❑ 導 讀
“世界向未來數字化發展的程度越高,所帶來的網絡攻擊風險也就越大。”
全文共計4940字,預計閱讀時間9分鐘
來源 | Readwrite.com(轉載請註明來源)
作者 | Abeer Raza
譯者 | 張青青
2020年新冠病毒席捲全球,但這並非是危及人類安全的唯一威脅。2020年也是某些先進技術改變世界的一年,這些先進的技術變革將會改變未來人類社會的生活方式和商業模式。如今,我們已經掌握了5G技術、物聯網、人工智能、雲科技和機器學習。諸類科技將會幫助我們提高工作效率,節約工作時間,降低生產成本,並創造新的商機,變成我們日常生活中必不可少的一部分。
儘管關於技術的樂觀論調可謂老生常談,但長遠來看,這並非完全正確,即——“世界向未來數字化發展的程度越高,所帶來的網絡攻擊風險也就越大。”
現代技術將增加我們在線創建的數據量,保護這些數據資料,將會成為未來十年重中之重的主要任務,從系統安全到網絡安全,企業將面臨優化網絡安全問題的挑戰——能否成功地防止惡意網絡攻擊。
隨著科技發展日新月異,網絡安全的漏洞難以洞察,因此我們很難阻止惡意網絡攻擊,並且由於我們對網絡攻擊缺乏充分地瞭解而導致計算機防護技術的發展變得更加困難,這片灰色地帶成為惡意攻擊者的絕佳目標。
因此,讓我們回顧某些當下的技術、現代法規以及企業在網絡安全方面可以採取哪些措施來應對網絡安全威脅。
5G的到來及網絡安全隱患
隨著5G試運行和全面實行的到來,我們正進入通信和創新型消費者服務的新階段。由於5G的運行需要公司和其人員切換到全軟件網絡,因此持續運作更新的網絡閉環可能會導致網絡安全隱患。
這些頻繁的更新類似於智能手機軟件的更新,但是關於5G網絡的更新可能會引發安全風險。由於發送和接收信息的5G連接設備數量增加,且遠程訪問變得更加普遍,因此早期5G使用者必須應對5G技術所帶來的安全風險。但跟5G使用者比起來,網絡安全專家更應當未雨綢繆。
隨著用戶和使用率的提高,5G寬帶的擴展將會為研究網絡安全漏洞的專家提供發展機會。隨著5G全面覆蓋企業和城市,網絡攻擊的覆蓋面將變得加寬泛,這將使政府和私營企業必須大力推廣和革新其安全工具和策略,以保護其設備、網絡和應用程序免受惡意攻擊。
由於網絡安全基礎設施的缺乏,早期的使用者可能會面臨5G網絡的授權和識別問題。訪問系統可能會對數據和安全性造成嚴重的威脅,也許這些早期的5G用戶可能會對5G網絡訪問表現出極大的不信任和排斥。
網絡釣魚並沒有結束
儘管數字領域技術飛速發展,但網絡安全專家還是不得不應對網絡釣魚攻擊。這些攻擊的目標通常是滲透網絡或感染網絡本身的用戶。
即使網絡釣魚已經成為屢見不鮮的網絡攻擊手段,但黑客和惡意攻擊者變得越來越聰明(這也得益於科技發展),他們的攻擊手段也變得越來越狡詐。因此,就像2019年一樣,反釣魚的安全措施同樣在2020年也是有必要得到重視。
黑客們自然也心知肚明,由於無法完全禁用所有電子郵件,因此人們很難消除諸如電子郵件欺詐之類的漏洞。與其他現代黑客(例如,利用零日漏洞)相反,網絡釣魚是一種進入網絡內部的簡便方法。
