我是创始人李岩:很抱歉!给自己产品做个广告,点击进来看看。
本文为灯塔大数据原创内容,欢迎个人转载至朋友圈,其他机构转载请在文章开头标注:
“转自:灯塔大数据;微信:DTbigdata”
如何防止我们的个人验证信息和敏感信息被盗
当今世界,大量信息正以前所未有的速度被创造出来并传播、储存。其中一部分信息是公开的,其余就不一样了,是敏感信息,或者说是那些保密信息和财产信息。敏感信息包括非公开信息和个人验证信息,所以信息安全保护的需求应运而生。
我们需要制定策略,保护所有的非公开信息。风险检测和风险防范往往被分隔成两个不同的部分。一个强调欺诈、破坏和滥用等的合规性问题;而另一个则强调安全技术故障,比如信息安全漏洞和信息窃取。两者目标都在于保护个人验证信息和敏感信息,保证他们服务团体及个人的安全。
当今企业在试图保护敏感信息方面面临着什么样的问题呢?cyber-security网络安全调查公司的副总经理埃里克·拉斯穆森给出了他的解答。这些问题主要关于当今的风险环境和寻找可持续的保护措施。
1.您认为,当下对政府机构和民营企业最普遍的敏感信息威胁是什么?
答:
勒索软件和钓鱼网站是当下最常见的敏感信息威胁。如果仅仅以加密技术为基础,一旦某个公司遭到这些威胁攻击,这些加密的信息又没有备份,那么这个受害者基本无计可施。事实上,很多新型的勒索软件就是专门探测、加密然后删除备份文件和系统。
医疗行业和酒店业越来越多的面临这一威胁。除了盗取非公开信息、个人验证信息和支付卡等数据,他们还会加密整个服务器,要求企业支付赎金。钓鱼网站也是一种常见的威胁,因为它是几种形式入侵的攻击载体,可以盗取知识产权或者支付卡数据。或者只是让袭击者长期介入被破坏的网络。
2.技术进步比安全措施发展更快,现在有什么办法能将随之而来的风险最小化吗?如果有,这种办法实用且可以长期使用吗?
答:
把人和机器的分析能力有机结合起来,是将风险最小化的一种可行方式。现有技术可以让我们把大量数据整合起来,来为企业网络提供防御。但是如果没有人的分析作为支持,也没有一种汇报数据的标准途径,那么这些数据就没有用。
现在世界上拥有最前沿技术的密级信息和事件管理团队只能做到分析他们自己产出的数据。再举个例子,在终端安全监察中通常会运用非常好的软件和硬件来追踪、汇报网络内部的威胁。负责监察的分析师可以给利益相关者提供语境和自由裁量权,让他们可以针对威胁准确决策,再采取行动,做出更明智的决定。
3.企业经常说他们担心有内鬼。为什么找内鬼比找外部威胁更困难?
答:
公司监察内部威胁的能力越来越强,因为有越来越多的技术和策略来监控员工的行为,比如数字光处理工具(DLP)和许可使用策略。企业方面正致力于开发程序,提醒员工他们的一举一动都被监控,而且可以随时回放。
但是,云技术越来越多的运用使得内鬼可以获得大量的数据。云技术本身没问题,但是公司应该想办法更好的控制云服务使用权,或者提高内部云技术能力。另一个亟待解决的问题是发现的时间,虽然有监察,但是内鬼是从什么时候开始破解数据的,这仍然是个问题,几天几周还是几个月甚至几年呢?包括美国软件工程研究所在内的很多组织出版了最高标准的行为资料,其他组织就可以运用这个开发更强大的程序。
答:
没有,这种风险不能完全杜绝,但是只要通过正确的训练、使用合适的工具或者任用合适的员工,就能显著放缓信息流失的速度,还可能增加对手施加伤害的成本。
企业每天都面对大量的恶意威胁。欺诈案和策略层出不穷。网络威胁越来越多且形式日趋多样。高级的恶意软件能够躲避探测,甚至就在你眼皮底下。企业、员工和客户都面临来自社会管理、钓鱼网站、电话钓鱼和短信诈骗的风险。企业要时刻警惕内鬼,也要防止数据泄露,导致自己和客户蒙受损失。
暗网和p2p网络为不正规交易和非法交易提供了平台,不法分子可以借此购买非法产品和服务,买卖机密信息,倾售盗取的个人验证信息等。“暗网”指一些网站,隐瞒他们的ip地址但对公众可见。这意味着这些网站不会出现在搜索结果中。要找到这些网站的拥有者和运行者是很困难的,但是公众可以访问这些网站,前提是你知道在哪找到它们。
技术进步、行业孤立、安保功能漏洞和恶意威胁都危害着敏感信息的安全性。高级的恶意软件可以躲避探测,看上去和一般软件一样,这样一来,采用正确的策略、处理方式和处理工具来减小威胁是至关重要的。
How to protect our PII and sensitive information from fraud
We live in a world where information is created, exchanged and maintained in greater volumes and faster speeds than ever before. Some of that information is for public consumption, and the rest—sensitive information, or any information that is privileged or property—is not. Sensitive information, including nonpublic information (NPI) and personally identifiable information (PII) has created the need for information security.
