譯科技| 數(shù)據(jù)泄露：知己知彼 防范于未然

來源：數(shù)據(jù)觀 時間：2019-08-14 18:35:26 作者：Richard Parker

　　Know Your Enemy: The 5 Different Types of Data Breach

　　數(shù)據(jù)觀丨黃玉葉（譯）

　　圖|READWRITE網(wǎng)

　　Data breach, the bane of many security experts. Anybody can fall victim to a data breach at any time. The damage is usually extensive and expensive if not utterly debilitating. Breaches are a cancer that never knows remission and a significant cause of concern in the connected world of today. What is a data breach to begin with? Well, you need to know your enemy, and there are about five different types of data breach.

　　數(shù)據(jù)泄露是許多安全專家的禍患，任何人都能隨時淪為數(shù)據(jù)泄露的受害者。倘若不能完全削弱這種危害，那它通常影響深遠(yuǎn)，代價高昂。數(shù)據(jù)泄露如同永不緩釋的癌癥，已成為當(dāng)今互聯(lián)世界的心腹隱憂。什么是數(shù)據(jù)泄露?欲殲其敵，必先知彼，下面讓我們來看看五種不同類型的數(shù)據(jù)泄露。

　　Here is a quick and straightforward analogy. If a burglar picks your lock or breaks your window and enters your house, that is a security breach. If the burglar steals your documents and personal information and then leaves, that is a data breach.

　　舉一個快速而直接的比喻，如果竊賊撬開你的鎖或破窗進(jìn)入你的房子，這就是安全漏洞;如果竊賊還偷走了你的文件和個人信息，然后離開，那就是數(shù)據(jù)泄露。

　　According to an article on Wikipedia, “A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.” A friend might steal a couple of your randy pictures to expose or prank you on Facebook; data breaches usually happen on a colossal scale involving millions if not billions of records. Big companies (you know, the kind you’d never imagine would fall victim) such as Yahoo, and Equifax among others aren’t safe either. When you think of it, attackers seem to love big and blue-chip companies because of the more significant the impact, the fatter the paycheck.

　　維基百科一文章顯示，“數(shù)據(jù)泄露是指個人未經(jīng)授權(quán)復(fù)制、傳播、查看、竊取或使用敏感、受保護(hù)、機(jī)密數(shù)據(jù)的安全事件”。你的朋友很有可能會竊取你的幾張不雅照，在社交媒體上曝光或戲弄你，數(shù)據(jù)泄露通常波及甚廣，涉及數(shù)百萬甚至數(shù)十億條數(shù)據(jù)記錄。即使雅虎(Yahoo)和Equifax(美國征信巨頭)這樣，你從未想過會成為受害者的大公司也不安全。你要想到這一點(diǎn)，攻擊者們似乎更喜歡巨頭和藍(lán)籌股公司，因?yàn)橛绊懺酱?，他們?yōu)橹I單的費(fèi)用也就越高。

　　The stolen information is then used to commit credit card fraud, identity theft, and a host of other heinous crimes. Some attackers will even sell the information in bulk on the dark web, giving even more bad guys the chance to commit abhorrent atrocities ranging from espionage to blackmail and the list goes on. Data breaches are a severe problem that mandates organizations to prepare beforehand.The first step in preparing is awareness about the 5 different types of data breach. If you know how the enemy operates, you can put countermeasures in place.

　　被盜信息繼而被用于信用卡詐騙、身份盜竊以及其他一系列犯罪行為，一些攻擊者甚至?xí)诎稻W(wǎng)上大量出售個人信息，讓更多的不法之徒趁機(jī)犯下滔天暴行，從間諜活動到敲詐勒索，不一而足。數(shù)據(jù)泄露是一個嚴(yán)峻的問題，企業(yè)應(yīng)當(dāng)未雨綢繆，防范于未然。防范工作的首要步驟是了解五種不同類型的數(shù)據(jù)泄漏。了解了“敵人”意欲何為，你才能一招制敵。

　　For each of the five types of data breach, you’ll learn a couple of preventative measures so that you can bolster the security of your systems. Keep in mind that attackers hardly rest, so don’t you sleep either. Keep learning and implementing the best security practices and stay ahead of the bad guys. Always remember to share your concerns about security and give each other the best security tips you hear about.

