行业报告 AI展会 数据标注 标注供求
数据标注数据集
主页 > 大数据 > 正文

译科技 | 网络安全:集现代技术和商业威胁为一

Cybersecurity, Modern Technology and Business Threats

数据观 | 张青青(译)

  The year 2020 is overcome with the COVID-19. But the virus isn’t the only threat to our security. 2020 is also set to revolutionize the world with advancements that will shape the future of lives and businesses, alike. We now have 5G and IoT to Artificial Intelligence, Cloud technology, and Machine Learning. These technologies will become an integral part of our daily lives in creating efficiency, saving time, reducing costs, and unlocking new opportunities.

  2020年新冠病毒席卷全球,但这并非是危及人类安全的唯一威胁。2020年也是某些先进技术改变世界的一年,这些先进的技术变革将会改变未来人类社会的生活方式和商业模式。如今,我们已经掌握了5G技术、物联网、人工智能、云科技和机器学习。诸类科技将会帮助我们提高工作效率,节约工作时间,降低生产成本,并创造新的商机,变成我们日常生活中必不可少的一部分。

  Though this optimistic language is something you hear quite often (and it’s not untrue to a large degree), the more the world transforms towards a digital future, the higher the rise in threats of Cyberattacks.

  尽管关于技术的乐观论调可谓老生常谈,但长远来看,这并非完全正确,即——“世界向未来数字化发展的程度越高,所带来的网络攻击风险也就越大。”

  Modern technology is set to increase the amount of data we create online, and protecting this data will be one of the defining arcs of this decade. From system security to network security, businesses will face challenges in optimizing their cybersecurity to prevent malicious attacks from being successful.

  现代技术将增加我们在线创建的数据量,保护这些数据资料,将会成为未来十年重中之重的主要任务,从系统安全到网络安全,企业将面临优化网络安全问题的挑战——能否成功地防止恶意网络攻击。

  It is hard to prevent malicious attacks because these technologies are new, vulnerabilities are less known, scalability harder due to a lack of familiarity, thereby making all of these ambiguities an excellent target for bad actors to exploit.

  随着科技发展日新月异,网络安全的漏洞难以洞察,因此我们很难阻止恶意网络攻击,并且由于我们对网络攻击缺乏充分地了解而导致计算机防护技术的发展变得更加困难,这片灰色地带成为恶意攻击者的绝佳目标。

  So let’s take a look at some of these technologies, modern regulations in place, and what businesses can do to combat this threat with regards to their cybersecurity.

  因此,让我们回顾某些当下的技术、现代法规以及企业在网络安全方面可以采取哪些措施来应对网络安全威胁。

  The Advent of 5G and It’s Cybersecurity Vulnerabilities 5G的到来及网络安全隐患

  As 5G trials and roll-outs happen, we are entering a new era of communication and innovative consumer services. As the adoption of 5G will require companies and people to switch to all-software networks, the cycle of constant updates might result in security vulnerabilities.

  随着5G试运行和全面实行的到来,我们正进入通信和创新型消费者服务的新阶段。由于5G的运行需要公司和其人员切换到全软件网络,因此持续运作更新的网络闭环可能会导致网络安全隐患。

  These frequent updates are similar to the updates of smartphone software, but those about 5G networks can lead to security risks. Risks are something that early adopters will have to deal with since the number of 5G connected devices that send and receive information increases and remote access becomes much more commonplace, cybersecurity experts will have a huge challenge in front of them.

  这些频繁的更新类似于智能手机软件的更新,但是关于5G网络的更新可能会引发安全风险。由于发送和接收信息的5G连接设备数量增加,且远程访问变得更加普遍,因此早期5G使用者必须应对5G技术所带来的安全风险。但跟5G使用者比起来,网络安全专家更应当未雨绸缪。

  With increased users and use, expanding the bandwidth for 5G will present opportunities for experts looking to exploit these vulnerabilities. As enterprises and cities become 5G powered, the attack surface will become much larger, putting the burden on governments and private enterprises to pump up and revolutionize their security tools and strategies to safeguard their devices, networks, and applications against malicious attackers.

