精品国产_亚洲人成在线高清,国产精品成人久久久久,国语自产偷拍精品视频偷拍

立即打開
如何確保你的公司在2015年免受網絡攻擊?

如何確保你的公司在2015年免受網絡攻擊?

Peter J. Beshar 2015年01月12日
2014年末索尼影業遭黑客攻擊事件給企業界再次敲響了網絡安全的警鐘。如果公司負責人在新年伊始就下定決心,采取七種切實可行的措施,公司遭受黑客襲擊的概率將大大降低。

????2014年將因屢屢登上頭條新聞的網絡攻擊事件而被人們長期銘記。無論是上市公司、政府機構還是非營利組織,沒有哪類機構能夠幸免于難。進入2015年,我們只是在維護網絡安全這條永無止境的征途上前進了一小步。我們亟需理解網絡攻擊的復雜性,時不我待。

????大多數網絡攻擊都可歸類于以下三種主要的威脅類型:

?????針對網絡機密性的攻擊,導致信用卡號或社會保險號等安全信息遭竊或泄露;

?????針對網絡可用性的攻擊,通過發送大量請求導致網站無法訪問,或插入代碼改變訪問頁面的路徑;

?????針對網絡物理完整性的攻擊,改變或破壞計算機代碼,以損毀網絡基礎設施。

????2015年,你的公司應該在免受網絡威脅方面立下7項新年決心:

????1、管理好你的供應商網絡

????要從2014年的網絡攻擊中總結出一個要點,那就是密碼被破。黑客通過竊取空調和食品配送公司等小型供貨商的密碼和證書,進入了《財富》100強的公司網絡。請修改你的簡單密碼,采用雙重認證(2FA)的方式。雙重認證的一個典型例子就是用銀行卡從自動取款機上取錢——它需要雙重認證:你的銀行卡和你的密碼。另一個例子是登錄彭博社終端,首先你需要輸入密碼,然后采用生物測定學技術的系統還會要求你刷指紋進行二次認證。想要偷走指紋可不容易。你應該對所有遠程進入公司網絡的供應商和員工采用雙重認證方式。

????2、引爆惡意軟件

????“網絡釣魚”是一種發動網絡攻擊的簡單而有效的方式。黑客從你的社交媒體公共賬戶獲得了你朋友的名字,并偽裝成你認識且信任的人給你發私信。當你點開附件或鏈接,郵件就會把惡意軟件裝進你的網絡。一種應對惡意軟件的方法是安裝“引爆”軟件。一旦帶有惡意軟件的電子郵件被打開,在它把你的重要信息帶走之前,這種軟件會先將它扔進“沙盒”中進行引爆測試,看它是否指向了一個不正常的網站。

????3、保護你的“王冠”

????對你來說,什么信息最重要?是秘密配方、專有知識產權、社會保險號、信用卡號、敏感的衛生保健數據,還是非公開的財務信息?一旦你確定了公司最重要和敏感的信息,就把它與其他的技術和網絡操作分離開來。

????4、現在就準備好網絡攻擊應急計劃

????準備好應急計劃并定期演練。作為計劃的一部分,你應當雇傭取證調查公司來檢查你的網絡和應急計劃。

????5、進行“滲透”測試

????邀請一家第三方公司來進行“滲透測試”,找出公司信息技術網絡和基礎設施中的缺陷。根據結果來進行必要的安全性改進,同時遵守資料公開的要求。比如,根據美國證券交易委員會的規定,上市公司有義務告知投資者公司內部存在的網絡安全漏洞,該委員會還專門就此發表了一份指南。

????6、尋求政府的幫助

????在網絡攻擊領域,那句著名的“我們來自政府,我們將施以援手”簡直是再正確不過。在理解網絡威脅的嚴重性方面,美國政府要遠遠領先于商界?,F任和前任內閣官員多年來一直警告稱,美國有可能遭遇“網絡珍珠港”或“網絡9?11”襲擊。美國特勤局和聯邦調查局也在不斷提醒毫無覺察的上市公司,他們的系統被攻破了——盡管這些機構并沒有這種義務。不要等到自己被攻擊之后,才開始同聯邦調查局、國土安全部和司法部的核心官員搞好關系。

????7、從事并購交易時要審查網絡安全

????傳統上,并購交易的最大安全隱患在于保密工作。而網絡風險正日益成為其中一個重要卻被忽視的因素。請注意國土安全部最近發出的網絡風險警告,其中也許就包括你正考慮購買或投資的公司。請將網絡安全審查作為常規盡職調查的組成部分。

????在2014年,許多網絡攻擊的目標都是盜竊信用卡,進行金融犯罪。在未來,這種威脅可能會逐步升級為對技術網絡和基礎設施的物理性破壞。

????在2014年12月的假日季,德國政府報道了一起導致鋼鐵廠“嚴重損毀”的網絡攻擊事件。黑客利用網絡釣魚攻擊,使得負責關閉熔爐的電子控制系統陷于癱瘓,最終造成整個工廠嚴重受損。

????2015年將會有什么新型的網絡攻擊?不要再被動地等待了。即刻實施這些新年決心,保護你的公司在2015年免受無處不在的網絡威脅吧。(財富中文網)

????本文作者彼得?J.?貝沙爾是Marsh & McLennan公司執行副總裁兼法律總顧問。

????譯者:嚴匡正

????審校:任文科

????Last year will long be remembered as the year when cyber attacks became front page news. No institution was spared — public companies, government agencies or non-profits. Heading into 2015, we have just reached the first mile of a race without a finish line, and time is of the essence when it comes to understanding the sophistication and complexity of cyber attacks.