This need is in the form of a set of business policies and practices that are put into place to protect all nonpublic information. Threat detection and prevention activities are often broken into two distinct tracts. One tract focuses on compliance issues including fraud, waste and abuse; the other tract focuses on security control failures such as information security breaches and information theft. The goal of both business operations is the same: protect PII and sensitive information, and keep the organizations and the people they serve safe.
4 key questions about information cyber security
Erik Rasmussen, associate managing director at Kroll Cyber Security and Investigations, answered several questions about the current environment organizations find themselves in when trying to protect sensitive information. The questions focus on the current threat environment and sustainable security solutions.
1. What do you believe is today’s most pervasive threat to sensitive information for both government organizations and private industries?
Ransomware and phishing attacks are two of the most pervasive threats to sensitive information these days. Based on the encryption alone, if an entity is attacked by this threat, and there are no backups to the data being encrypted, there is little a victim can do. In fact, newer versions of ransomware are now being coded to detect, encrypt and delete backup files and systems.
We are increasingly seeing this threat to organizations in the healthcare industry and hospitality industry. The general threat of theft of data—for example, NPI, PII or payment card data—is now coupled with the threat to encrypt entire servers unless the victim organization pays a ransom. Phishing is a pervasive threat because it is an attack vector for several types of intrusions that lead to theft of intellectual property or theft of payment card data. Or it simply allows an attacker to maintain a presence in a compromised network for an extended period of time.
2. Is there a way to minimize threats associated with technology advancing faster than security? Is the solution practical and sustainable?
A robust combination of human analytical capability and machine analytical capability is an appropriate way to minimize threats inside an organization. Technology is allowing the aggregation of large amounts of data that can be helpful for the defense of an organization’s network. But without the right amount of human analysis behind it, and a standardized way to report on that data, the data is of little use.
The most technologically advanced [security information and event management] SIEM in the world is only as good as the team who analyzes the data it produces. As another example, endpoint security monitoring usually employs excellent software and hardware solutions to track and report threats inside a network. However, the analysts that manage this monitoring solution provide the context and discretionary power to allow stakeholders to act based on a more informed decision about those very threats.
3. Organizations often talk about their fear of the malicious insider. Why is detecting an insider threat much more challenging than detecting an external one?
Entities are becoming very good at detecting insider threat because technology and policies—[data loss prevention] DLP tools, more robust acceptable use policies and so on—are evolving to monitor an employee’s behavior. And organization stakeholders are buying into developing programs to put employees on notice that their activity is being constantly monitored and is subject to review.
However, the increasing use of cloud technology is one area that is allowing insiders to siphon off large amounts of data. Cloud technology is excellent, but companies should develop better controls to restrict access to these services or develop internal cloud technology capabilities. Another problem that needs improvement is the time to detection. Detection is occurring, but the perception of how long the insider had been compromising data—shorter periods of time such as weeks and days—versus the reality—longer periods of time such as months and years—remains a concern. Numerous organizations, such as the Software Engineering Institute, author excellent best practices documents organizations can follow to develop stronger programs.
4. Is there any way to completely eliminate the threat of information falling into the wrong hands?
No, the threat cannot be completely eliminated, but the right kind of training, tools and people can rapidly mitigate and slow down the loss of the information and potentially increase the cost to the adversary to inflict this kind of injury on an organization.
Cyber-threat mitigation and the dark web
Organizations face tremendous malicious threats daily. Fraud schemes and tactics are continuously evolving. The cyber-threat landscape is wide and comes in many forms. Sophisticated malware can bypass detection and hide in plain sight. Businesses, employees and customers face the risk of social engineering, phishing, vishing and SMS phishing (SMiShing) schemes. Organizations need to remain cautious of the insider threat as well as falling victim to data breaches that can put themselves and those they serve at risk.
The dark web and peer-to-peer networks have opened the doors to illicit and illegal marketplaces where criminals can buy illegal goods and services, trade secrets, sell stolen PII and much more. The term dark web specifically refers to a set of websites that hide their IP address but are publicly visible. This ploy means that these sites do not turn up in search results. Deciphering who owns and runs these sites is challenging, but the sites are publicly accessible—assuming you know how to find them.
Technological advances, siloed business and security functions, and malicious threats endanger the safety and security of sensitive information. With sophisticated malware that can bypass detection and hide in plain sight, having the right policies, processes and tools in place to mitigate these threats is vital.
翻译:灯塔大数据