成人小说亚洲一区二区三区,亚洲国产精品一区二区三区,国产精品成人精品久久久,久久综合一区二区三区,精品无码av一区二区,国产一级a毛一级a看免费视频,欧洲uv免费在线区一二区,亚洲国产欧美中日韩成人综合视频,国产熟女一区二区三区五月婷小说,亚洲一区波多野结衣在线

立即打開
為了網(wǎng)絡(luò)安全,公司應(yīng)該搞“黑客反擊”嗎?

為了網(wǎng)絡(luò)安全,公司應(yīng)該搞“黑客反擊”嗎?

Robert Hackett 2019年08月18日
網(wǎng)絡(luò)攻擊已經(jīng)成為對(duì)美國(guó)商業(yè)的持續(xù)威脅。用黑客的方式回?fù)裟芙鉀Q問題嗎?

圖片來(lái)源:Photo-Illustration by Tres Commas; Original Photographs, Shield: Gabe Ginsberg—Getty Images; arrows: Getty images

參加任何有關(guān)于網(wǎng)絡(luò)安全的非正式會(huì)談,你都會(huì)聽到這樣一句話:“世界上有兩種類型的公司:被黑客攻擊過(guò)的公司,和那些不知道曾經(jīng)被黑客攻擊過(guò)的公司?!?/p>

這句引發(fā)上千條妙語(yǔ)的話出自于德米特里·艾爾帕洛維蒂奇,他是一位出生于莫斯科的企業(yè)家,也是世界最前沿的黑客偵探之一。2011年,作為反病毒先驅(qū)麥克菲的首席威脅研究員,他在調(diào)查時(shí)發(fā)明了這句話——公眾對(duì)此很感興趣——調(diào)查對(duì)象是五年內(nèi)發(fā)起的對(duì)超過(guò)70個(gè)組織的網(wǎng)絡(luò)攻擊,包括國(guó)防承包商、科技公司和聯(lián)合國(guó)。

現(xiàn)在這句無(wú)可奈何的話該升級(jí)一下了?!拔乙呀?jīng)修改了我的話。”艾爾帕洛維蒂奇告訴《財(cái)富》雜志,“前兩種公司仍然存在,但現(xiàn)在有第三類公司,他們能夠成功地防御黑客入侵。”好吧,還有希望!

你盡可以把他修改后的話,當(dāng)作一種純熟的銷售技巧。作為網(wǎng)絡(luò)安全公司CrowdStrike的聯(lián)合創(chuàng)始人和首席科技官,這家公司在今年6月上市時(shí)的股價(jià)大漲讓投資者側(cè)目,艾爾帕洛維蒂奇確實(shí)有理由得意一下。

但實(shí)際上艾爾帕洛維蒂奇修改這句話,是意有所指的。在布什和克林頓政府任職的前白宮安全顧問理查德·克拉克,同意這句新的三段體話。他剛與奧巴馬政府的網(wǎng)絡(luò)主管羅伯特·柯內(nèi)克合寫了一本書《第五領(lǐng)域》(The Fifth Domain),書中提到網(wǎng)絡(luò)已經(jīng)成為繼陸地、海洋、天空和外太空之后的最新的戰(zhàn)爭(zhēng)威脅。

想想NotPetya病毒吧。俄羅斯在2017年釋放的這一病毒災(zāi)難性地襲擊了全球的許多電腦,導(dǎo)致了像聯(lián)邦快遞、馬士基和默沙東這樣的公司損失數(shù)十億美元。

但是,并非所有公司都受害了?!澳闼恢赖氖?,有一批美國(guó)公司在烏克蘭做生意”——可謂處于網(wǎng)絡(luò)攻擊的中心點(diǎn)——“卻沒有受到損失,”克拉克說(shuō)。一些公司像波音、杜邦和強(qiáng)生“并未吱聲,于是在我們的書中,就試圖找出原因?!?/p>

那么,為什么有些公司被黑客攻擊,有些沒有?從技術(shù)層面來(lái)說(shuō),未受損的公司把它們的設(shè)備都打了補(bǔ)丁,防止漏洞被NotPetya利用。但一個(gè)更基本的問題是,為什么有些公司打補(bǔ)丁,而有些卻忽略了?

