Companies can’t defend themselves against every single thing that can go wrong, because bad actors will continue to invent new ways to get inside the network.
公司不能針對每一件可能出錯的事情保護自己,因為壞的參與者將繼續發明進入網絡的新方法。
We also know that no matter how large a budget you allocate to enhancing your cybersecurity in 2020, you will continue to suffer from the cybersecurity talent shortage.
我們還知道,無論您撥出多大的預算來加強2020年的網絡安全,您都將繼續遭受網絡安全人才短缺的困擾。
According to an International Information System Security Certification Consortium (ISC2) study from 2018, the Asia-Pacific region is experiencing the greatest talent shortage at 2.14 million, which is partially attributable to its growing economies and new cybersecurity and data privacy regulations throughout the region.
根據國際信息系統安全認證聯盟(ISC2)從2018年開始的一項研究,亞太地區正在經歷最嚴重的人才短缺,為214萬人,部分原因是其經濟增長以及整個地區新的網絡安全和數據隱私法規。
Sixty three percent of respondents said their organisations have a shortage of IT staff dedicated to cybersecurity, and nearly 60 percent say their companies are at moderate or extreme risk of cybersecurity attacks due to this shortage.
63%的受訪者表示,他們的組織缺少致力於網絡安全的IT員工,近60%的受訪者表示,由於這種短缺,他們的公司面臨中等或極高的網絡安全攻擊風險。
To reduce the risks associated with this shortage in IT talent, enterprises in the Asia Pacific region will need to rigorously consider the weakest points in their systems and build a comprehensive security programme that includes network segmentation, network visibility and multifactor authentication.
為了降低與IT人才短缺相關的風險,亞太地區的企業將需要嚴格考慮其系統中的最薄弱環節,並建立包括網絡分段、網絡可見性和多因素身份驗證在內的全面安全計劃。
Organisations will also need to assess and catalogue the data they hold and where, then decide on the controls they want to put on it.
組織還需要評估和編目他們持有的數據和位置,然後決定他們想要對其進行控制。
This “defence in depth” or “security in layers” approach will continue to be the best for security.
這種“縱深防禦”或“層次分明”的方法將繼續是最好的安全方法。
Along with creating a strong security programme, we anticipate that four areas will dominate the cybersecurity agenda for enterprises in 2020.
在創建強有力的安全計劃的同時,我們預計2020年企業的網絡安全議程將主要集中在四個領域。
Bad actors have breached many organisations of all sizes, exposing passwords that provide a good statistical model to facilitate further attacks on companies or individuals.
壞人已經侵入了許多大大小小的組織,暴露了密碼,這些密碼提供了一個很好的統計模型,為進一步攻擊公司或個人提供了便利。
This will be a big cybersecurity threat for Asia Pacific companies in 2020 seeking to protect the integrity of their data without multi-factor authentication.
這將是亞太公司在2020年面臨的一大網絡安全威脅,這些公司希望在沒有多因素身份驗證的情況下保護其數據的完整性。
Multi-factor authentication continues to be one of the most important things enterprises should pay attention to, due to compliance regulations and the additional layer of protection it provides beyond passwords.
多因素身份驗證仍然是企業應該關注的最重要的事情之一,這是由於合規性法規及其提供的密碼之外的額外保護層。
Some of the large cloud service providers are taking the protection a step further with a hardware token.
一些大型雲服務提供商正在通過硬件令牌進一步提供保護。
This level of protection is recommended for high value accounts in your organisation.
建議為貴組織中的高價值客戶提供此級別的保護。
2019 has seen too many cases of enterprises that have moved their data to the cloud, failed to adopt standardised controls and have accidentally left the gate open to malign intruders.
2019年出現了太多企業將數據轉移到雲中、未能採用標準化控制以及意外向惡意入侵者敞開大門的情況。
According to a study by Cisco, many security teams in the Asia Pacific region are also unaware of the number of vendors or products that exist in their environment.
根據思科的一項研究,亞太地區的許多安全團隊也不知道其環境中存在的供應商或產品的數量。
The Philippines and Malaysia lead the region with the highest percentages of organisations that do not know how many products they use, while Vietnam has the highest percentage that do not know how many vendors they use.
菲律賓和馬來西亞在該地區排名最高,不知道自己使用了多少產品的組織比例最高,而越南不知道使用了多少供應商的比例最高。
Cloud storage providers, such as Amazon, are improving how they interact with customers - by helping them identify any weaknesses in the configuration of S3 buckets, for example.
雲存儲提供商(如Amazon)正在改進他們與客戶的互動方式-例如,通過幫助他們識別S3存儲桶配置中的任何弱點。
閱讀更多 甘河一老漢 的文章
