當權威人士說“每家公司都是科技公司”時，聽起來就像用流行詞胡說八道一樣。但后來，人們意識到確實如此。現在，從媒體到零售的各個行業如果想要獲得成功，都必須把科技當作核心競爭力來看待。

在網絡安全上，同樣的情況恐怕又要成真了。過去只有銀行和科技等少數行業才需要把安全作為工作立身之本。如今，其他所有人也要如此了。你還有懷疑嗎？看看上周五導致全球許多醫院和聯邦快遞（FedEx）等大公司癱瘓的勒索軟件吧，如果他們之前升級了Windows系統，或許就能阻止這次襲擊。

擅長網絡安全可能不會讓公司在市場競爭上獲得優勢，不過它可以阻止安全災難的爆發，這同樣重要。問題是怎么做到這一點。

反釣魚服務公司Area 1的首席執行官奧倫?法爾科維茨等人堅稱，科技才是維護網絡安全的最好途徑，他們認為去培訓公司里的每一個人，讓他們擅長網絡安全，這是不現實的。與此同時，Cloudflare等公司則建議采用整個行業適用的辦法，例如給物聯網（Internet of Things）建立類VPN保護的倡議，這樣可以降低聯網設備的危險性。

這些辦法都很好，不過我認為企業文化也必須在其中成為不可分割的一部分。想起過去，媒體從業者曾經心安理得地忽視新技術（“我為什么要寫那個？我是作家！”），但如今媒體認為科技素養乃是記者這個職業的核心要求。

我能感覺到，在網絡安全問題上，同樣的事情會再一次發生。如此多網絡災難的發生，都是因為人們缺乏更新軟件或檢查郵件附件等基本意識而導致的。未來成功的企業里，可能所有的員工都要了解網絡的基本常識。

當然，說來容易做來難。不過現在，企業和機構已經別無選擇。（財富中文網）

譯者：嚴匡正

When the pundits first said “Every company is a tech company,” it sounded like buzzword blather—until people realized it’s true. These days, companies in any industry—from media to retail—must make technology a core competency if they want to succeed.

And now the same is becoming true of cyber security. Once, it was only a handful of industries such as banking or technology that needed to make security a fundamental part of what they do. Today, everyone else does too. Do you doubt it? Just look at the terrible ransomware attacks that crippled hospitals and major companies like FedEx across the world on Friday—attacks that probably could have been prevented if they had updated their Windows software.

Being good at cyber security may not give a company a competitive edge in the market, but it will prevent security catastrophes, which is just as important. The question is how to achieve this.

People like Oren Falkowitz, the CEO of anti-phishing service Area 1, insist that technology provides the best route to cyber safety, arguing it’s impractical to train everyone in an organization to be good at security. Meanwhile, companies like Cloudflare are proposing industry wide approaches—like an initiative to create VPN-style protection for the Internet of Things—to make connected devices less dangerous.

These are fine approaches, but I can’t shake the impression that corporate culture must be part of the mix too. I recall how it was once okay for those of us in the media to ignore new technology ("why do I need that? I’m a writer!"), but now the industry treats tech literacy as a core part of a journalist’s job.

I get the feeling the same thing will happen when it comes to cyber security. So many cyber disasters are based on exploiting people’s lack of knowledge about elementary ideas like software updates or email attachments. Successful companies of the future may be those in which everyone in the organization has a basic level of cyber literacy.

Sure, that’s easier said than done. But at this point, companies and organizations have no choice.