如今,公司必須時刻警惕這些釣魚郵件,因為他們一旦失誤點擊就可以為入侵者打開後門,讓黑客隨意進入網絡內部,從而控制和破壞公司網絡。
大多數專家面臨的問題是,沒有一個解決方案可以阻止釣魚攻擊的成功。最後,這些攻擊被歸結為盲目點擊、人為錯誤和缺乏專業性知識。
在未經確認的情況下阻止下載,在直接打開任何鏈接之前對郵件進行預判,以及使用反惡意軟件和反間諜軟件來屏蔽和監控潛在的惡意活動,這些都能幫助你減輕危害,卻不一定能完全阻止危害。
基於人工智能和機器學習的漏洞不容小覷
隨著機器學習和人工智能市場的發展,在不同的業務操作、系統和基礎設施中的應用將會成為亟待解決的挑戰問題。這些資源密集型技術需要付出巨大努力來保護它們免受潛在攻擊的攻擊。
人工智能和基於機器學習的設備和軟件必須在數據的幫助下進行培訓,專家必須密切關注正在使用的數據類型。虛假數據破壞了機器學習的算法,同時,這種數據的“注入”也會阻礙“訓練”過程。
這會導致算法看似運行穩定,但卻會產生差強人意的結果,在分析產品和應用程序的情況下,這可能會讓企業損失數百萬美元。
專家監測和分析指出,未來,數據對於人工智能和機器學習技術至關重要,因為所使用的數據集也是必須解決的安全漏洞。
在當今的形勢下,由於人工智能和機器學習是在封閉的環境中運行的,所以數據漏洞問題並不會經常出現。但是一旦在商業領域中開始擴展某些數據程序,那就一定會出現漏洞。
當類似威脅分析和數據審查實現自動化時,黑客就可以利用這些程序誤導公司,從而產生錯誤的算法,且不會暴露出任何蜘絲馬跡。此外,該技術本身可以用於發現新的漏洞、研發突破性的安全措施,並通過用於保護網絡的相同算法滲透到系統中。
《加州消費者隱私法》現已生效
《加州消費者隱私法》可以被視作加州的《通用數據保護條例》。它從2020年1月1日開始實施,使商業世界走向一個新的方向,推出了更多的問責措施,重新建立起消費者和企業之間失去的信任。在這些案件中,公司和客戶之間的關係過去和現在仍然依賴於共享個人信息,用以獲得更好、更有針對性的服務,但議員們卻認為這種做法被濫用了。
該法案明確了涉及到企業從用戶那裡收集到的個人信息的訪問、刪除和共享的消費者權利。如果你的業務是收集用戶信息,根據加州消費者隱私法,你需要提供一個合法理由,為什麼你要收集這些信息,這些信息是什麼,你將如何使用這個信息,如果用戶選擇拒絕提供這些個人信息,那企業需要指導用戶完成通過數據庫刪除這些信息。
在華為5G技術被指控可能會對信息安全造成威脅後,人們對網絡安全和數據保護問題的擔憂登上熱搜,這導致了美國政府禁止所有美國企業與中國科技巨頭進行商業合作。
當今世界,越來越多的人要求更為嚴格的監管,要求服務商確保客戶的數據安然無恙,並保證最大程度的數據保護,這成為科技公司的重中之重。
《加州消費者隱私法》強制企業執行一項程序,要求企業獲得父母或監護人以及未成年人(如果他們的年齡在13到16歲之間)的同意,以收集和共享他們的數據。
附加條款:“拒絕出售個人信息權”,此條款規定,商業網站須在其主頁設置網頁告示,從而告如若網站業務有洩漏個人隱私數據的風險時,消費者有合法的權利拒絕其網站提供的業務。