　　對于這五種類型的數(shù)據(jù)泄漏，你要了解適當(dāng)預(yù)防措施，以增強(qiáng)系統(tǒng)的安全性。記住——攻者不休，防者莫怠。不斷學(xué)習(xí)和實(shí)施最佳安全實(shí)踐，跑在進(jìn)攻者前面，永遠(yuǎn)保持你對安全擔(dān)憂的分享，讓大家聽到最佳安全提示。

　　5 Different Types of Data Breach 2019

　　2019年度5大數(shù)據(jù)泄露類型

　　This list of data breaches is in no particular order, but they are all serious areas of concern for any organization or person looking to stay safe from data breach.

　　這份數(shù)據(jù)泄露類型清單不分先后，對于任何希望避免數(shù)據(jù)泄露的企業(yè)或個人來說，這些都是需要密切關(guān)注的領(lǐng)域。

　　Physical Theft物理盜竊

　　Who has ever watched the Mission: Impossible film that was released in 1996? If you haven’t seen it — find it and watch it. For those who watched the film, I think you’ll agree when I say: We should laud the director, Brian De Palma, for that one famous scene where Ethan Hunt (Tom Cruise) rappels from the vent of an incredibly secure CIA vault to steal the NOC list that contained the real names of agents in the field.

　　有誰看過1996年上映的電影《碟中諜》?如果你還沒看過，那就去找來看看吧!對于那些看了這部電影的人，我想你會認(rèn)同我的觀點(diǎn)：我們應(yīng)該給導(dǎo)演布萊恩·德·帕爾瑪點(diǎn)贊，因?yàn)樗茉炝私?jīng)典一幕的鏡頭——主角伊森(湯姆·克魯斯 飾)從“絕對安全”的中情局保險庫的通風(fēng)口繞繩而降，偷走了包含該地區(qū)特工真實(shí)姓名的NOC名單。

　　圖|《碟中諜》(1996)電影截圖

　　THAT PEOPLE is a classic example of data breach by physical theft, but we celebrated Tom Cruise for the act. In the real world, things might not be as dramatic, but data breach by physical theft is very much a reality for many organizations. It could be as simple as someone plugging a USB drive into a server containing sensitive and business-critical information, or as brazen as someone carrying a hard disk out of your business premises. If anybody can walk out of your premises with sensitive business data, you’re in deeper trouble than you would like to admit.

　　這個人物是物理盜竊破壞數(shù)據(jù)的經(jīng)典案例，但我們?yōu)闇贰た唆斔?Tom Cruise)的行為而歡呼。在現(xiàn)實(shí)世界中，事情往往沒有那么戲劇化，然而物理盜竊造成的數(shù)據(jù)泄露對許多企業(yè)來說是非?，F(xiàn)實(shí)的。它簡單到?jīng)]有技術(shù)含量——既可以將USB驅(qū)動器插入包含敏感和業(yè)務(wù)關(guān)鍵信息的服務(wù)器，也可以厚顏無恥地將硬盤搬出所在業(yè)務(wù)場所。如果有人可以帶著敏感的業(yè)務(wù)數(shù)據(jù)離開你的辦公場所，那么你的麻煩將比你授意他進(jìn)來要大得多。

　　Leaving confidential documents in plain sight or disposing of sensitive information improperly (yes, a determined data thief won’t have qualms about going through your trash) can also expose you to a data breach. It’s the main reason vaults (but clearly not that CIA vault in Ethan’s case), shredders and furnaces were invented – to protect and get rid of sensitive information that mustn’t fall into the wrong hands.

　　讓機(jī)密文件一覽無余，或者不恰當(dāng)?shù)靥幚砻舾行畔?沒錯，一個執(zhí)著的數(shù)據(jù)竊賊不會對翻看你的“垃圾”感到不安)，也會使你面臨數(shù)據(jù)泄露的風(fēng)險。這是保險庫(顯然不是中情局的保險庫)、碎紙機(jī)和熔爐被發(fā)明出來的主要原因——用來保護(hù)和刪除敏感信息，這些信息不能落入壞人之手。

　　To protect your organization from physical theft of data, implement stringent security protocols that ensure only authorized people have access to privileged and sensitive data. Have you ever heard of chit-key vaults and safe deposit boxes? Well, you might need to school yourself up on such secure storage options if you’d like to keep physical data breaches at bay.What about your prized server room? We recommend you invest in military-grade security, laser sensors, motion detectors, sentry guns, the Death Star, the Infinity Gauntlet; whatever works for you – just ensure you leave nothing to chance.

