990-35产品经理:Data Security 101: Understanding the Crisis of Data Breaches, and Best Practices to Keep

Data Security 101: Understanding the Crisis of Data Breaches, and Best Practices to Keep Your Organization’s Data Secure
数据安全101:了解数据泄露危机，以及确保组织数据安全的最佳实践

Each year, data breaches are responsible for compromising the personal information of millions of people around the globe. These breaches cost organizations billions of dollars per year, and are causing governments to implement new requirements for organizations to secure their data.
However, experts have established best practices on how organizations can protect their data. In this article, you’ll learn everything you need to know about the ongoing challenge of data security, and how to fight data breaches and cyber criminals.
每年，数据泄露都要为全球数百万人的个人信息泄露负责。这些数据泄露每年给企业造成数十亿美元的损失，并导致政府对企业实施新的要求，以保护其数据安全。
然而，专家们已经建立了关于组织如何保护其数据的最佳实践。在本文中，您将了解有关数据安全的持续挑战以及如何打击数据泄露和网络犯罪的所有信息。

What Is Data Security? 什么是数据安全？

Data security refers to measures taken to prevent unauthorized access to the information stored in computers and databases or on the web, and to prevent the modification or corruption of that information. Data security is sometimes called computer security, systems security or information security, and is an important part of the information technology systems for all organizations, large and small.
数据安全是指为防止未经授权访问存储在计算机和数据库或网络上的信息，以及防止修改或损坏该信息而采取的措施。数据安全有时被称为计算机安全、系统安全或信息安全，是所有大小组织信息技术系统的重要组成部分。

What Is Data Security Protecting Against? 数据安全保护的对象是什么？

The threats that data security protects again are constantly changing and evolving. But there remain some consistent threats, which include the following:
数据安全再次保护的威胁是不断变化和发展的。但仍然存在一些持续存在的威胁，其中包括：

Security Hackers: People who work to exploit vulnerabilities in a computer system, sometimes for information gathering, protest or theft.
Malware: A shortened name for “malicious software,” this is software built to gain unauthorized access or cause damage to a computer or computer system.
Computer Viruses: One form of malware, computer viruses are maliciously written codes that alter how a computer operates and can damage the computer and data stored on it. The code is written so the virus can spread from one computer and computer system to another.
安全黑客：利用计算机系统漏洞的人，有时是为了收集信息、抗议或盗窃。
恶意软件：“恶意软件”的缩写，这是一种未经授权的访问或对计算机或计算机系统造成损害的软件。
电脑病毒：恶意软件的一种形式，计算机病毒是恶意编写的代码，它会改变计算机的运行方式，并会损坏计算机和存储在计算机上的数据。编写这些代码是为了使病毒能够从一台计算机和计算机系统传播到另一台计算机和计算机系统。

The Need for Data Security: Increasing Hacks, Breaches & Problems 对数据安全的需求:不断增加的黑客、漏洞和问题