企業和公司被要求用新要求的信息更新各自的隱私政策,包括但不限於對加州居民權利的描述。
然而這些更為直截了當的法律,是為確保隱私保護和數據保護而制定的,但加州消費者隱私法採取的另一項措施是,要求企業避免向那些在12個月內選擇退出該選項的居民發出申請。
這裡使用的術語是“避免”。確實給企業留下了灰色地帶,考慮到商業活動主要圍繞數據收集進行,如果沒有這些數據,公司就無法推廣具體的交易或投放廣告,而12個月的強制性等待期可能不利於企業的運作。
從歐盟對反壟斷Adsense廣告的15億歐元罰款就可以看出《通用數據保護條例》的影響力,這一判罰於2019年生效,並使歐盟反壟斷法案的總金額達到82億歐元。《通用數據保護條例》希望企業合理合法地使用用戶數據,而且如果企業違反該法例將會對其進行嚴重的財務處罰,從而強制確保企業對數據採取強而有力地保護、監管和使用措施。
《加州消費者保護法》與其相似,並從2020年年初開始生效,它有望通過採取最有效的安全措施,使加州企業遵守保護消費者的規定。
對於總部位於加州的企業來說,向加州消費者隱私法合規過渡至關重要,而且必須儘快完成,以限制可能出現的罰款。對於非加州的企業來說,計劃並實施這一改變也很關鍵。即使聯邦政府不採納加州消費者隱私法,向紐約這樣的其他州也極有可能採用他們自己的“加州消費者隱私法”。
聘請安全專家,關注合規性、投入資源以確保成功過渡到後CCPA時代,是2020企業應該關注的事情。
微軟與Linux—雲主導未來
Windows的未來似乎正在轉向基於雲的平臺,雲個人電腦的工作原理與其他基於雲的平臺和服務類似。最有可能的是,用戶將不得不支付訂閱,以獲得訪問PC端上預先設置的應用程序包。
有趣的是,微軟採用了Linux系統,並逐步向基於Linux的操作系統進行過渡。
聽起來令人困惑,對吧?如果你打算在短期內繼續使用微軟的任何資源,你就需要掌握它。
未來,Windows可能會在前端保持不變,基於雲的PC會提供一個類似於我們已經習慣的Windows操作系統的用戶界面,但在後端,微軟可能會部署一個完整的linux設置。
由於大多數虛擬機現在都在Linux迭代運行,完整的Linux部署也在進行之中,目前40%的微軟雲操作系統也運行在Linux上。
在後臺使用有幾個重要的好處,特別是對企業而言。比如:
用戶更換新的PC後,更新補丁將比之前更容易。此項維修旨在升級和更新硬件,並且硬件的發佈較為直接化。
對於企業來說,Linux將是一個更放心的安全平臺,對於存儲敏感數據,Linux更加固若金湯,由於只有管理員具有根訪問權限,所以這有助於控制系統漏洞。
該服務更有可能採用更加強大的安全系統,比目前硬件使用用戶的系統更加安全,這意味著你將獲得企業級的安全防護,這也會幫助你對抗日益增長的網絡襲擊的威脅。
對於企業而言,投資強大的安全信息基礎設施是非常有必要的,而在Tekrevol,我們也在嘗試類似的安全基礎設施研發。
從安全的角度來看,Linux是未來十年操作系統的關鍵,如果操作系統的可適用性對您個人網絡系統的使用具有較為重要的影響,那麼您確實需要了解Linux具體是如何確保你網絡系統的安全性。
網絡安全趨勢如何影響商業部署?