　　為了保護(hù)你的企業(yè)數(shù)據(jù)免遭物理盜竊，請執(zhí)行嚴(yán)格的安全協(xié)議，確保只有經(jīng)過授權(quán)的人才能訪問特權(quán)數(shù)據(jù)和敏感數(shù)據(jù)。你聽說過金庫和保險箱嗎?好吧，如果你想避免物理數(shù)據(jù)泄露，你可能需要加強(qiáng)對這種安全存儲選項(xiàng)的學(xué)習(xí)。至于你那寶貴的服務(wù)器機(jī)房，建議你投資在軍事級別的安全度上，譬如激光傳感器、運(yùn)動探測器、哨兵槍、死星(武器代號)、無限護(hù)手……任何對你有用的東西統(tǒng)統(tǒng)用上，杜絕疏漏。

　　Cyber Attack網(wǎng)絡(luò)攻擊

　　Cyberattack is one of the most prevalent forms of data breach since the attacker needn’t be physically present on your business premises to steal your data. All a cyber attacker needs is a computer with internet access and a couple of hacking tools to grab your data without your knowledge.Data breach by cyber-attacks can go on for months or even years without anyone noticing, especially if the hacker did his/her job well. Often, the intrusion is discovered when the damage has already been done, i.e., after the data breach has taken place.

　　網(wǎng)絡(luò)攻擊是最常見的數(shù)據(jù)泄露形式之一，因?yàn)楣粽卟恍枰H自出現(xiàn)在業(yè)務(wù)場所來竊取數(shù)據(jù)。他們所需要的只是一臺可以上網(wǎng)的電腦和一些黑客工具，在神不知鬼不覺的情況下就能獲取你的數(shù)據(jù)。網(wǎng)絡(luò)攻擊造成的數(shù)據(jù)泄露可能會持續(xù)數(shù)月甚至數(shù)年都不會引起任何人的注意，尤其是當(dāng)黑客有備而來的時候。通常入侵都是在已經(jīng)造成破壞后發(fā)現(xiàn)的，也就是在數(shù)據(jù)泄漏發(fā)生以后。

　　But how does a criminal hacker on the other side of the globe gain access to your system? The attackers rarely reinvent the wheel unless they have to. They use old hacking methods that are known to work. If they devise a new tactic, it’s mostly a combination of old tactics meant to exploit vulnerabilities in your system.

　　但是，地球另一端的不法黑客是怎么訪問你的系統(tǒng)呢?除非迫不得已，否則攻擊者很少會重新發(fā)明新的方法。他們都使用已知的有效的傳統(tǒng)黑客方法，如果他們設(shè)計了一種新的策略，那多半是利用多種傳統(tǒng)黑客策略組合的方式去攻破你的系統(tǒng)漏洞。

　　Common mechanisms hackers use to break into your systems include malware, keyloggers, fictitious websites, trojans, backdoors, and viruses, among others. Usually, they trick users into clicking and as a result, install malicious programs on the system, which is how they mainly gain access to your data. Others will intercept the information you send and receive over an unsecured network in what is commonly known as the man-in-the-middle (MitM) attack.

　　黑客用來侵入系統(tǒng)的常見機(jī)制包括惡意軟件、鍵盤記錄器、虛擬網(wǎng)站、木馬、后門程序和病毒等。通常，它們會欺騙用戶點(diǎn)擊鏈接，從而在系統(tǒng)上安裝惡意程序，這就是他們主要獲取數(shù)據(jù)的方式。其他人將攔截你通過不安全網(wǎng)絡(luò)發(fā)送和接收的信息，這種攻擊通常稱為中間人攻擊(man-in-the-middle, MitM)。

　　An attacker may dupe an unsuspecting staff member to steal login credentials. The attacker then uses the login credentials to login to the staffer’s computer, from where they launch a lateral attack on the rest of your system. Before long, the attacker has access to restricted areas of your network, and BAM – your data is gone, lost or rendered useless.

