信息時代,企業(yè)的信息安全受到了嚴(yán)峻挑戰(zhàn)。許多高管在聽到被黑客入侵的消息的第一反應(yīng)是如何自保,但是對CEO而言,黑客的襲擊或許是發(fā)現(xiàn)公司“內(nèi)鬼”的絕佳時機(jī)——因為往往出漏洞的不是公司系統(tǒng),而是員工的忠誠。
測試中可能遇到的詞匯和知識:
dossier檔案,卷宗['d?s??]
malicious惡意的;蓄意的 [m?'l???s]
cyber security網(wǎng)絡(luò)安全
gullible易受騙的;輕信的['g?l?b(?)l]
burglary盜竊;入室行竊 ['b??gl?r?]
malevolent惡毒的;壞心腸的[m?'lev(?)l(?)nt]
succumb屈服;被壓 [s?'k?m]
perplexed 困惑的;不知所措的 [p?'plekst]
By Andrew Hill
Tax inspectors, the fraud squad, the regulator's enforcement director. Latterly, chief executives have had to add a new group to the list of people they would rather not hear are waiting in the lobby: secret agents.
When MI5 or the Federal Bureau of Investigation tells a company that hackers have attacked, it does not surprise me to learn that the boss's first reaction is self-preservation. Chief executives figure they need not worry about the theft of valuable intellectual property, because the repercussions may not hit until their successor is in charge, if they hit at all. So law enforcers sometimes include a few of the chief executive's stolen personal emails in their dossier for him or her: it tends to concentrate their minds.
Their tactic points to two factors that are increasingly vital in handling malicious hacking. First, the main weaknesses in most organisations are not technological — flammable firewalls, shaky software — but human. Second, the quest to improve cyber security will unearth management defects: in this case, the extreme short-termism and self-interest of the CEO.
Since a villain pressed send on the first phishing email, the human factor has played a part in cyber plots.
So-called Nigerian scams — where the widow of a general promises you money to help transfer their fortune — are crude for a reason: the gullible few who believe the first letter are most likely to swallow the whole tale.
More recently, criminals have started fabricating attacks, to extort money from a company or destabilise its share price. Again, the approach exploits basic human frailty. As a senior executive, you may well not know whether the hack is real or not (it still takes at least 99 days for companies to discover a breach, says consultancy Mandiant), so are you prepared to risk denouncing the news as fake?
You may by now be hunched in your office, gibbering in helpless paranoia. But on the assumption all big companies are under hostile cyber fire all the time — Volkswagen said last year it was facing 6,000 attacks a week — you would be better recasting the threat as an opportunity.
As Amitava Dutta and Kevin McCrohan of George Mason University wrote presciently in 2002, in the early days of cyber risk, “information security is not a technical issue; it is a management issue”. Leadership, culture and structure (or lack of them) have a “significant impact” on what happens in an attack. So reassess your company's priorities. The theft of research data may not hurt in the way a cyber-burglary of your private emails does, but it is far more material to the long-term health of the company.
Spring-clean your structure. Finding out what information you hold, and where, is an excuse to declutter subsidiaries as well as servers.
Update lines of communication, internal and external, and re-examine what your response will say about your attitude to different interests. Yahoo failed for two years to disclose a huge security breach as it sought to sell its core business, inviting criticism from users, investors and watchdogs.
Make sure your staff are engaged. Carelessness about security may suggest waning loyalty and lead to recklessness and, worse, malevolent attacks from the inside.
Review your network. Suppliers' lax controls could easily spread infection to your company.
Finally, get ready. Executives' first reaction to a breach is often “Who did this to me?”, followed by a search for the “guilty”, Dave Palmer of Darktrace, a cyber technology group, told a recent FT125 debate. Others succumb to what one lawyer called “decisive inertia”, or default to the wrong response, a bit like the mayor of Amity, the fictional seaside resort in Jaws, who kept the beach open for the good of the city while ignoring growing evidence of lethal shark activity.
By contrast, when San Francisco's public transit system was held hostage by cyber attackers last year, managers could decide quickly to open the gates and allow free travel. But if hackers had compromised safety rather than payments, the correct decision would have been to close the network.
Elizabeth Corley, vice-chair of Allianz Global Investors, told the same FT125 delegates that boards were going through “a revolution”. Good cyber security, like worker health and safety, is becoming obligatory, she said.
Her comment reminded me of how, as new chief executive of Alcoa, Paul O'Neill focused the aluminium manufacturer on improving worker safety in the 1980s. Investors were perplexed. But Charles Duhigg recounts in The Power of Habit that the policy triggered “a chain reaction … that lifted profits”.
In the same way, hackers may be inadvertently performing a useful service: prompting executives to patch the human weaknesses at the heart of their organisations.
1.What would be boss's first reaction when hacker attacks?
A.Think about self-preservation
B.Try to find out why they get attacked
C.Stay calm and be organized
D.Hunch in the office and gibber in helpless paranoia
答案(1)
2.What is the main weaknesses in most organisations?
A.Technology
B.Human
C.Finance
D.Management
答案(2)
3.How often will Volkswagen get attack?
A.6,000 a day
B.6,000 a week
C.6,000 a month
D.6,000 a year
答案(3)
4.Why could hackers perform as a useful service?
A.It could help to improve company's software
B.It could change the way of management
C.It can be used as a marketing strategy
D.It's an opportunity to find out the human weaknesses in the organisations
答案(4)
(1)答案:A.Think about self-preservation
解釋:對大多數(shù)的老板而言,當(dāng)他們聽到公司網(wǎng)絡(luò)遭到入侵的消息時,第一反應(yīng)是想辦法如何自保,因為他們深知即時這些攻擊會對公司造成影響,也會發(fā)生在他的繼任者上任之后。
(2)答案:B.Human
解釋:對絕大多數(shù)企業(yè)來說,最大的弱點不在于科技方面的,而在于員工,員工的忠誠度存在問題,于是導(dǎo)致了信息安全的漏洞。
(3)答案:B.6,000 a week
解釋:大眾汽車公司平均每周就要受到6000次的黑客攻擊,因此對企業(yè)來說遭到網(wǎng)絡(luò)攻擊并不是一件什么不得了的事情。
(4)答案:D.It's an opportunity to find out the human weaknesses in the organisations
解釋:對聰明的管理者來說,網(wǎng)絡(luò)攻擊可以被當(dāng)做一個找到公司內(nèi)部間諜的絕佳時機(jī)。