根據埃森哲的研究表明,68%的商業高管認為他們的企業遭受網絡攻擊的風險增加了。到2020年,商界精英和企業家的首要任務將是應對這些麻煩事。
解決這個問題需要領導者獲得更多的知識儲備、技能和工具來改進他們組織的安全協議。協議包括網絡保護和數據保護,以防止潛在性的的網絡入侵。
我們預料到對於網絡安全專家,機器在線設計安全專家和系統安全專家的需求將會增加。一般而言,對跨技術的安全專家的需求也會增加。
企業必須為物聯網,5G和基於人工智能的產品等技術將引入新的風險評估模型。
據高德納分析,網絡安全風險是首席審計執行官最關心的業務之一。
到2020年,企業將到達一個臨界點,要麼開發出低於網絡脆弱性風險的戰略和技術,要麼落後,但這將損害他們在各自市場上的業績。
同樣,我們可以預知到,為了解決這種日益增長的威脅,大公司收購數字安全初創公司的交易將創下歷史新高。
到2020年,如何遵守政府法規並建立嚴格的現代技術安全協議將是決定企業成功的關鍵。因此,如果你是一個希望擴大規模的企業家,你業務的核心部分必須轉移到建立強壯的安全基礎設施。
編後按
數字化未來是毋庸置疑的,但僅僅關注潛在便益並不能解決問題。對於企業來說,重要的是意識到自己對消費者的責任,並採取必要的措施來確保數據安全和其他網絡渠道的安全。
同樣重要的是,它們必須高度關注自身平臺、服務和產品的安全性,以保證採用現代技術能夠帶來良好的成效。我們所談論的技術具有巨大的潛力,但是向科技世界發展的過程中需要我們做足充分準備,確保信息安全。
當今的企業必須投入更多資金來優化網絡安全工作,創新網絡安防戰略,投用新的網絡基礎架構,利用現代工具來確保他們處於領先地位,並準備好應對任何可能出現的網絡威脅。
原文如下
The year 2020 is overcome with the COVID-19. But the virus isn’t the only threat to our security. 2020 is also set to revolutionize the world with advancements that will shape the future of lives and businesses, alike. We now have 5G and IoT to Artificial Intelligence, Cloud technology, and Machine Learning. These technologies will become an integral part of our daily lives in creating efficiency, saving time, reducing costs, and unlocking new opportunities.
Though this optimistic language is something you hear quite often (and it’s not untrue to a large degree), the more the world transforms towards a digital future, the higher the rise in threats of Cyberattacks.
Modern technology is set to increase the amount of data we create online, and protecting this data will be one of the defining arcs of this decade. From system security to network security, businesses will face challenges in optimizing their cybersecurity to prevent malicious attacks from being successful.
It is hard to prevent malicious attacks because these technologies are new, vulnerabilities are less known, scalability harder due to a lack of familiarity, thereby making all of these ambiguities an excellent target for bad actors to exploit.
So let’s take a look at some of these technologies, modern regulations in place, and what businesses can do to combat this threat with regards to their cybersecurity.
The Advent of 5G and It’s Cybersecurity Vulnerabilities
As 5G trials and roll-outs happen, we are entering a new era of communication and innovative consumer services. As the adoption of 5G will require companies and people to switch to all-software networks, the cycle of constant updates might result in security vulnerabilities.
These frequent updates are similar to the updates of smartphone software, but those about 5G networks can lead to security risks. Risks are something that early adopters will have to deal with since the number of 5G connected devices that send and receive information increases and remote access becomes much more commonplace, cybersecurity experts will have a huge challenge in front of them.
With increased users and use, expanding the bandwidth for 5G will present opportunities for experts looking to exploit these vulnerabilities. As enterprises and cities become 5G powered, the attack surface will become much larger, putting the burden on governments and private enterprises to pump up and revolutionize their security tools and strategies to safeguard their devices, networks, and applications against malicious attackers.
One problem that early adopters might face due to a lack of security infrastructure could be the authorization and identification of a 5G network. Access to the system can allow a significant threat to data and security, and perhaps these early users might adopt a stringent no-trust policy with regards to 5G network access.
Don’t Think Phishing Is Over
Though technology is evolving rapidly in the digital landscape, cybersecurity experts will have to deal with phishing attacks. These attacks are often targeted to penetrate a network or infect the users of the network itself.
Though phishing is a generally well-known attack, hackers and malicious actors are becoming smarter (thanks to technological evolution), and their attacks are becoming more and more sophisticated. So like 2019, security measures against Phishing will also be necessary for 2020 as well.
Exploits such as email phishing are hard to eliminate as a problem since you can’t really disable emails altogether, and hackers know that. Phishing is also an easier way to get inside a network as opposed to other modern hacks, such as exploiting a zero-day vulnerability.
Companies today have to always beware of these phishing emails since they only take one wrong click by someone with access to admin credentials on a network to open a backdoor that allows malicious actors to get in, take control, and corrupt the company’s network.
The problem that most experts face is that there is no one solution to stop phishing attacks from succeeding. At the end of the day, these attacks can boil down to a reckless click, human error, and lack of knowledge.