　　攻擊者可能欺騙不知情的工作人員來竊取登錄憑證，然后攻擊者使用登錄憑證登錄到職員的計算機(jī)，從那里他們對系統(tǒng)的其余部分發(fā)起橫向攻擊。不久之后，攻擊者就可以訪問你的網(wǎng)絡(luò)受限區(qū)域，并且雙向聯(lián)想存儲——緊接著你的數(shù)據(jù)就丟失或作廢了。

　　With criminal cyberattacks making up over 48% of data breaches according to the Cost of Data Breach Study by IBM, how do you protect yourself from cybercriminals looking to harvest your data? Preventative measures to keep cyber attackers at bay include:

　　根據(jù)IBM的數(shù)據(jù)泄露成本研究，犯罪型網(wǎng)絡(luò)攻擊占數(shù)據(jù)泄露的48%以上，如何保護(hù)自己不受網(wǎng)絡(luò)不法分子竊取數(shù)據(jù)的侵害呢?防范網(wǎng)絡(luò)攻擊的措施建議如下：

　　?Encourage staffers to use strong and unique passwords. Never use the same password for different accounts. If you can’t remember many different passwords, considering investing in a password manager such as LastPass and Cyclonis, among others. And please, never ever use “123456,” “password,” “admin” and such easy-to-guess passwords

　?、俟膭顔T工使用強(qiáng)而獨(dú)特的密碼，永遠(yuǎn)不要對不同的帳戶使用相同的密碼。如果你記不住很多不同的密碼，可以考慮入手一個密碼管理器，比如LastPass和Cyclonis等，但永遠(yuǎn)不要使用諸如“123456”、“password”、“admin”等容易被猜到的密碼。

　　?Invest in a state of the art VPN to secure your network. A VPN encrypts your data such that it’s unreadable even if attackers manage to steal it

　　②投資一個最先進(jìn)的VPN來保護(hù)你的網(wǎng)絡(luò)，VPN將加密你的數(shù)據(jù)，即使攻擊者設(shè)法竊取數(shù)據(jù)，也無法讀取。

　　?Redesign your tech infrastructure with a security-first approach in mind

　?、劭紤]到安全第一的重要性，重新設(shè)計你的技術(shù)基礎(chǔ)設(shè)施。

　　?Enable two-factor authentication to protect your servers and other storage devices containing sensitive data

　?、軉⒂秒p因素身份驗(yàn)證來保護(hù)包含敏感數(shù)據(jù)的服務(wù)器和其他存儲設(shè)備。

　　?Use an antivirus and firewalls

　?、菔褂脷⒍拒浖头阑饓?。

　　?Update your software to seal security holes and improve functionality. Best is to keep your software updated at all times

　　⑥更新您的軟件，彌補(bǔ)安全漏洞并改進(jìn)功能，最好的方法是隨時更新。

　　?To learn more about protecting your organization and yourself against cybercrime, here is a list of relevant posts for further study.

　　⑦為了了解更多關(guān)于保護(hù)企業(yè)和自己免受網(wǎng)絡(luò)犯罪的信息，一下還列出了一些相關(guān)的帖子以供讀者進(jìn)一步研究：

　　6 Emerging Cyber Threats to Lookout for in 2019.

　　2019年需要注意的6個新型網(wǎng)絡(luò)威脅? （點(diǎn)擊查看）

　　How IoT has Exposed Business Organizations to Cyber Attacks.

　　物聯(lián)網(wǎng)如何讓企業(yè)暴露在網(wǎng)絡(luò)攻擊下? （點(diǎn)擊查看）

　　11 Ways to Help Protect Yourself Against Cyber Crime.

　　保護(hù)自己免遭網(wǎng)絡(luò)犯罪侵害的11種方法? （點(diǎn)擊查看）

　　

　　Employee Negligence aka Human Error

　　員工疏忽亦或人為失誤

　　Have you ever sent out an email blast and be like “No, No, No, No, Nooo!” Yeah, most of us have been there, and it’s one of the worst feelings ever – especially if you send confidential or sensitive information to the wrong recipients. Or what happens when you send the wrong attachment to the right recipient?

