python在网络安全方面
Written by Russell Haworth, CEO, Nominet
由Nominet首席执行官Russell Haworth撰写
Even the ancient Greeks recognised the heady risk of overconfidence. Remember Icarus, who tumbled from the sky as a result of his hubris and complacency? While Icarus wouldn’t have known what to do with a digital device, his undoing can still teach us lessons in today’s internet age. In the ongoing battle against the cyber criminal, overconfidence could be our downfall, so don’t fly too close to the sun.
甚至古希腊人也意识到过度自信的危险。 还记得伊卡洛斯(Icarus),他因自大和自满而从天上掉下来? 尽管伊卡洛斯(Icarus)尚不知道如何使用数字设备,但他的撤消仍然可以在当今互联网时代为我们提供经验教训。 在与网络罪犯的持续斗争中,过度自信可能是我们的败笔,所以不要飞得太近。
Earlier this year, research by the National Cyber Security Centre (NCSC) found that millions of people use easy-to-guess passwords for their online accounts; the most widely used password on breached accounts was 123456. This comes as cyber breaches gain power and prevalence, and more of our personal data and services are moving online. Namely, the stakes are getting higher and we aren’t being more careful.
今年早些时候,国家网络安全中心(NCSC)进行的研究发现, 数百万的人在其在线帐户中使用易于猜测的密码。 违规帐户上使用最广泛的密码是123456。这是因为网络违规行为越来越强大和普遍,而且我们的更多个人数据和服务正在在线移动。 也就是说,风险越来越高,我们并没有更加小心。
Overconfidence online is a trend that has been corroborated by Nominet research: while over three quarters of adults claim they have enough knowledge to keep themselves safe online, only 29% of people even know what two-factor authentication (2FA) is, and even fewer use it. Worryingly, 24% of people don’t even bother to change their passwords when their online bank or utility provider is breached. Basic cyber hygiene is not being followed, yet we remain bullish.
在线过分自信是一种被Nominet 研究证实的趋势:虽然四分之三的成年人声称他们有足够的知识来保护自己的在线安全,但只有29%的人甚至知道什么是两因素身份验证(2FA),甚至更少用它。 令人担忧的是,当其在线银行或公用事业提供商遭到破坏时,有24%的人甚至不费心更改密码。 没有遵循基本的网络卫生习惯,但我们仍然看涨。
Unfortunately, the attitude appears to be extending into businesses. In our new survey of CISOs, we found that 71% admit their organisation touts its cyber security robustness to partners and customers, despite more than a third (34%) of security professionals lacking confidence in their final choice of security solutions. Worryingly, less than a fifth of CISOs said the array of tech that makes up their security stack is 100% effective. Their confidence is low, yet business claims are not.
不幸的是,这种态度似乎正在扩展到企业中。 在我们对CISO进行的新调查中,我们发现71%的组织承认其组织向合作伙伴和客户吹捧其网络安全健壮性,尽管超过三分之一(34%)的安全专业人员对他们最终选择的安全解决方案缺乏信心。 令人担忧的是,不到五分之一的CISO表示构成其安全堆栈的一系列技术是100%有效的。 他们的信心很低,但商业主张却没有。
We already know that the role of a CISO is challenging; our recent report showed how they grapple with a lack of resources, budget, staff and — sometimes — support from the board for their security needs. CISOs are often overworked and stressed — could this explain why 20% of CISOs didn’t test the performance of their security stack once it is in place, or didn’t know if it was being tested?
我们已经知道,CISO的作用具有挑战性。 我们最近的报告显示,他们如何应对缺乏资源,预算,人员以及有时出于安全需求需要董事会支持的问题。 CISO常常工作过度并且压力重重-这可以解释为什么20%的CISO一旦安装了安全堆栈就没有对其性能进行测试,或者不知道是否对其进行了测试?
As ever, these findings should be taken with a pinch of salt; we are still making progress compared to the situation five or even ten years ago. Cyber security is now a phrase the layman understands and uses, cyber attacks are becoming a recognised reality, and businesses actively hire a CISO or equivalent instead of leaving the task to a busy IT department. Businesses are also recognising that cyber security is not a peripheral issue but should be threaded into everything they do, right down to staff culture and engagement. It is an improving picture.
与以往一样,这些发现应适量加盐。 与五,十年前相比,我们仍在进步。 网络安全现在已成为外行理解和使用的短语,网络攻击已成为公认的现实,企业积极聘请CISO或同等职位,而不是将任务交给繁忙的IT部门。 企业还意识到,网络安全不是外围问题,而应该渗透到他们所做的一切工作中,直到员工的文化和敬业度。 这是一个进步的景象。
Additionally, we should recognise that the situation continues to change. Of the CISOs we spoke to, 76% think their organisation will invest more in cyber protection, with the top three areas for investment over the next three years being cyber monitoring (16%), cyber resilience (14%) and cyber governance (12%). This is certain to make a huge impact on the cyber security posture of companies and help ensure that confident claims of the business will soon be backed up by the resilient security measures a customers, investor or partner would expect.
此外,我们应该认识到情况正在继续发生变化。 在我们与之交谈的CISO中,有76%的人认为他们的组织将在网络保护方面进行更多的投资,未来三年投资的前三大领域是网络监控(16%),网络弹性(14%)和网络治理(12 %)。 这必将对公司的网络安全态势产生巨大影响,并有助于确保客户,投资者或合作伙伴期望的弹性安全措施能够很快支持企业的自信主张。
I for one support confidence in new technologies. It is this very attitude towards the digital world that allows innovations and new technologies to be adopted and embraced in today’s rapidly changing times. That said, we must strive to recognise any mismatch between our beliefs and our actions, especially if other peoples’ data is involved, and proactively work towards keeping ourselves as secure as we say we are.
我一方面支持对新技术的信心。 正是这种对数字世界的态度使创新和新技术能够在当今瞬息万变的时代被采用和接受。 就是说,我们必须努力认识到我们的信念与我们的行动之间存在任何不匹配,尤其是在涉及其他人的数据的情况下,并应积极努力确保自己像我们所说的那样安全。
Originally posted here.
最初发布在这里。
Originally published at https://digileaders.com on December 4, 2019.
最初于 2019年12月4日 发布在 https://digileaders.com 。
python在网络安全方面
256
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