  随着用户和使用率的提高,5G宽带的扩展将会为研究网络安全漏洞的专家提供发展机会。随着5G全面覆盖企业和城市,网络攻击的覆盖面将变得加宽泛,这将使政府和私营企业必须大力推广和革新其安全工具和策略,以保护其设备、网络和应用程序免受恶意攻击。

  One problem that early adopters might face due to a lack of security infrastructure could be the authorization and identification of a 5G network. Access to the system can allow a significant threat to data and security, and perhaps these early users might adopt a stringent no-trust policy with regards to 5G network access.

  由于网络安全基础设施的缺乏,早期的使用者可能会面临5G网络的授权和识别问题。访问系统可能会对数据和安全性造成严重的威胁,也许这些早期的5G用户可能会对5G网络访问表现出极大的不信任和排斥。

  Don’t Think Phishing Is Over 网络钓鱼并没有结束

  Though technology is evolving rapidly in the digital landscape, cybersecurity experts will have to deal with phishing attacks. These attacks are often targeted to penetrate a network or infect the users of the network itself.

  尽管数字领域技术飞速发展,但网络安全专家还是不得不应对网络钓鱼攻击。 这些攻击的目标通常是渗透网络或感染网络本身的用户。

  Though phishing is a generally well-known attack, hackers and malicious actors are becoming smarter (thanks to technological evolution), and their attacks are becoming more and more sophisticated. So like 2019, security measures against Phishing will also be necessary for 2020 as well.

  即使网络钓鱼已经成为屡见不鲜的网络攻击手段,但黑客和恶意攻击者变得越来越聪明(这也得益于科技发展),他们的攻击手段也变得越来越狡诈。因此,就像2019年一样,反钓鱼的安全措施同样在2020年也是有必要得到重视。

  Exploits such as email phishing are hard to eliminate as a problem since you can’t really disable emails altogether, and hackers know that. Phishing is also an easier way to get inside a network as opposed to other modern hacks, such as exploiting a zero-day vulnerability.

  黑客们自然也心知肚明,由于无法完全禁用所有电子邮件,因此人们很难消除诸如电子邮件欺诈之类的漏洞。 与其他现代黑客(例如,利用零日漏洞)相反,网络钓鱼是一种进入网络内部的简便方法。

  Companies today have to always beware of these phishing emails since they only take one wrong click by someone with access to admin credentials on a network to open a backdoor that allows malicious actors to get in, take control, and corrupt the company’s network.

  如今,公司必须时刻警惕这些钓鱼邮件,因为他们一旦失误点击就可以为入侵者打开后门,让黑客随意进入网络内部,从而控制和破坏公司网络。

  The problem that most experts face is that there is no one solution to stop phishing attacks from succeeding. At the end of the day, these attacks can boil down to a reckless click, human error, and lack of knowledge.

  大多数专家面临的问题是,没有一个解决方案可以阻止钓鱼攻击的成功。最后,这些攻击被归结为盲目点击、人为错误和缺乏专业性知识。

  Blocking downloads without confirmation, assessing the email before opening any links directly, and using anti-malware and anti-spyware software to block or monitor potential malicious activities could help you mitigate the harm but not necessarily prevent it entirely.

  在未经确认的情况下阻止下载,在直接打开任何链接之前对邮件进行预判,以及使用反恶意软件和反间谍软件来屏蔽和监控潜在的恶意活动,这些都能帮助你减轻危害,却不一定能完全阻止危害。

  A. I. and ML Based Cybersecurity Vulnerabilities Can’t be Ignored 基于人工智能和机器学习的漏洞不容小觑

  As the Machine Learning and Artificial Intelligence market grow, their application in different business operations, systems, and infrastructure will be a challenge to overcome. These technologies are incredibly resource-intensive and will require significant efforts to make them secure against potential attacks.

  随着机器学习和人工智能市场的发展,在不同的业务操作、系统和基础设施中的应用将会成为亟待解决的挑战问题。这些资源密集型技术需要付出巨大努力来保护它们免受潜在攻击的攻击。

  AI and ML-based devices and software have to be trained with the help of data, and experts will have to keep a keen eye on the kind of data that is being used. Data duping to corrupt the learning process of the Machine Learning algorithm can be injected to hamper the training process.