　　你是否曾經(jīng)發(fā)過一封電子郵件，然后懊悔道：“不，不，不，不，不!”是的，我們大多數(shù)人都有過這樣的經(jīng)歷，這是有史以來最糟糕的感覺之一——尤其是如果你把機(jī)密或敏感信息發(fā)給了錯誤的收件人，或者當(dāng)你把錯誤的附件發(fā)送給了正確的收件人時會發(fā)生什么?

　　Both scenarios constitute data breach, and when it happens in an organization, it can cause unprecedented chaos and unrest. But perhaps the above examples don’t cut it for you, so here is a fun fact. Did you know networked backup incidents and misconfigured cloud servers caused by employee negligence exposed over 2 billion records in 2017? According to the 2018, IBM X-Force Threat Intelligence Index published on itweb.co.za.

　　以上兩種情況都構(gòu)成了數(shù)據(jù)泄露，當(dāng)它發(fā)生在一個企業(yè)里時，可能會導(dǎo)致前所未有的混亂和動蕩。但也許上面的例子并不適合你，所以這里有一個有趣的事實(shí)，你或許不知道，根據(jù)2018年發(fā)布在itweb.co.za上的IBM X-Force威脅情報指數(shù)顯示，2017年有超過20億份數(shù)據(jù)記錄因員工疏忽被曝光，導(dǎo)致網(wǎng)絡(luò)備份事件和云服務(wù)器配置錯誤。

　　The point is to err is human; we all make mistakes, and it’s inevitable. But mistakes that could take your company off the pivot can’t be taken lightly or for granted. To mitigate this type of data breach, you must educate your employees on the essential elements of information security, and what will happen if they aren’t vigilant when performing their duties. It might sound like a weak point, but a little training could go a long way in combating data breach due to employee negligence.

　　人非圣賢，孰能無過。我們都會犯錯，這是不可避免的。但是，我們不能對可能致使公司重大損失的錯誤掉以輕心或者想當(dāng)然。為了減少這類似的數(shù)據(jù)泄露，必須教育員工了解信息安全的基本要素，要讓他們知道如果一旦在履行職責(zé)時喪失警惕將會面對怎樣的后果。這聽起來也許是個破綻，但稍作培訓(xùn)就能在很大程度上避免員工因疏忽造成的數(shù)據(jù)泄露。

　　On top of that, educate non-technical staff members on data security awareness procedures and policies. At the end of the day, you should embrace a zero-tolerance policy to data breaches that result from employee negligence. Inform your employees on the importance of keeping data safe and the repercussions should the unthinkable happen.

　　最重要的是，對非技術(shù)人員進(jìn)行數(shù)據(jù)安全意識程序和策略的教育。在一天結(jié)束的時候，你應(yīng)該對因員工疏忽而導(dǎo)致的數(shù)據(jù)泄露采取零容忍的政策態(tài)度，告知你的員工確保數(shù)據(jù)安全的重要性，如果不可想象的事情發(fā)生了，后果會怎樣。

　　Insider Threat內(nèi)部威脅

　　While most organizations focus on mitigating external threat factors, insiders pose a more significant threat than you’d typically imagine. According to an Insider Threat study by CA Technologies and Cybersecurity Insiders, 53% of organizations faced insider attacks, with the main enabling factors being:

　　雖然大多數(shù)企業(yè)都專注于減少外部威脅這個因素，但內(nèi)部人員構(gòu)成的威脅比通常想象的要嚴(yán)重得多。根據(jù)CA技術(shù)和網(wǎng)絡(luò)安全內(nèi)部人士的一項(xiàng)內(nèi)部威脅研究，53%的企業(yè)面臨內(nèi)部攻擊，主要促成因素為：

　　?Many users have excessive access privileges

　　?許多用戶有過度的訪問權(quán)限

　　?An increased number of devices with access to sensitive data

　　?日益增多的敏感數(shù)據(jù)訪問設(shè)備

　　?The increasing complexity of information technology

　　?越來越復(fù)雜的信息技術(shù)

　　From the same source, 90% of organizations feel vulnerable to insider attacks, and 86% of organization already have or are building insider threat programs. According to IBM Insider Threat Detection, insider threats account for 60% of cyber attacks. That’s a quite staggering figure, which also means you must be extra vigilant or one of your employees will drive a steel stake through the heart of your organization.