Strong data security has become vital for all organizations as the number of data breaches and other security problems have mushroomed in recent years.
Identity Theft Resource Center, a nonprofit that has been tracking data breaches for more than a dozen years, reported 1,579 data breaches in 2017 — an increase of 45 percent from the previous year. The two areas of the economy that saw the largest increases were general businesses and financial institutions. More than 55 percent of data breaches in 2017 affected businesses, up from 45 percent in 2016.
A separate 2018 study by Thales eSecurity, a data security firm, found that 46 percent of U.S. organizations had experienced a data breach in the previous year, up from 24 percent in the same study the year before. Another study from the PwC consulting firm in 2015 found that the number of cyber security attacks had increased by 38 percent from the previous year, and intellectual property theft had increased by 56 percent.
The cost of data breaches to organizations continues to be staggering. Across the world, data breaches cost companies about $3.6 million per incident in 2017, according to the most recent annual survey by the Ponemon Institute. In the U.S, the average cost for a data breach was $7.35 million per incident, a record high.
Worldwide, data breaches cost $141 per compromised record, according to the Ponemon survey. In certain industries, the cost was much higher — $380 per record in the healthcare industry and $245 per record in the financial services industry.
近年来，随着数据泄露和其他安全问题的数量迅速增加，强大的数据安全性对所有组织都变得至关重要。
身份盗窃资源中心（Identity Theft Resource Center）是一家追踪数据泄露事件超过12年的非营利机构，该机构在2017年报告了1579起数据泄露事件，比前一年增加了45%。增长最大的两个经济领域是一般商业和金融机构。2017年超过55%的数据泄露事件影响了企业，高于2016年的45%。
数据安全公司Thales eSecurity 2018年的一项独立研究发现，46%的美国组织在前一年经历过数据泄露，高于前一年同一研究中的24%。普华永道咨询公司2015年的另一项研究发现，网络安全攻击的数量比前一年增加了38%，知识产权盗窃增加了56%。
数据泄露给组织带来的成本仍然惊人。根据Ponemon研究所最近的年度调查，在全球范围内，2017年每起数据泄露事件给公司造成的损失约为360万美元。在美国，数据泄露的平均成本为每起事件735万美元，创历史新高。
根据Ponemon的调查，在全球范围内，数据泄露的成本为每条受损记录141美元。在某些行业，成本要高得多——医疗保健行业的每份记录为380美元，金融服务行业每份记录为245美元。

Some of the Largest Data Breaches or Cyber Attacks of Our Time 我们这个时代一些最大的数据泄露或网络攻击

There have been thousands of known data attacks and breaches over the past several years. Some have been especially large and newsworthy, including the following notable breaches:

在过去的几年中，已经发生了数千起已知的数据攻击和泄露事件。其中一些事件规模特别大，具有新闻价值，包括以下几起值得注意的事件：

Methods Cyber Criminals Use to Infiltrate Computers and Systems 网络犯罪分子用于渗透计算机和系统的方法

Cyber criminals use a range of methods to infiltrate computers systems. Some have been used for years; others have been developed more recently.

“Every year, the crooks get better and better funded and more and more sophisticated and more and more well organized,” says Russ Schrader, Executive Director of the National Cyber Security Alliance, a nonprofit public-private partnership that promotes cybersecurity and privacy education and awareness.
Among the most common ways cyber criminals infiltrate systems:
网络犯罪分子使用一系列方法侵入计算机系统。有些已经使用多年，有些则是最近才开发出来的。

国家网络安全联盟（National Cyber Security Alliance）的执行主任拉斯·施拉德（Russ Schrader）说：“每年，这些骗子的资金越来越充足，手段越来越高明，组织也越来越严密。”国家网络安全联盟是一个非营利性的公私合作机构，旨在促进网络安全和隐私教育及意识。
网络犯罪分子渗透系统的最常见方式包括：

Brute Password Cracking: Hackers can crack some passwords simply by using common or easy-to-guess passwords — like “1234” or “password.” They also use computers to quickly try a succession of passwords or move through hundreds of thousands of words. This method can be especially effective if your password is short. A computer can crack a seven-character password in milliseconds. A 12-character password would take about 200 years. If you’re concerned, this site can help you figure out how strong your password is against attacks. Note: Although the site states that it doesn’t collect or store passwords, it’s best not to use your current passwords when trying out the educational tool.
暴力密码破解：黑客可以破解一些密码简单地使用常见的或容易猜到的密码-如“1234”或“密码”。“他们还使用电脑快速地尝试一连串的密码或处理数十万个单词。如果你的密码很短，这种方法会特别有效。电脑可以在几毫秒内破解7个字符的密码。一个12个字符的密码需要大约200年。如果你担心，这个网站可以帮助你找出你的密码是多么强大的攻击。附注：尽管该网站声明不收集或存储密码，但在试用这个教育工具时最好不要使用当前的密码。

Using Existing Breached Data: Hackers also use data obtained through unauthorized means, available for purchase online. That existing breached data can give them emails, usernames, and passwords that they can use to gain access to accounts.
Phishing Emails: You are sent an email, represented to be from your bank, the IRS, or another organization that you do business with or trust. The email suggests the organization needs important information from you and asks you to click on a link within the email. That link takes you to a malicious website, which asks you to enter a