  人工智能和基于机器学习的设备和软件必须在数据的帮助下进行培训,专家必须密切关注正在使用的数据类型。虚假数据破坏了机器学习的算法,同时,这种数据的“注入”也会阻碍“训练”过程。

  This can lead to the algorithm working seemingly fine but producing wrong results, which could, in the case of analytical products and applications, cost businesses millions of dollars.

  这会导致算法看似运行稳定,但却会产生差强人意的结果,在分析产品和应用程序的情况下,这可能会让企业损失数百万美元。

  How experts monitor and analyze the data will play a crucial part in the future of A.I and ML since the data set being used can be a security vulnerability that will have to be dealt with.

  专家监测和分析指出,未来,数据对于人工智能和机器学习技术至关重要,因为所使用的数据集也是必须解决的安全漏洞。

  In the current climate, this is a less severe issue due to A.I and ML operating in specialized environments, but once businesses begin to scale these processes, there are bound to be vulnerabilities.

  在当今的形势下,由于人工智能和机器学习是在封闭的环境中运行的,所以数据漏洞问题并不会经常出现。但是一旦在商业领域中开始扩展某些数据程序,那就一定会出现漏洞。

  When processes such as threat analysis and data review become completely automated, malicious actors could exploit these processes to misguide companies and manipulate results without any obviously apparent problems. Furthermore, the technology itself can be used to discover new vulnerabilities, breakthrough security measures, and tools, and penetrate systems through the same algorithm that is being used to protect networks.

  当类似威胁分析和数据审查实现自动化时,黑客就可以利用这些程序误导公司,从而产生错误的算法,且不会暴露出任何蜘丝马迹。此外,该技术本身可以用于发现新的漏洞、研发突破性的安全措施,并通过用于保护网络的相同算法渗透到系统中。

  California Consumer Protection Act(CCPA) Is Now In Effect. 《加州消费者隐私法》现已生效

  The California Consumer Privacy Act can be considered California’s GDPR. It became active from January 1, 2020, pushing the world of business in a new direction, with more accountability measures being ensured to re-establish the lost trust between consumers and companies. A company to client relationships in these cases was and still is dependent on the sharing of personal information for better and more targeted services, something that lawmakers think has been misused.

  《加州消费者隐私法》可以被视作加州的《通用数据保护条例》。它从2020年1月1日开始实施,使商业世界走向一个新的方向,推出了更多的问责措施,重新建立起消费者和企业之间失去的信任。在这些案件中,公司和客户之间的关系过去和现在仍然依赖于共享个人信息,用以获得更好、更有针对性的服务,但议员们却认为这种做法被滥用了。

  The bill established new consumer rights relating to the access, deletion, and sharing of personal information that businesses collect from their users. If your business is collecting user information, under CCPA, your business has to provide a reason as to why you’re collecting this information, what this information is, how you will use this information, and guide users through the process of deleting that information from your database, if they choose to do so.

  该法案明确了涉及到企业从用户那里收集到的个人信息的访问、删除和共享的消费者权利。如果你的业务是收集用户信息,根据加州消费者隐私法,你需要提供一个合法理由,为什么你要收集这些信息,这些信息是什么,你将如何使用这个信息,如果用户选择拒绝提供这些个人信息,那企业需要指导用户完成通过数据库删除这些信息。

  The concerns with regards to cybersecurity and data protection became news after the claim of Huawei’s 5g technology being a possible threat of the security that resulted in the US government banning all US businesses from dealing with the Chinese tech giants.

  在华为5G技术被指控可能会对信息安全造成威胁后,人们对网络安全和数据保护问题的担忧登上热搜,这导致了美国政府禁止所有美国企业与中国科技巨头进行商业合作。

  In such a world, the burden on Tech companies to ensure maximum data protection came into a significant highlight, with more and more people pushing for stricter regulations and demanding accountability from service providers to ensure that the data of their customers are in safe hands.