原因就一個(gè)詞:優(yōu)先級(jí)。最具韌性的組織,都有預(yù)案。一位主管若是駁回首席信息安全官的建議,得有充足的理由。首席執(zhí)行官肯定也會(huì)過(guò)問。

這是很好的防御措施,但如果公司發(fā)起反擊呢?一些美國(guó)國(guó)會(huì)的成員正在提議一項(xiàng)立法,稱之為“黑客反擊”議案,該議案允許公司調(diào)查攻擊者的電腦并摧毀被盜數(shù)據(jù)。

位于亞特蘭大的律所長(zhǎng)盛(Troutman Sanders)的隱私保護(hù)主管馬克·毛,對(duì)此議案表示謹(jǐn)慎地支持?!拔覀€(gè)人認(rèn)為,這主意不錯(cuò)。”他說(shuō),“我覺得這就像網(wǎng)絡(luò)第二修正案?!保ǖa(bǔ)充說(shuō),這種做法應(yīng)該是“有限制的”,并且需要制定很多細(xì)節(jié)。)

毛將網(wǎng)絡(luò)攻擊和反擊,與核平衡相對(duì)比?!昂送厥怯行У?,因?yàn)闆]有人希望被核攻擊?!彼f(shuō),“許多黑客逃之夭夭,因?yàn)闆]有任何報(bào)復(fù)措施。”

然而,許多網(wǎng)絡(luò)安全業(yè)內(nèi)人士認(rèn)為,如果黑客反擊議案變成法律,將會(huì)是巨大的災(zāi)難。網(wǎng)絡(luò)安全公司火眼的情報(bào)主管、美國(guó)空軍預(yù)備役人員桑德拉·喬伊斯就表示反對(duì)?!白畈幌M吹降?,就是用意良好但純屬菜鳥的人來(lái)?yè)胶痛耸隆!彼J(rèn)為這一議案會(huì)有誤判攻擊者的危險(xiǎn),也會(huì)導(dǎo)致爭(zhēng)鋒相對(duì)和矛盾升級(jí)。它只會(huì)“帶來(lái)人心惶惶,風(fēng)險(xiǎn)叢生?!?/p>

她還說(shuō),這項(xiàng)議案代表著“商業(yè)界的聲音,他們感到被忽視了。這是一種受挫的信號(hào)?!?/p>

他們的惱怒是可以理解的。據(jù)Gartner的數(shù)據(jù),今年全球網(wǎng)絡(luò)安全的支出將增長(zhǎng)9%,達(dá)1240億美元。但網(wǎng)絡(luò)安全還是難以保全。

要防止黑客偷光公司財(cái)產(chǎn),公司卻不必耗盡家財(cái)??死苏J(rèn)為,公司把IT預(yù)算的8%到10%投入到網(wǎng)絡(luò)安全中,就相當(dāng)不錯(cuò)了。

要防護(hù)好網(wǎng)絡(luò),這個(gè)比例的投入也并不總是必要的。艾爾帕洛維蒂奇說(shuō),他就知道一家《財(cái)富》美國(guó)500強(qiáng)的從事賓館業(yè)的公司,每年只花費(fèi)區(qū)區(qū)1100萬(wàn)美元做網(wǎng)絡(luò)防護(hù),但他確信這家公司的網(wǎng)絡(luò)安全是他所見過(guò)最好的之一。

面對(duì)網(wǎng)絡(luò)安全的擔(dān)憂,公司的董事會(huì)主席把自己的手機(jī)號(hào)碼給了公司首席信息安全官,并告訴他:“不管白天或夜里,如果有人拒絕你的提議,隨時(shí)打我電話?!?/p>

艾爾帕洛維蒂奇加了一句:“在這個(gè)機(jī)構(gòu)里,沒人敢對(duì)他說(shuō)不?!保ㄘ?cái)富中文網(wǎng))

本文另一版本登載于《財(cái)富》雜志2019年8月刊,標(biāo)題是《公司的堡壘》。

譯者:宣峰

Attend any cybersecurity confab, and you’ll encounter some version of the following refrain. “There are two types of companies in this world: those that have been hacked and those that don’t yet know they’ve been hacked.”

The phrase that launched a thousand quips was coined by Dmitri Alperovitch, a Moscow-born entrepreneur and one of the world’s foremost hacker-sleuths. In 2011, as head threat researcher at antivirus pioneer McAfee, he created the classification while investigating—and publicly revealing—half a decade’s worth of cyberattacks on more than 70 organizations, including defense contractors, tech companies, and the United Nations.

Now the huff of resignation is due for an update. “I’ve since modified that phrase,” Alperovitch tells Fortune. “The first two companies still exist, but now there’s a third type that’s able to successfully defend itself against intrusion.” Ah, hope yet!

One could write off Alperovitch’s addendum as a savvy sales pitch. As the cofounder and chief technology officer of CrowdStrike, a cybersecurity company that stunned investors with a share price–popping IPO in June, there’s no wonder he’s feeling a bit of good cheer.

But there’s something to Alperovitch’s revision. Richard A. Clarke, former White House security adviser to both Bushes and to Clinton, agrees with the new, tripartite framing. He says as much in his just-published book, coauthored with Obama cyber lead Robert K. Knake, The Fifth Domain—a reference to cyber as the newest theater of war, after land, sea, air, and space.

