纳斯达克CEO:我们必须面对残酷现实
这篇文章提供的一些信息是我们以前不知道的。(那次入侵)基本上是政府主导,让人意外。我们有过这样的怀疑,因为那种级别的入侵不是两三个人在自己的地下室里就能发动的。但要说我们的网络被一个主权国家(俄罗斯)入侵了,还是会让人一时惊呆。我们习惯了与其他商业企业竞争,但绝对想不到会有一个主权国家侵入我们的网络。 让我有些惊讶的是,2010年以来我们一直与政府积极接触,包括我自己、一些董事会成员和管理层。因此,我们显然是被刻意隐瞒了一些东西,不管是出于什么原因。 我的另一个反应是2010年确实出现了网络安全问题,自那以后也时常发生。过去4年,我们在网络安全方面取得了长足的进步。如今的商业计划,无论是从准备状态和意识角度,都已不同于2010年。 过去4年,你们采取了什么措施来加强网络安全? 我确实要表扬一下美国政府,他们帮助我们安然度过了过去4年。我想,这4年对于他们而言也是一段良好的关系。 我们从三个角度来加强网络安全。首先,我们的员工结构发生了巨大变化,专职于网络安全的员工数量显著增多,其经验水平也大幅提高。第二,网络安全服务供应商们提供了众多不同的有意思的产品,其有效性远远超过2010年时的产品。我们是这些产品的积极用户。第三,从经营上说,网络安全成为我们的一项核心流程。我们会定期清理系统。 最主要的一点是,永远都不能停歇。永远都不能说:“好,现在我们高枕无忧了。”威胁因素定期且持续地发生变化,总是会有什么让人担心,但必须要习惯这一点,将担心转化为正能量。 当您在35年前进入科技和资本市场领域时,有没有想象到会有怎样的变化。您从职业生涯中学到了什么? 上研究生前,我学的是英语专业。因此,我必须要保持灵敏,因为真的不知道会发生什么。随着职业经验的增长,人们能更好地预测变化,但还是不能做到非常准确。最重要的一点是要学会对自己说:“好的,不管怎样,我都会接受这个世界。我希望总能看到事实。”对于这个世界应该是什么样子,人们总是会有成见或偏见。但我们不得不面对残酷的现实。当现实如我们所想,它可能会让我们欣喜,但很可能大多数时候,事实与我们所认为的不一样,我们必须灵活应对。(财富中文网) 译者:早稻米 |
There was information in that story that we were not aware of. The fact that [the attack] was fundamentally state-sponsored was a surprise. We always suspected that could be it because the level of attack was not something that two guys in their basement could do. But to see that we were targeted by a sovereign nation [Russia] is something that will take your breath away for a second. We’re accustomed to competing with other commercial enterprises, but to realize that you have a sovereign nation coming after your systems is an eye-opener. I was somewhat surprised in that we had been engaged with the government since 2010. That engagement was with myself, some board members, and members of management. So we obviously, for whatever reason, were not told the full story. Part of my reaction also is that it did happen in 2010, and so much has happened since then with cyber-security issues. It’s probably equivalent to dog years in terms of how we’ve progressed in the past four years. Any commercial endeavor is in a different state of preparedness and awareness than they were in 2010. What have you done to increase security in the four years since? I do want to compliment the government because they have helped us through the last four years, and it’s been, I think, a good relationship for them. We had to come at it in three ways. First, our staffing has changed dramatically with respect to the number of people dedicated to cyber-security, and the experience level of those people has increased dramatically. Second, the vendor community has come up with a number of different and interesting products that are remarkably more effective than [what] existed back in 2010. We’ve been an active consumer of that. Third, operationally you just have that as a core part of your procedures. You’re basically cleansing your systems on a regular basis, so we do that. The dominant point is that you can never rest. You can never get to a state of saying, “Okay, we are now protected.” The threat factors change on a regular and constant basis, so it’s definitely something that causes anxiety, and you’ve got to use that and funnel that anxiety in a positive way. You started in the business of technology and capital markets 35 years ago, and I suspect you could not have imagined how it would change. What lessons do you draw from your career? Plus I was an English major before I went to grad school. So you have to be agile because you really do not know what’s going to happen. As you get further along in your career, you get better at anticipating the change in the world, but you’re still not precise. The dominant skill is to say, “Okay, I’m going to take the world as it comes. I always want to see reality for reality.” People have their preexisting notions or biases in terms of what the world should look like. We always have to confront brutal reality. That could be a reality we like because it’s what we thought, but it could easily be, and most times is, a different reality than we perceived, and we have to be agile about responding to that. |