Blocking downloads without confirmation, assessing the email before opening any links directly, and using anti-malware and anti-spyware software to block or monitor potential malicious activities could help you mitigate the harm but not necessarily prevent it entirely.
A. I. and ML Based Cybersecurity Vulnerabilities Can’t be Ignored
As the Machine Learning and Artificial Intelligence market grow, their application in different business operations, systems, and infrastructure will be a challenge to overcome. These technologies are incredibly resource-intensive and will require significant efforts to make them secure against potential attacks.
AI and ML-based devices and software have to be trained with the help of data, and experts will have to keep a keen eye on the kind of data that is being used. Data duping to corrupt the learning process of the Machine Learning algorithm can be injected to hamper the training process.
This can lead to the algorithm working seemingly fine but producing wrong results, which could, in the case of analytical products and applications, cost businesses millions of dollars.
How experts monitor and analyze the data will play a crucial part in the future of A.I and ML since the data set being used can be a security vulnerability that will have to be dealt with.
In the current climate, this is a less severe issue due to A.I and ML operating in specialized environments, but once businesses begin to scale these processes, there are bound to be vulnerabilities.
When processes such as threat analysis and data review become completely automated, malicious actors could exploit these processes to misguide companies and manipulate results without any obviously apparent problems. Furthermore, the technology itself can be used to discover new vulnerabilities, breakthrough security measures, and tools, and penetrate systems through the same algorithm that is being used to protect networks.
California Consumer Protection Act(CCPA) Is Now In Effect.
The California Consumer Privacy Act can be considered California’s GDPR. It became active from January 1, 2020, pushing the world of business in a new direction, with more accountability measures being ensured to re-establish the lost trust between consumers and companies. A company to client relationships in these cases was and still is dependent on the sharing of personal information for better and more targeted services, something that lawmakers think has been misused.
The bill established new consumer rights relating to the access, deletion, and sharing of personal information that businesses collect from their users. If your business is collecting user information, under CCPA, your business has to provide a reason as to why you’re collecting this information, what this information is, how you will use this information, and guide users through the process of deleting that information from your database, if they choose to do so.
The concerns with regards to cybersecurity and data protection became news after the claim of Huawei’s 5g technology being a possible threat of the security that resulted in the US government banning all US businesses from dealing with the Chinese tech giants.
In such a world, the burden on Tech companies to ensure maximum data protection came into a significant highlight, with more and more people pushing for stricter regulations and demanding accountability from service providers to ensure that the data of their customers are in safe hands.
The CCPA enforces businesses to implement a process that allows them to obtain the consent of a parent or a guardian and the minor if they’re between the age of 13 and 16 to collect and share their data for the business’ purposes.
This comes with the additional “Right to Say No to Sale of Personal Information” which is to be provided through a web link on the homepage of a business’ website that redirects users to a page where they can opt-out their consent protecting their data and personal information from being sold by the business legally.
Businesses and Companies are required to update their respective privacy policies with the newly required information, including but not limited to the description of California residents’ rights.
While these are the more straightforward laws that are placed within the CCPA to ensure privacy protection and data protection, another measure the CCPA takes is to ask businesses to avoid sending opt-in requests to residents who have opted out of the option for a period of 12 months.
The used terminology, which is “avoid” while does leave a gray area for businesses to use, it takes into account that business activities mainly revolve around data gathering, in the absence of which companies cannot promote specific deals or show ads, for which a 12 month mandatory waiting period could be detrimental to the functioning of the business.
The power of GDPR can be seen through the European Union’s 1.5 Billion Euro fine for anti-trust AdSense advertising. This fine, which was levied in 2019, brought the overall EU anti-trust bill to 8.2 Billion Euros. GDPR expects companies to use data responsibly and its breach weighs significant financial damage to businesses, creating a force that ensures that companies adopt the best data protection, regulation, and use policies.
CCPA is a similar force, being in effect from the beginning of the year. It expects businesses in California to adopt the best security practices and comply with the regulations set to protect consumers.
