I have been asked many times by company bosses whether there is such a thing as a 100% cyber-secure environment.
The simple answer is NO.
There is no such thing as a 100% secure environment, especially when you are connected to the Internet.
To have near 100% protection, you would need a team of security specialists with a wide range of disciplines, from network, systems to applications. The cost of hiring and maintaining them in itself will be a financial deterrent for most small-medium sized companies.
Hence, cybersecurity for SMEs is at best on a best effort basis.
An IT network is like a human body
公司 IT 环境就像人体。它由许多部分组成。
就像每个人体器官都有自己的疾病一样,IT 网络中的每个组件都有其漏洞。
虽然我们尽最大努力通过锻炼和正确饮食来保持健康,但我们的身体仍然容易受到某些疾病的影响。最近的COVID19病毒爆发就是一个典型的例子。疫情影响了每个人,包括健康的和不健康的人。
This analogy applies to a company’s IT environment. While all can be done to prevent it from an attack, if there is a new virus or there is a deliberate focus attack on the network, the network will be compromised. There have been many cases of such breaches even in an organization with sophisticated cyber security defense.
漏洞无处不在
漏洞存在于整个 IT 环境中,从网络基础设施、系统到应用程序。即使是从事这项工作的人也是一个漏洞。
让我们从防火墙等外围防御开始,端口可能会意外地保持打开状态,从而允许精明的黑客使用它进入网络。
所有计算设备和服务器都需要作系统。这些作系统本身是出了名的错误。您可以通过每年需要进行的更新次数来判断。
精明的黑客可以轻松地对这些作系统的核心发起攻击,而没有人会知道它,包括软件供应商本身。
对于所有其他应用程序也是如此。
This issue exists because software development companies were traditionally more focused on application functionality and usability. They were also pressed to launch their products quickly. Application security was not part of their initial design priorities. Hence security gaps abound.
更糟糕的是,所有公司都在采用比以往更多的技术。 因此,网络犯罪分子可以利用的漏洞将越来越多。
当物联网变得无处不在地连接一切时,网络违规的弊病及其影响将呈指数级增长。 这将是一场网络安全的噩梦。
[thrive_leads id=’505′]
缺乏优先权
在大多数中小型设置中,与销售、盈利能力和运营问题不同,拥有基线网络安全防御的需求并不是管理层的优先事项。
他们通常更关心销售、盈利能力和运营问题,而不是安全问题。
However, this attitude needs to change as the likelihood of a breach increases every day as cybercriminals become more sophisticated.
随着隐私法的出台,情况更加紧迫。
在大多数隐私法中,公司董事应对任何涉及个人数据的违规行为负责。这与他们是否直接参与无关。
Implementing a baseline cybersecurity solution and having an education program for employees is more critical than before.
没有多少公司意识到实施网络安全解决方案的成本只是任何赎金或罚款成本的一小部分。老板应该考虑研究如何改善公司的网络态势。