Consider NotPetya. The devastatingly global computer-wiping attack, which Russia released on the world in 2017, caused billions of dollars of damage to corporations such as FedEx, Maersk, and Merck.

But not all firms succumbed. “What you don’t hear about is the list of American companies that were there doing business in Ukraine”—ground zero for the attack—“that didn’t get damaged,” Clarke says. Firms like Boeing, DowDuPont, and Johnson & Johnson “were the dogs that didn’t bark, and in our book, we tried to figure out why.”

So, what separates the hacks from the hack-nots? At a technical level, the unharmed firms had patched their machines against the vulnerability exploited by NotPetya. But a more fundamental question is, Why did some companies patch, while others neglected to?

In a word: prioritization. The most resilient organizations have buy-in across the—literal—board. Any executive who blocks a chief information security officer better have a damn good reason. The CEO will surely hear about it.

That’s good defense, but what if companies could punch back? That’s what some members of Congress are proposing in a piece of legislation known as the “hack back” bill, which would allow companies to probe an attacker’s computer and destroy stolen data.

Mark Mao, head of privacy practice at Troutman Sanders, an Atlanta law firm, is a cautious proponent. “Personally, I don’t think it’s a bad idea,” he says. “To me, it’s like a cyber Second Amendment.” (He adds that it would have to be “l(fā)imited” and that “a lot of the details would have to be worked out.”)

Mao draws a comparison to nuclear stalemates. “Deterrence works because nobody wants to be nuked,” he says. “Most hackers get away with [it] because there’s no retribution in any way.”

But most cybersecurity industry insiders agree that if the hack back bill became law, the results would be a fiasco. Sandra Joyce, head of intelligence at cybersecurity firm FireEye and a U.S. Air Force reservist, disapproves. “The last thing we need is to add well-intentioned rookies into the mix,” she says, noting the dangers of misidentifying attackers and the threat of tit-for-tat escalation. It’d be “releasing a vigilantism fraught with risk.”

The bill, she says, represents “the voice of the commercial sector that has felt very neglected. It’s a signal of frustration.”

The vexation is understandable. Worldwide spending on cybersecurity is expected to grow about 9%, to $124?billion this year, according to Gartner. And the breaches seem to just keep coming.

Companies don’t need to bankrupt their coffers to keep hackers from bankrupting them. Clarke says companies that spend 8% to 10% of their IT budget on cybersecurity tend to be best in class.

But even this price tag is not always necessary to outrun the proverbial bear. Alperovitch says he knows of one Fortune 500 customer in the hospitality business that spends a mere $11?million annually to defend itself, and he is convinced that it’s among the most secure he has ever seen.

At that particular concern, the chair of the board gave his cell phone number to the company’s chief information security officer and included a message: “Call me anytime, day and night, if anyone says no to you.”

As Alperovitch puts it: “At that organization, no one tells him no.”

A version of this article appears in the August 2019 issue of Fortune with the headline “The Corporate Fortress.”

掃碼打開財(cái)富Plus App
色悠久久久久久久综合网伊人| 99久久99久久免費精品蜜桃| 亚洲无码视频一区二区三区| 国产精品自在自线视频| 国产拍偷精品网站| 日韩AV在线中文字幕高清| 一级白嫩美女毛片免费| 久久久不卡国产精品一区二区| 久久久精品日本一区二区三区| 国产欧美日韩免费观看| 亚洲精品国产原创电影在线| 日韩在线观看高清视频| 国产无人区卡一卡二卡三乱码网站| 国产福利91精品一区二区三区| 亚洲AV无码片一区二区三区| 午夜国产大片免费观看| 亚洲AV女人18毛片水真多| 婷婷色香合缴缴情av第三区| 我要看一级大黄毛片| 亚洲网站免费观看| 国产男女爽爽爽免费视频| 小仙女粉嫩高潮白浆在线看视频| 97国产大学生情侣酒店| 99c视频色欲在线| 中文字幕亚洲欧美无线码一区| 亚洲无码少妇专区| 97PORM国内自拍视频| 久人人爽人人爽人人片av| 国内野外强奷在线视频| 99草草国产熟女视频在线| 少妇被又大又粗又爽毛片久久黑人| 曰欧一片内射VΑ在线影院| 精品久久久噜噜噜久久久| 精品人妻系列无码天堂| 国产99视频精品免费观看6| 亚洲国产A∨无码中文777| 久热这里只精品99国产6| 成人免费毛片AAAAAA片| 国产成年无码av片在线韩国| 亚洲人午夜射精精品日韩| 久久天天躁夜夜躁狠狠麻|