  当今世界,越来越多的人要求更为严格的监管,要求服务商确保客户的数据安然无恙,并保证最大程度的数据保护,这成为科技公司的重中之重。

  The CCPA enforces businesses to implement a process that allows them to obtain the consent of a parent or a guardian and the minor if they’re between the age of 13 and 16 to collect and share their data for the business’ purposes.

  《加州消费者隐私法》强制企业执行一项程序,要求企业获得父母或监护人以及未成年人(如果他们的年龄在13到16岁之间)的同意,以收集和共享他们的数据。

  This comes with the additional “Right to Say No to Sale of Personal Information” which is to be provided through a web link on the homepage of a business’ website that redirects users to a page where they can opt-out their consent protecting their data and personal information from being sold by the business legally.

  附加条款:“拒绝出售个人信息权”,此条款规定,商业网站须在其主页设置网页告示,从而告如若网站业务有泄漏个人隐私数据的风险时,消费者有合法的权利拒绝其网站提供的业务。

  Businesses and Companies are required to update their respective privacy policies with the newly required information, including but not limited to the description of California residents’ rights.

  企业和公司被要求用新要求的信息更新各自的隐私政策,包括但不限于对加州居民权利的描述。

  While these are the more straightforward laws that are placed within the CCPA to ensure privacy protection and data protection, another measure the CCPA takes is to ask businesses to avoid sending opt-in requests to residents who have opted out of the option for a period of 12 months.

  然而这些更为直截了当的法律,是为确保隐私保护和数据保护而制定的,但加州消费者隐私法采取的另一项措施是,要求企业避免向那些在12个月内选择退出该选项的居民发出申请。

  The used terminology, which is “avoid” while does leave a gray area for businesses to use, it takes into account that business activities mainly revolve around data gathering, in the absence of which companies cannot promote specific deals or show ads, for which a 12 month mandatory waiting period could be detrimental to the functioning of the business.

  这里使用的术语是“避免”。确实给企业留下了灰色地带,考虑到商业活动主要围绕数据收集进行,如果没有这些数据,公司就无法推广具体的交易或投放广告,而12个月的强制性等待期可能不利于企业的运作。

  The power of GDPR can be seen through the European Union’s 1.5 Billion Euro fine for anti-trust AdSense advertising. This fine, which was levied in 2019, brought the overall EU anti-trust bill to 8.2 Billion Euros. GDPR expects companies to use data responsibly and its breach weighs significant financial damage to businesses, creating a force that ensures that companies adopt the best data protection, regulation, and use policies.

  从欧盟对反垄断Adsense广告的15亿欧元罚款就可以看出《通用数据保护条例》的影响力,这一判罚于2019年生效,并使欧盟反垄断法案的总金额达到82亿欧元。《通用数据保护条例》希望企业合理合法地使用用户数据,而且如果企业违反该法例将会对其进行严重的财务处罚,从而强制确保企业对数据采取强而有力地保护、监管和使用措施。

  CCPA is a similar force, being in effect from the beginning of the year. It expects businesses in California to adopt the best security practices and comply with the regulations set to protect consumers.

  《加州消费者保护法》与其相似,并从2020年年初开始生效,它有望通过采取最有效的安全措施,使加州企业遵守保护消费者的规定。

  For businesses based in California, transitioning to CCPA compliance is crucial, and it has to be done as soon as possible, to limit the potential fines that might be coming their way. For businesses that are not California-based, planning to make this change and implementing it is also crucial. It’s likely that other states such as New York will most likely adopt their own version of the CCPA, even if it is not adopted by the Federal government.

  对于总部位于加州的企业来说,向加州消费者隐私法合规过渡至关重要,而且必须尽快完成,以限制可能出现的罚款。对于非加州的企业来说,计划并实施这一改变也很关键。即使联邦政府不采纳加州消费者隐私法,向纽约这样的其他州也极有可能采用他们自己的“加州消费者隐私法”。

  Hiring security specialists, focusing on compliance, and devoting resources to ensure that there is a successful transition to a post-CCPA world is something that businesses in 2020 should be looking towards.

