威瑞森:谴责网络间谍活动不能光盯着中国
7. 各种失误 噢,我不小心又捅篓子了——比如我把一封含有敏感信息的电子邮件发给了错误的收件人。这是这种无意间造成的数据泄露的典型案例。其它案例还包括把非公开信息张贴到公司的网络服务器上,或者是通过邮局把信件寄到了错误的地址。人为失误无可避免(除非把他们开除了,然后统统换成电脑),不过威瑞森公司指出,企业可以部署一套数据丢失预防软件,以减少通过电子邮件发送敏感文件的情况。此外,还可以在向外部和内部网站发布文件的流程上制订更严格的规定。 8. 实物被盗/丢失 不知道大家知不知道这样有一个有趣的事实:像手机和笔记本这样的企业资产在公司办公室里被盗的概率往往要高于在家里或在交通工具上被盗的概率。造成这种情况的主要原因是人们的粗心。威瑞森的报告就此无奈地指出:“意外总是会发生的,总有人丢东西,也总有人偷东西,这是没法改变的事实。”唯一能改变的就是,建议公司给设备加密,给数据做备份,然后告诉员工把东西看紧些。 9. 分散式拒绝服务攻击 最后值得的一提的是所谓的分散式拒绝服务攻击(DDoS),它包括所有旨在使网络和系统瘫痪的攻击。这种攻击形式主要针对金融、零售和公共部门。虽然黑客发动此类攻击的动机仍然是老三样——敲诈、抗议、恶作剧,但是攻击者所使用的工具却变得更加先进,而且这些工具在命名上也更加亲切,比如“Brobot”(哥们儿)和“itsoknoproblembro”(别担心,没事的,哥们儿)等。(财富中文网) 译者:朴成奎 |
7. Miscellaneous errors Oops, I did it again -- as in, I sent an email containing sensitive information to the wrong recipient. That's the most common example of this kind of unintentional data disclosure. Others include accidentally posting non-public information to a company's web server or even snail-mailing documents to the wrong physical address. There's no cure for human error (other than replacing them with computers, of course), but Verizon says corporations can implement data loss prevention software to reduce instances of sensitive files sent by email and tighten processes around posting documents to internal and external websites. 8. Physical theft/loss Here's a fun fact: It turns out that corporate assets like phones and laptops are stolen from corporate offices more often than from homes or vehicles. The primary cause of this type of incident?Carelessness.According to the Verizon report: "Accidents happen. People lose stuff. People steal stuff. And that's never going to change." The only thing you can change, advises the company, is to encrypt devices, back up data, and encourage employees to keep their gadgets close. 9. Distributed denial-of-service attacks Last but not least, so-called DDoS threats include any attack aimed at compromising the availability of networks and systems. These are primarily directed at the financial, retail and public sectors. And while the motives behind shutting down corporate, consumer-facing websites remains the same -- extortion, protest, or perverse fun -- the tools at attackers' disposal have become more sophisticated and more thoughtfully named, such as "Brobot" and "itsoknoproblembro." |