Cyber Security: How You Can Protect Your Company’s Assets with a Few Simple Steps 网络安全:如何通过几个简单的步骤保护公司的资产
With weekly and even daily news of data breaches and hacks, it’s important to remember that cyber security is everyone’s responsibility. In fact, October has been dedicated as致力于 National Cyber Security Awareness Month for this very reason. It’s important to be vigilant in protecting not only the equipment and networks we knowingly use everyday, but also the many unacknowledged connections that come with using Internet of Things (IoT) devices in our daily lives.
“What’s not being said about cyber security is how much of a difference people can make in just by taking some simple steps,” says David Herman, President of Raffetto Herman Strategic Communications. In this article, we’ll discuss the current cyber threat landscape and how you can defend yourself, your team, and your company. Experts share tips for how you can protect your cyber assets, whether big or small, and you’ll also find resources to create a cyber security plan.
每周甚至每天都有数据泄露和黑客的新闻,记住网络安全是每个人的责任是很重要的。事实上,10月被定为国家网络安全宣传月正是出于这个原因。重要的是要保持警惕,不仅要保护我们每天故意使用的设备和网络,还要保护使用物联网带来的许多未被承认的连接(物联网)设备在我们日常生活中的应用。
Raffetto Herman Strategic Communications的总裁David Herman说:“关于网络安全,人们只需要采取一些简单的步骤就能带来多大的改变,这一点还没有被提及。”在本文中,我们将讨论当前的网络威胁形势,以及您如何保护自己、团队和公司。专家分享了如何保护您的网络资产(无论大小)的技巧,您还可以找到创建网络安全计划的资源。
What Is Cyber Security All About? 什么是网络安全?
Cyber security is the processes and methods that secure computer devices, networks, and data and information against attack, theft, misdirection, misuse, or disruption. Cyber security’s purview extends to considerations of the nature and source of threats and the infrastructure beyond an internal network. The cyber security field also covers issues surrounding public computer policy including network policy, cyber threat awareness, and threat information sharing.
网络安全是保护计算机设备、网络、数据和信息免受攻击、盗窃、误导、滥用或破坏的过程和方法。网络安全的范围延伸到对威胁的性质和来源以及内部网络以外的基础设施的考虑。网络安全领域还包括公共计算机政策的相关问题,包括网络政策、网络威胁意识和威胁信息共享。
Cyber security is a superset超集 for many aspects of security, including network security. However, network security focuses on protecting the internal data and infrastructure基础设施 of a small or enterprise-sized企业级 organization, and manages access control, passwords, firewalls, scans, and antivirus防病毒 software. Cyber security also encompasses包含 the following aspects:
网络安全是包括网络安全在内的许多方面安全的超集。然而,网络安全侧重于保护小型或企业级组织的内部数据和基础设施,并管理访问控制、密码、防火墙、扫描和防病毒软件。网络安全还包括以下几个方面:
Application Security: An effort to build robust security features into applications, especially those that are available through the internet.
Information Security (InfoSec): The processes, policies, and tools that secure digital and nondigital data and information from attack and misuse.
Operational Security (OPSEC): The goal of OPSEC is to identify and determine methods to protect assets. Operational security usually consists of five steps: identify assets, identify threats, determine vulnerabilities, assess risks, and invoke countermeasures.
Disaster Recovery and Business Continuity: Disaster recovery anticipates security events and provides a plan for recovering assets and resuming business.
Enduser Education: Good cyber security practice empowers every member of an organization to recognize and resist security threats.
应用程序安全性:努力在应用程序中构建强大的安全特性,特别是那些通过互联网可用的应用程序。
信息安全(InfoSec):保护数字和非数字数据和信息免受攻击和滥用的过程、策略和工具。
业务安全(业务安全保护):OPSEC的目标是识别和确定保护资产的方法。操作安全通常包括五个步骤:识别资产、识别威胁、确定漏洞、评估风险和调用对策。
灾难恢复和业务连续性:灾难恢复可预测安全事件,并提供恢复资产和恢复业务的计划。
最终用户教育:良好的网络安全实践使组织的每个成员都能够识别和抵御安全威胁。
What Is Computer Security? 什么是计算机安全?
Cyber security has a few synonyms, computer security and IT security, which may sound more approachable for non-technical people. The goal of computer security is to protect hardware, software, and the data they store and transmit from potential damage, disruption, or misappropriated use.
网络安全有几个同义词,计算机安全和IT安全,对于非技术人员来说可能听起来更平易近人。计算机安全的目标是保护硬件、软件以及它们存储和传输的数据免受潜在的破坏、中断或滥用。
Why Is It Important to Have Cyber Security? 为什么网络安全很重要?
Everything is digitized and online, from banking to maintaining friendships. Cyber security concerns have moved beyond protecting traditional desktop computers and server farms and the confidential or personal identifying information (PII) they contain. Security must protect millions of smart devices that perform every activity, from remotely adjusting the temperature in your office to changing traffic signals to ensuring water flows through mains at a steady rate.
The integration综合 of digital and information technology is increasing at home, work, and even in public infrastructure. As government cyber security sites note, hackers (whether amateurs or organized criminals) want to deny, destroy, degrade, and disrupt our networks.