  聘请安全专家,关注合规性、投入资源以确保成功过渡到后CCPA时代,是2020企业应该关注的事情。

  Microsoft and Linux – The future is Cloud 微软与Linux—云主导未来

  The future of Windows seems to be shifting towards a cloud-based platform. Cloud PCs will work similarly to how other cloud-based platforms and services work. Most likely, users will have to pay a subscription to gain access to a pre-set app bundle to run on the PC.

  Windows的未来似乎正在转向基于云的平台,云个人电脑的工作原理与其他基于云的平台和服务类似。最有可能的是,用户将不得不支付订阅,以获得访问PC端上预先设置的应用程序包。

  What makes Microsoft more interesting is their adoption of Linux and transitioning towards a Linux-based operating system.

  有趣的是,微软采用了Linux系统,并逐步向基于Linux的操作系统进行过渡。

  Sounds confusing, right? Well, you need to grasp hold of it if you are planning to continue using any resources from Microsoft shortly.

  听起来令人困惑,对吧?如果你打算在短期内继续使用微软的任何资源,你就需要掌握它。

  The future of Windows might stay the same on the front-end, with cloud-based PCs providing a similar UI to the Windows OS we’ve grown up accustomed to, but on the back-end, Microsoft might deploy a full-Linux setup.

  未来,Windows可能会在前端保持不变,基于云的PC会提供一个类似于我们已经习惯的Windows操作系统的用户界面,但在后端,微软可能会部署一个完整的linux设置。

  A fulltime Linux setup is happening because most VMs are now running on Linux iterations. Even Microsoft Azure has around 40% of its machines running on Linux at the moment.

  由于大多数虚拟机现在都在Linux迭代运行,完整的Linux部署也在进行之中,目前40%的微软云操作系统也运行在Linux上。

  There are a few substantial benefits of using on the Back-end, especially for businesses. Here are the benefits:

  在后台使用有几个重要的好处,特别是对企业而言。比如:

  Migration from an older PC to a new one, its updates, and patches will become easier than before. The service will upgrade the hardware, take care of the updates and release them directly, and deal with migration.

  用户更换新的PC后,更新补丁将比之前更容易。此项维修旨在升级和更新硬件,并且硬件的发布较为直接化。

  For businesses, Linux is a much better platform for security. Linux is a safer platform for storing sensitive data with only the admins having the root access, helping keeping system vulnerabilities in check.

  对于企业来说,Linux将是一个更放心的安全平台,对于存储敏感数据,Linux更加固若金汤,由于只有管理员具有根访问权限,所以这有助于控制系统漏洞。

  The service is more likely to adopt a more robust security system than you would on your own hardware, which means that you will gain access to enterprise-grade security, helping you combat the rising threat of cyber-attacks.

  该服务更有可能采用更加强大的安全系统,比目前硬件使用用户的系统更加安全,这意味着你将获得企业级的安全防护,这也会帮助你对抗日益增长的网络袭击的威胁。

  For businesses, it is imperative to start investing in robust security infrastructure, and at Tekrevol, we’re trying our hand with some as well.

  对于企业而言,投资强大的安全信息基础设施是非常有必要的,而在Tekrevol,我们也在尝试类似的安全基础设施研发。

  From a security standpoint, Linux is key to OS in the next decade. If you too have a wide range of OS applicability critical to your internal systems, you really need to know how Linux can make your security more concrete.

  从安全的角度来看,Linux是未来十年操作系统的关键,如果操作系统的可适用性对您个人网络系统的使用具有较为重要的影响,那么您确实需要了解Linux具体是如何确保你网络系统的安全性。

  How Will Cybersecurity Trends Impact Business strategy? 网络安全趋势如何影响商业部署?

  According to one study by Accenture, 68% of business leaders think that there is an increased risk of a cyber-attack on their business. The year 2020 will be one where tackling these threats will become a primary focus of business leaders and entrepreneurs.

  根据埃森哲的研究表明,68%的商业高管认为他们的企业遭受网络攻击的风险增加了。到2020年,商界精英和企业家的首要任务将是应对这些麻烦事。

  Combating this problem will require these leaders to acquire more knowledge, skills, and tools to improve their organization’s security protocols. Protocols includes network protection and data protection against possible breaches.