　　從同一資料來看，90%的企業(yè)感覺容易受到內(nèi)部攻擊，86%的企業(yè)已經(jīng)或正在構(gòu)建內(nèi)部威脅程序。根據(jù)IBM內(nèi)部威脅檢測，內(nèi)部威脅占網(wǎng)絡(luò)攻擊的60%。這是一個相當(dāng)驚人的數(shù)字，這也就意味著你必須格外警惕，否則你的企業(yè)將會敗在任何一名員工手上。

　　Data breaches resulting from insider threats are quite common nowadays, and extremely difficult to detect. Network protectors can quickly combat malicious outsiders, but the job becomes harder when threats come from trusted and authorized users within the organization.

　　由內(nèi)部威脅導(dǎo)致的數(shù)據(jù)泄露在當(dāng)今非常普遍，且難以檢測。網(wǎng)絡(luò)保護(hù)程序可以快速地與惡意的外部人員進(jìn)行對抗，但是當(dāng)威脅來自企業(yè)內(nèi)部受信任和授權(quán)的用戶時，這項(xiàng)工作就變得困難重重了。

　　The job becomes 10 times more challenging since there are different types of insider threats, namely:

　　這項(xiàng)工作的挑戰(zhàn)性陡增了10倍，因?yàn)榇嬖诓煌愋偷膬?nèi)部威脅，即：

　　?Disgruntled employees – This category of criminal insiders commit deliberate sabotage or steal intellectual property for monetary gain. It’s common for employees to steal information before and after quitting or being fired. Some harmful elements sell trade secrets to competitors, but others want to take down the enterprise.

　　心懷不滿的員工——這類犯罪內(nèi)部人士蓄意破壞或竊取知識產(chǎn)權(quán)，以獲取金錢利益。員工在辭職或被解雇前后竊取信息是很常見的。一些企業(yè)“害蟲”向競爭對手出售商業(yè)機(jī)密，但另一些則想搞垮企業(yè)。

　　?Nonresponders – Some employees never respond to security awareness training, no matter the resources you invest. These are the people who usually fall prey to phishing scams repeatedly because, well, you can stick your security awareness training up your (you know where).

　　無腦員工——不管你投入多少資源，有些員工永遠(yuǎn)不會對安全意識培訓(xùn)做出反應(yīng)。這些人經(jīng)常成為網(wǎng)絡(luò)釣魚詐騙的反復(fù)受害者，你可以把安全意識提示貼到你可以貼到的所有地方。

　　?Insider collusion – Professional cybercriminals will go to great lengths to steal your data. They scout the dark web looking to recruit your employees. If one of your employees collaborates with a malicious attacker, you will have a severe security and data breach, and you don’t need a scientist to tell you that. In some cases, an employee may even cooperate with another employee in the same organization, exposing you to all types of cybersecurity problems. If you need a little prodding in the right direction, just think how insider collusion can expose your enterprise to fraud, intellectual property theft, and plain old sabotage.

　　內(nèi)部勾結(jié)——專業(yè)的網(wǎng)絡(luò)罪犯會不遺余力地竊取數(shù)據(jù)。他們在暗網(wǎng)上搜尋，想要招募員工，如果員工恰巧與惡意攻擊者合作，那企業(yè)就將面臨嚴(yán)重的安全和數(shù)據(jù)泄露，而這并不需要一位科學(xué)家來告訴你。在某些情況下，一名員工甚至可能與同一企業(yè)中的另一名員工合作，將企業(yè)暴露于各種類型的網(wǎng)絡(luò)安全問題中。如果你想就正確的方向加以刺激，那就想想內(nèi)部勾結(jié)如何讓你的企業(yè)暴露于欺詐、知識產(chǎn)權(quán)盜竊和普通的老式破壞活動之中。

　　?Inadvertent insiders – Ignorance is not bliss as far as cybersecurity goes. Negligence on your employees part invites all manner of trouble since attackers are savvy to vulnerabilities that inadvertent insiders cause. Negligent staff members expose your organization to malware, phishing, and man-in-the-middle (MitM) attacks, among other forms of attack. Attackers may take advantage of negligence in your organization to exploit misconfigured servers, unsecured/unmonitored microsites, and so on.

