inside for a year, it’s already too late to lock the door.