为什么它的时间停止主叫用户ts n00bs

Share on Twitter
分享推特
Share on Google+
分享谷歌
Share on LinkedIn
分享LinkedIn
Share on Reddit
分享在Reddit
This is a guest post by Sophos security expert James Burchell.James has appeared on Naked Security and Sophos News before, live in person in videos and podcasts. This is his first written article – we’re looking forward to his next!
网络安全法视频宣传片 第二集 国家网络安全的现状与重要性概述
这是由Sophos的安全专家James Burchell做客后,杰姆斯已经出现在赤裸的安全,Sophos消息之前,生活在视频和播客的人。这是他的第一篇文章。
October is National Cybersecurity Awareness Month (NCSAM) and this week’s theme is Cyber­security in the workplace is everyone’s business.
十月是国家网络安全意识月(ncsam)本周的主题是网络
Naked Security asked me what I’d do to make cybersecurity into a company-wide deal, rather than just relying on programmers and IT gurus to keep us all safe.
裸体保安问我什么

After all, even if we were able to write bug-free code and deploy it perfectly, cybersecurity would still be a massive problem, because one of the biggest risks to any organisation is a biological one – humans!
毕竟,即使我们能够编写无缺陷的代码并完美地部署它,网络安全仍然是一个巨大的问题,因为任何组织面临的最大风险之一是生物性的——人类!
If you’re a techie or on the IT staff inside your company, you’ll know what I mean: you love users, yet you hate them; you call them n00bs; you deal with 1d10t errors on a daily basis.
如果你
Nevertheless, you also have to acknowledge that they’re inside every network, amongst some of your organisation’s most closesly guarded secrets.
不过,你也不得不承认,他们在每一个网络,其中的一些你的组织
So, here’s how I see the problem.
所以,在这里
Sophos Home
Sophos的家
Free home computer security software for all the family
所有的家庭免费上门电脑安全软件
Learn More
了解更多
In today’s world, every organisation can be considered a high-tech business.
在今天
Modern technology enables your business to reach more customers, and allows your humans to be more productive, though sometimes in a less controlled way than you might like.
现代技术使你的企业能够接触更多的客户,并让你的员工更有效率,尽管有时你的控制方式可能比你所希望的要少。
The same technology, unfortunately, allows the Bad Guys to reach your business in a myriad of different ways, too.
不幸的是,同样的技术也允许坏人以各种不同的方式接触到你的生意。
Believe it or not, most of the actions performed by your humans are not done with malicious intent.
信不信由你,你们人类所做的大部分行为并不是恶意的。
Alice didn’t mean to lose her laptop, Bob didn’t realise that he was sending that email to the wrong person and Charlie genuinely thought he received a parcel delivery notification from his courier.
爱丽丝并没有失去她的笔记本电脑,鲍伯没有意识到他把那封电子邮件发送给了错误的人,而查利真的认为他收到了快递员的包裹递送通知。
Yet, after nearly 30 years of trying and billions of pounds in investment, we are still struggling with cybersecurity because we often fail to recognise that the issue is more than just a technical problem.
然而,经过年的努力和数十亿英镑的投资后,我们仍然在与网络安全作斗争,因为我们常常没有意识到这个问题不仅仅是一个技术问题。
The human firewall
人类的防火墙
So rather than looking at your humans and wondering about what PEBKAC [] issues you’ll have to deal with next, instead look at them as having the potential to be individual human firewalls.
而不是看你的人和不知道什么pebkac [ ]问题要处理的下一步,而不是看他们已经是个人防火墙的潜力。
Weaponise them with enough knowledge to recognise a potential attack on their human emotions, and instil trust in them that they won’t be cast to the lions if they accidentally click on a link suggested by a hoodie-wearing hacker who’s sitting on the other side of the world.
前他们有足够的知识来识别他们的人类情感的一个潜在的攻击,并灌输信任他们,他们不会投给狮子如果他们无意中点击一个链接的连帽衫穿着黑客坐在世界的另一边的人的建议。
Do that, and you will have one of the best detection and remediation systems that money can buy.
做到这一点,你将有一个最好的检测和补救系统,金钱可以买到。
Create awareness
创造意识
Create awareness around the office.
在办公室周围创造意识。
Get buy-in from a senior member of the organisation and consider having a dedicated area on the intranet where people can ask questions or as a place where you can post useful hints and tips, such as where to find great free security tools for personal use. (Sophos Home would be a good suggestion!)
利用社交工程的诈骗攻击不断,针对网站漏洞的会越来越受到黑客们的青睐。
从一个组织的资深成员那里购买,并考虑在Intranet上有一个专门的区域,人们可以在这里提问,或者作为一个地方发布有用的提示和提示,比如在哪里可以找到用于个人使用的免费安全工具。(Sophos的家会是一个很好的建议!)
Once you’ve created awareness, the natural progression is to measure who within your organisation is susceptible to phishing attacks – this is something that a phishing simulation toolkit can help you to identify.
一旦你建立了意识,自然发展就是衡量你的组织内谁容易受到网络钓鱼攻击。
If staff fail your phishing tests, don’t call them out or embarrass them – give them personal counselling to help them improve, to reduce the chance they’ll fall for phishing tricks again, and to get them on your side so they are ready to report potential security problems in the future rather than to sweep them under the carpet and hope no one notices.
如果员工失败了你的网络钓鱼测试,唐
Don’t ignore a particular department or person just because they are too busy or seem too important – those are great reasons for a cybercriminal to target them specifically, so make sure they’re included in your awareness activities.