  解决这个问题需要领导者获得更多的知识储备、技能和工具来改进他们组织的安全协议。协议包括网络保护和数据保护,以防止潜在性的的网络入侵。

  We can expect an increased demand for network security specialists, ML design security specialists, and system security experts. In general, the demand for security specialists across technologies will also increase.

  我们预料到对于网络安全专家,机器在线设计安全专家和系统安全专家的需求将会增加。一般而言,对跨技术的安全专家的需求也会增加。

  Businesses will have to incorporate new risk assessment models for technologies such as IoT, 5G, and AI-based products.

  企业必须为物联网,5G和基于人工智能的产品等技术将引入新的风险评估模型。

  According to Gartner’s press release, cybersecurity risk is one of the top concerns that chief audit executives have with regards to their businesses.

  据高德纳分析,网络安全风险是首席审计执行官最关心的业务之一。

  In 2020, businesses will come to a tipping point where they will either develop strategies and technologies that help combat the risk of cyber vulnerability, or the lack of evolution will hurt their performance in the market.

  到2020年,企业将到达一个临界点,要么开发出低于网络脆弱性风险的战略和技术,要么落后,但这将损害他们在各自市场上的业绩。

  Similarly, one can foresee big corporations acquiring digital security startups for record-high acquisitions to keep up with this rising threat.

  同样,我们可以预知到,为了解决这种日益增长的威胁,大公司收购数字安全初创公司的交易将创下历史新高。

  How businesses achieve compliance with government regulations and establish strict security protocols with regards to modern tech will define their success in the year 2020. So, if you’re a business owner looking to scale, transferring your focus towards establishing a robust security infrastructure has to be a central part of your business strategy.

  到2020年,如何遵守政府法规并建立严格的现代技术安全协议将是决定企业成功的关键。因此,如果你是一个希望扩大规模的企业家,你业务的核心部分必须转移到建立强壮的安全基础设施。

  Wrapping Things Up: 编后按

  The future is digital, there is no denying it but simply focusing on the possible benefits isn’t going to cut it. For businesses, it is crucial to realize their responsibility towards consumers and take the necessary steps to ensure data protection and other cybersecurity avenues.

  数字化未来是毋庸置疑的,但仅仅关注潜在便益并不能解决问题。对于企业来说,重要的是意识到自己对消费者的责任,并采取必要的措施来确保数据安全和其他网络渠道的安全。

  It is also vital for them to focus strongly on the security of their own platforms, services, and products to ensure that the adoption of modern technology drives positive results. The technologies we’ve talked about have great potential, but the journey into the world of technology requires avid preparation to ensure security and safety.

  同样重要的是,它们必须高度关注自身平台、服务和产品的安全性,以保证采用现代技术能够带来良好的成效。我们所谈论的技术具有巨大的潜力,但是向科技世界发展的过程中需要我们做足充分准备,确保信息安全。

  Businesses today have to invest more into optimizing their security, create new strategies, implement new infrastructure, and leverage modern tools to ensure that they are ahead of the and ready to fight any cyber-threats that may come their way.

  当今的企业必须投入更多资金来优化网络安全工作,创新网络安防战略,投用新的网络基础架构,利用现代工具来确保他们处于领先地位,并准备好应对任何可能出现的网络威胁。

 

  注:《网络安全:集现代技术和商业威胁为一体》来源于Readwrite网站。本文系数据观原创编译,译者数据观/张青青,转载请务必注明译者和来源。

 

微信公众号

声明:本站部分作品是由网友自主投稿和发布、编辑整理上传,对此类作品本站仅提供交流平台,转载的目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,不为其版权负责。如果您发现网站上有侵犯您的知识产权的作品,请与我们取得联系,我们会及时修改或删除。

网友评论:

发表评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
评价:
表情:
用户名: 验证码:点击我更换图片
SEM推广服务

Copyright©2005-2026 Sykv.com 可思数据 版权所有    京ICP备14056871号

关于我们   免责声明   广告合作   版权声明   联系我们   原创投稿   网站地图  

可思数据 数据标注行业联盟

扫码入群
扫码关注

微信公众号

返回顶部