For businesses based in California, transitioning to CCPA compliance is crucial, and it has to be done as soon as possible, to limit the potential fines that might be coming their way. For businesses that are not California-based, planning to make this change and implementing it is also crucial. It’s likely that other states such as New York will most likely adopt their own version of the CCPA, even if it is not adopted by the Federal government.
Hiring security specialists, focusing on compliance, and devoting resources to ensure that there is a successful transition to a post-CCPA world is something that businesses in 2020 should be looking towards.
Microsoft and Linux – The future is Cloud
The future of Windows seems to be shifting towards a cloud-based platform. Cloud PCs will work similarly to how other cloud-based platforms and services work. Most likely, users will have to pay a subscription to gain access to a pre-set app bundle to run on the PC.
What makes Microsoft more interesting is their adoption of Linux and transitioning towards a Linux-based operating system.
Sounds confusing, right? Well, you need to grasp hold of it if you are planning to continue using any resources from Microsoft shortly.
The future of Windows might stay the same on the front-end, with cloud-based PCs providing a similar UI to the Windows OS we’ve grown up accustomed to, but on the back-end, Microsoft might deploy a full-Linux setup.
A fulltime Linux setup is happening because most VMs are now running on Linux iterations. Even Microsoft Azure has around 40% of its machines running on Linux at the moment.
There are a few substantial benefits of using on the Back-end, especially for businesses. Here are the benefits:
Migration from an older PC to a new one, its updates, and patches will become easier than before. The service will upgrade the hardware, take care of the updates and release them directly, and deal with migration.
For businesses, Linux is a much better platform for security. Linux is a safer platform for storing sensitive data with only the admins having the root access, helping keeping system vulnerabilities in check.
The service is more likely to adopt a more robust security system than you would on your own hardware, which means that you will gain access to enterprise-grade security, helping you combat the rising threat of cyber-attacks.
For businesses, it is imperative to start investing in robust security infrastructure, and at Tekrevol, we’re trying our hand with some as well.
From a security standpoint, Linux is key to OS in the next decade. If you too have a wide range of OS applicability critical to your internal systems, you really need to know how Linux can make your security more concrete.
How Will Cybersecurity Trends Impact Business strategy?
According to one study by Accenture, 68% of business leaders think that there is an increased risk of a cyber-attack on their business. The year 2020 will be one where tackling these threats will become a primary focus of business leaders and entrepreneurs.
Combating this problem will require these leaders to acquire more knowledge, skills, and tools to improve their organization’s security protocols. Protocols includes network protection and data protection against possible breaches.
We can expect an increased demand for network security specialists, ML design security specialists, and system security experts. In general, the demand for security specialists across technologies will also increase.
Businesses will have to incorporate new risk assessment models for technologies such as IoT, 5G, and AI-based products.
According to Gartner’s press release, cybersecurity risk is one of the top concerns that chief audit executives have with regards to their businesses.
In 2020, businesses will come to a tipping point where they will either develop strategies and technologies that help combat the risk of cyber vulnerability, or the lack of evolution will hurt their performance in the market.
Similarly, one can foresee big corporations acquiring digital security startups for record-high acquisitions to keep up with this rising threat.
How businesses achieve compliance with government regulations and establish strict security protocols with regards to modern tech will define their success in the year 2020. So, if you’re a business owner looking to scale, transferring your focus towards establishing a robust security infrastructure has to be a central part of your business strategy.
Wrapping Things Up:
The future is digital, there is no denying it but simply focusing on the possible benefits isn’t going to cut it. For businesses, it is crucial to realize their responsibility towards consumers and take the necessary steps to ensure data protection and other cybersecurity avenues.
It is also vital for them to focus strongly on the security of their own platforms, services, and products to ensure that the adoption of modern technology drives positive results. The technologies we’ve talked about have great potential, but the journey into the world of technology requires avid preparation to ensure security and safety.
Businesses today have to invest more into optimizing their security, create new strategies, implement new infrastructure, and leverage modern tools to ensure that they are ahead of the and ready to fight any cyber-threats that may come their way.
閱讀更多 數據觀 的文章