一切都是数字化和在线的,从银行业务到维持友谊。网络安全问题已经超越了保护传统的台式电脑和服务器群以及它们所包含的机密或个人身份信息(PII)。安全必须保护执行各种活动的数以百万计的智能设备,从远程调节办公室的温度到改变交通信号灯,再到确保水以稳定的速度通过主管道。
数字和信息技术的整合在家庭、工作、甚至公共基础设施中越来越多。正如政府网络安全网站所指出的那样,黑客(无论是业余爱好者还是有组织的犯罪分子)想要否认、破坏、降级和扰乱我们的网络。
Threats are evolving and escalating in their sophistication and the amount of damage they can inflict when implemented. As technology consultant and President of Raffetto Herman Strategic Communications David Herman warns, “There are bad actors and they’re going to go after big things.”
威胁正在演变和升级,其复杂性和实施时可能造成的破坏程度不断增加。正如技术顾问兼Raffetto Herman战略传播公司总裁David Herman所警告的那样,“有一些坏的行为者,他们会去追求大的东西。”
Stephen Gates, Chief Research Intelligence Analyst at Zenedge, says the recent and frequent attacks should capture our attention. “This is a wake-up call for anybody that stores PII data. They must protect their web applications with good, sound web application technologies,” he advises. Proper protection involves more than firewalls and antivirus software. Gates believes it’s about protecting our actual web applications from exposure to hackers.
Zenedge首席研究情报分析师Stephen Gates表示,最近频繁发生的攻击应该引起我们的注意。“这对任何存储PII数据的人来说都是一个警钟。他们必须用良好的、健全的网络应用程序技术来保护他们的网络应用程序,”他建议。适当的保护涉及的不仅仅是防火墙和防病毒软件。盖茨认为,这是为了保护我们实际的网络应用程序不被黑客。
There’s no sign that threats and crime will end soon because it’s a lucrative full-time job for hackers. “They’re not wearing hoodies, sitting in grandma’s basement hacking,” says Gates. “These guys drive Mercedes, have private jets, wear Armani suits, and basically are living a wonderful lucrative life by being criminals. How are you going to change that?”
没有迹象表明威胁和犯罪会很快结束,因为这对黑客来说是一份赚钱的全职工作。“他们没有穿连帽衫,坐在祖母的地下室里黑客,”盖茨说。“这些人开着奔驰,有私人飞机,穿着阿玛尼西装,基本上是通过犯罪过着非常赚钱的生活。你要怎么改变这一点?”
The Bot Armageddon 机器人大决战
If massive credit card thefts and epidemics of ransomware aren’t frightening enough, Gates foresees another threat on the horizon: The invasion of the botnets. Bots are small applications that automate tasks (such as a food ordering app for a restaurant). Hackers can turn internet-enabled devices, such as baby monitors, thermostats, cameras, or smartphones into bot networks. “Now the bots will attack on the instruction of the bot master,” explains Gates. A bot’s goal is to tumble passwords or spread ransomware. Using mass amounts of devices can amplify the power of the attack.
“It’s one attack with a hundred thousand or a million devices hacking simultaneously,” warns Gates. And it’s looming. “This bot problem is going to be out of control within the next three or four years.”
如果大规模的信用卡盗窃和勒索软件的流行还不够可怕的话,盖茨还预见到了另一个即将到来的威胁:僵尸网络的入侵。机器人是自动执行任务的小型应用程序(例如餐厅的订餐应用程序)。黑客可以将具备互联网功能的设备(如婴儿监视器、恒温器、摄像头或智能手机)转变为僵尸网络。“现在机器人会根据机器人主人的指令进行攻击,”解释了盖茨的行为。机器人的目标是破解密码或传播勒索软件。使用大量的设备可以扩大攻击的力量。
盖茨警告说:“这是一次攻击,同时有十万或一百万台设备被黑客入侵。”而且已经迫在眉睫了。“这个机器人程序问题将在未来三四年内失控。”
Cyber Security: More than a Threat 网络安全:不仅仅是威胁
Despite a deep threat landscape, a strong element of naivety persists in the world. As Herman says, you don’t heed the hurricane warnings if you’ve never lived through a hurricane. Indeed, it’s not until you’re personally affected by a cyber security breach that you become more acutely aware of its potential. Herman explains that this mindset still exists among some smaller organizations - a sense of security by obscurity. He illustrates this sentiment: “We’re a small firm, nobody really knows about us. There’s not a big threat, so I’m not worried.”
In companies, CEOs and other C-level executives often set the tone to view security as an IT problem. When so many departments in an organization are networked and control sensitive data, cyber security becomes the entire team’s responsibility.
In addition to the mayhem and disruption that breaches and denial of service attacks cause, organizations may be held accountable for cyber security - especially if it’s a company that stores data or works with a business’ sensitive information. If the company has not enacted strong cyber security systems, auditors may sanction them, making it difficult to retain or attract new business. If your organization functions in a highly regulated industry, such as banking or healthcare, you may be subject to severe sanctions and penalties for data breaches. When dealing with countries outside the U.S., there may be specific times for reporting breaches.
尽管面临着严重的威胁,但世界上仍然存在着一种强烈的天真因素。正如赫尔曼所说,如果你从未经历过飓风,你就不会注意到飓风警告。事实上,直到你个人受到网络安全漏洞的影响,你才会更加敏锐地意识到它的潜力。赫尔曼解释说,这种心态在一些较小的组织中仍然存在——默默无闻带来的安全感。他阐述了这一观点
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