Don’t be grumpy and mean

You’ll also win friends and influence people if you take care to show that not everyone in IT is there to be grumpy and mean.

Why not find a way to reward people for identifying potential security issues, all the way from keeping an eye out for tailgaters trying to slip into the building, to reporting dodgy emails with suspicious links and attachments?
为什么不找到一种方式来奖励人们识别潜在的安全问题,所有的方式从留心追随者们试图进入大楼,报告可疑的电子邮件的可疑链接和附件?
Consider something as simple as having a jar of sweets or chocolate in the IT area so that people want to come and talk about security.
考虑一些简单的事情,比如在IT领域里有一罐糖果或巧克力,这样人们就可以来谈谈安全问题。
Or enter everyone who contacts you with a concern or reports a potential security issue into a monthly raffle for a prize such as a gift voucher.
或输入每个人与你联系,或担心潜在的安全问题,每月抽奖等奖品,如礼券。
Build a security team of everyone
建立一个人人安全的团队
Just think of the malware scare when Charlie clicked on that phishing email, and the position you found yourself in running around to figure out what happened.
试想一下,当查利点击钓鱼邮件时,恶意软件的恐慌,以及你发现自己在到处寻找到底发生了什么。
Is it better for Charlie to hide what he’s done, fearing reprisal or ridicule from the IT team, or for him to approach you quickly and warn you about what just happened?
这是更好地为查利隐瞒他做什么,因为担心遭到报复或嘲笑的IT团队,或者他接近你快速提醒你发生了什么事?
The latter would certainly put you in a better position to respond…
后者当然会给你一个更好的位置来回应
…so putting humans into your threat and risk assessments and creating a culture of security will put you and your business in a great position to face whatever comes next.
At the end of the day, every employee should be a part of the security team.
在一天结束的时候,每一个员工都应是安全团队的一部分。
访问控制的设定也要灵活,得考虑具体业务特点,不当的安全设置的反面后果可能会影响到员工工作的主动积极性并且增加控制成本。

猜您喜欢

直播业建黑名单制度 保护个人信息安全
网络安全人人有责公益教育短片——APT高级持续性威胁
网络安全法宣传视频系列001《网络安全法》背景知识
10月成都首场土拍成交价未过万 和上月相比差距大
IPCHANGE BINGHAMTONMIS
网络犯罪日益猖獗,信息安全专家必须改变安全战略