　　粗心的內(nèi)部員工——就網(wǎng)絡(luò)安全而言，無知不是福。員工的疏忽會招致各種各樣的麻煩，因?yàn)楣粽吆芮宄纱中牡膬?nèi)部人員造成的漏洞。疏忽大意的員工會使企業(yè)暴露于惡意軟件、網(wǎng)絡(luò)釣魚和中間人(MitM)攻擊，以及其他形式的攻擊，攻擊者可能利用企業(yè)員工的疏忽來攻擊配置錯誤的服務(wù)器、不安全或不受監(jiān)視的微站點(diǎn)等。

　　?Persistent malicious insiders – Criminal “second streamers,” i.e., employees seeking supplemental income maliciously, won’t protect your data. Instead, they will commit a slew of malicious acts such as exfiltrating data for financial gains. And this category of people will remain undetected for long periods to maximize the benefits of data theft. And since they are aware of network monitoring tools, they will steal data slowly instead of committing data theft in bulk. As such, they can operate under the radar for months or years.

　　長期蓄意內(nèi)鬼——“二流”犯罪，即惡意尋求額外收入的員工不會保護(hù)企業(yè)數(shù)據(jù)。相反，他們會犯下一系列惡意行為，比如為了經(jīng)濟(jì)利益而竊取數(shù)據(jù)，這類人將在很長一段時間內(nèi)不被發(fā)現(xiàn)，最大限度地利用數(shù)據(jù)盜竊撈到好處。而且，由于他們知道網(wǎng)絡(luò)監(jiān)控工具，他們會慢慢地竊取數(shù)據(jù)，而不是大量地進(jìn)行數(shù)據(jù)竊取。因此，他們可以在監(jiān)控下藏身數(shù)月或數(shù)年之久。

　　How do you prevent data breach caused by insiders? How do you protect your data when the threat comes from the same people you trust. To protect your data from insider threat, you need to implement measures such as endpoint and mobile security, Data Loss Prevention (DLP), data encryption at rest, in motion and use as well as Identity and Access Management (IAM). You can even adopt behavioral analysis and reduce vulnerabilities. These measures will combat, among other things, unauthorized access, negligence, and data loss in case of a breach.

　　如何防止內(nèi)部人士造成的數(shù)據(jù)泄露?當(dāng)威脅來自信任的同一個人時，如何保護(hù)您的數(shù)據(jù)?為了保護(hù)數(shù)據(jù)免受內(nèi)部威脅，你需要實(shí)現(xiàn)端點(diǎn)和移動安全、數(shù)據(jù)丟失預(yù)防(DLP)、靜態(tài)數(shù)據(jù)加密、動態(tài)密碼和使用以及身份和訪問管理(IAM)等措施。你甚至可以采用行為分析并減少漏洞，這些措施將與未經(jīng)授權(quán)的訪問、疏忽大意和數(shù)據(jù)丟失等問題作斗爭。

　　Ransomware勒索軟件

　　What comes to mind when you see the word RANSOMWARE? WannaCry? $700,000 of losses? Laws? The HIPAA perhaps? CryptoWall? CryptoLocker? Ransomware can constitute a data breach depending on the malware that attacks your systems. Other factors such as the type of data stolen, the current status of said data and laws. Anybody who puts your data at risk of loss has committed data breach to some extent. If some hacker somewhere holds your data hostage, your organization will surely experience losses in all fronts.

　　當(dāng)你看到勒索軟件這個詞時，會想到什么?WannaCry?700000美元的損失?法律?HIPAA?CryptoWall?CryptoLocker?勒索軟件可以構(gòu)成一個基于惡意軟件攻擊系統(tǒng)造成的數(shù)據(jù)泄露。其他因素，如被盜數(shù)據(jù)的類型、所述數(shù)據(jù)的當(dāng)前狀態(tài)，以及法律。任何將數(shù)據(jù)置于丟失風(fēng)險的人都在一定程度上泄露了數(shù)據(jù)，如果某個地方的黑客劫持了數(shù)據(jù)，企業(yè)肯定會在各個方面遭受損失。

　　The attacker who hijacks your data has demonstrated that they can steal or destroy your data at will.