????Most cyber attacks fall into one of three main threat types:

?????attacks on a network’s confidentiality, causing theft or release of secure information such as credit card or Social Security numbers;

?????attacks on a network’s availability by overwhelming it with so many requests that it renders the site inoperable, or by injecting code that redirects traffic away from the site; and

?????attacks on a network’s physical integrity which alters or destroys computer code causing damage to the network’s infrastructure.

????In 2015, here are seven resolutions to help protect your company against cyber threats:

????1. Tighten Your Vendor Network

????If there is one key takeaway from the cyber attacks of 2014 it’s that passwords are dead. Hackers gained access to Fortune 100 companies by stealing passwords and log-in credentials of smaller vendors, including air conditioning and food delivery companies. Replace your single passwords with two-factor authentication or “2FA.” A good example of 2FA is withdrawing money from an ATM – it requires two authentications — your bankcard and your password. Another example is signing on to a Bloomberg terminal, which requires a password and then, using biometrics, requires a fingerprint swipe for a second form of authentication that cannot easily be stolen. You should require 2FA of all vendors or employees who log on to your networks remotely.

????2. Detonate Malware

????“Spear Phishing” is an easy and effective way to attack a network. Hackers obtain names of your friends from your public social media accounts and then send you a personal note that appears to come from someone you know and trust. When you click on the attachment or link, the email installs “malware” on your network. A solution for malware is “detonation” software. Once an email with malware is opened but before it can leave your network with critical information, it is detonated in a “sandbox” to test whether it is being routed to an inappropriate site.

????3. Guard Your “Crown Jewels”

????What information matters the most to you? Is it a secret formula, proprietary IP, Social Security or credit card numbers, sensitive health care data or non-public financial information? Once you determine your company’s most important and sensitive information, compartmentalize it from the rest of your technology and network operations.

????4. Develop a Cyber Attack Response Plan – Now

????Develop a plan and practice it regularly. As part of your plan, hire a forensic investigatory firm to review your network and your response plan.

????5. Conduct “Penetration” Tests

????Engage a third-party firm to conduct “penetration tests” to identify weaknesses in your company’s IT network and infrastructure. Based on the findings, make the necessary security improvements and comply with disclosure requirements. For example, the SEC has published guidance regarding the responsibilities of public companies to inform investors about cybersecurity vulnerabilities.

????6. Embrace the Government

????When it comes to cyber attacks, the famous saying that “we are from the government and we are here to help” couldn’t be more true. The U.S. government has been far out front of the business community in understanding the significance of cyber threats. Current and former cabinet officials have warned for years about the risk of a “cyber Pearl Harbor” or “cyber 9/11.” The Secret Service and FBI have repeatedly alerted unaware public companies that their systems were breached — even though neither agency was under any obligation to do so. Don’t wait until after an attack to build relationships with key officials at the FBI, the Department of Homeland Security and the Department of Justice.

????7. Kick the Tires in M&A

????Traditionally, the biggest security risk in a merger or acquisition transaction was confidentiality. Increasingly, cyber risk is becoming a critical, and often overlooked, factor. Heed the Department of Homeland Security’s recent warning about cyber risks in companies that you may consider buying or investing in and conduct cyber audits as part of routine due diligence.

????In 2014, the focus of many cyber attacks was stolen credit cards and financial crime. In the future, the threat will likely escalate to physical damage of technology networks and infrastructure.

????During the 2014 December holiday season, the German government reported a cyber attack that caused “massive damage” to an iron plant. Utilizing a spear phishing attack, hackers disabled the electronic controls that turned off the plant’s furnaces, causing damage to the entire plant.

????What new forms of cyber attacks will 2015 bring? Don’t wait to find out. Start 2015 off right by implementing these resolutions to help protect your company from ever-present cyber threats.

????Peter J. Beshar is Executive Vice President and & General Counsel of Marsh & McLennan.

  • 熱讀文章
  • 熱門視頻
活動
掃碼打開財富Plus App

            主站蜘蛛池模板: 沭阳县| 藁城市| 西平县| 确山县| 托克托县| 保德县| 平谷区| 田东县| 安平县| 平原县| 大竹县| 荔浦县| 海兴县| 东莞市| 延长县| 武夷山市| 普兰店市| 高雄县| 玉门市| 深水埗区| 达尔| 铜鼓县| 格尔木市| 绵竹市| 沿河| 温泉县| 冀州市| 建德市| 鄄城县| 南安市| 武邑县| 呼玛县| 苏尼特右旗| 博兴县| 乐陵市| 涞源县| 团风县| 兴宁市| 株洲县| 合江县| 宁海县|