　　劫持?jǐn)?shù)據(jù)的攻擊者已經(jīng)證明他們可以隨意竊取或銷毀數(shù)據(jù)。

　　Clearly, they are talented, and ransomware comes in a million shades of nasty. Could take over your system right this minute considering there are more than 4,000 ransomware attacks per day according to the Federal Bureau of Investigation (FBI). It’s one of the reasons the US government has a $15 billion budget for cybersecurity. The majority of attackers use ransomware to cover their tracks. Just think about it for a minute. Some guy breaks into your system steals your data, and if that isn’t enough, holds your data hostage for profit as they cover a data breach.

　　很明顯，他們天賦異稟，勒索軟件有成千上萬種卑鄙的手段。根據(jù)美國聯(lián)邦調(diào)查局(FBI)的數(shù)據(jù)，每天有超過4000個勒索軟件發(fā)起攻擊，考慮到這一點(diǎn)，你的系統(tǒng)可能會在這一刻被接管。這也是美國政府在網(wǎng)絡(luò)安全方面投入150億美元預(yù)算的原因之一，大多數(shù)攻擊者使用勒索軟件來掩蓋他們的蹤跡，想想一些人闖入你的系統(tǒng)偷走了你的數(shù)據(jù)，如果這還不夠的話，他們會以你的數(shù)據(jù)為人質(zhì)來獲取利潤，因?yàn)樗麄冄谏w了數(shù)據(jù)泄露。

　　Ransomware ruins your reputation. It takes blood, sweat, and tears to build a name, so say “no” to ransomware.

　　勒索軟件會毀了你的聲譽(yù)。樹立一個名聲需要付出辛勞血淚，所以請對勒索軟件說“不”。

　　You can avoid ransomware of you’re cautious enough. Plus, you can always ramp up your defenses. And please install a powerful antivirus program (my favorite is Eset Nod32), and ensure you activate web file protection and firewalls to combat malware-laden emails and messages that pass spam filters. Additionally, invest in a clever backup plan so that you can simply wipe the drives to eliminate ransomware, and then restore backups. That way, you can beat ransomware attackers at their own game, instead of paying a ransom.

　　如果你足夠謹(jǐn)慎，就可以避免勒索軟件。此外，也要隨時加強(qiáng)防御——安裝一個強(qiáng)大的反病毒程序(筆者最喜歡的是Eset Nod32)，確保啟動網(wǎng)絡(luò)文件的保護(hù)措施和防火墻，通過垃圾郵件過濾器來打擊惡意軟件負(fù)載的電子郵件和訊息。除此以外，投資一個智慧的備份計劃，就可以簡單地啟動驅(qū)動器以消除勒索軟件，然后恢復(fù)備份，這樣就能在自己的掌控中擊敗勒索軟件的攻擊者，且不用支付贖金。

　　Final Words結(jié)語

　　Security goes beyond mere awareness, so don’t take data breach sitting down. You can effectively protect yourself, and if the worst happens, rise from the ashes stronger than before. Keep learning and implementing the best security policies and procedures to protect your business against the various forms of data and security breaches.

　　安全不僅是意識，所以對數(shù)據(jù)泄露坐視不理。你可以有效地保護(hù)自己，如果最壞的情況發(fā)生了，要從逆境中站起來，比以前更堅(jiān)強(qiáng)。不斷學(xué)習(xí)和執(zhí)行最佳的安全策略和程序，以保護(hù)業(yè)務(wù)免遭各種形式的數(shù)據(jù)和安全破壞。

?

注：《數(shù)據(jù)泄露：知己知彼 防范于未然》來源于READWRITE(點(diǎn)擊查看原文)。本文系數(shù)據(jù)觀原創(chuàng)編譯，譯者數(shù)據(jù)觀/黃玉葉，轉(zhuǎn)載請務(wù)必注明譯者和來源。

責(zé)任編輯：黃玉葉