增强网络安全并打造韧性的四项举措
Each year top CISOs and high-level government officials make the pilgrimage to events like Black Hat and the RSA Conference to share their views on the current threat landscape and the state of cybersecurity. What are some of the typical topics?
“Protecting AI implementations is today’s top priority"
"Already massive distributed denial of service (DDoS) attacks are amplified further”
“医疗行业和关键基础设施面临的勒索软件威胁日益严重”
“API 安全措施不足,软件供应链攻击日益受到关注”
“AI-driven phishing and social engineering attacks are the new normal”
“本地 VPN 基础设施漏洞不断增加并遭到利用”
And of course: "Things will get worse on the cyber front before they get better.”
With challenges like these, it's easy to get caught up in the excitement of future innovations and the promise of new solutions. But amid the anticipation and speculation of what’s to come, security professionals must stay grounded in the present and remain focused on the immediate challenges at hand.
关注当前网络安全的紧迫性
While it’s tempting to constantly look toward the distant horizon, many organizations still need help with the basics, like web application firewalls (WAFs) or DDoS protection. Recent record-breaking DDoS attacks and high-profile breaches underscore the need for organizations to be fully engaged in their current cyber security efforts. Action must be taken now to protect from today’sthe very real threats we face today. Looking too far ahead or waiting for future solutions is not an option. And, the truth is many organizations aren’t executing well on the fundamentals with the technology they already have. With tight budgets and an ongoing cyber security talent shortage, what are the chances teams can effectively add any more to their already full plates?
over the horizon and discuss future threats and emerging security capabilities. But, all too often I find the companies I speak with still need help with the basics like web application firewall (WAF) or DDoS protection. Incidents like last year’s record-breaking DDoS attacks and recent high-profile breaches underscore the need for organizations to be fully engaged in their current cybersecurity efforts. Action must be taken now to protect from the very real threats we face today. Looking too far ahead or waiting for future solutions is not an option. And, the truth is many organizations aren’t executing well on the fundamentals with the technology they already have. With tight budgets and an ongoing cyber security talent shortage, what are the chances teams can effectively add any more to their already full plates?
简化安全方法,构建安全韧性
为了增强网络安全并构建韧性,公司当前应优先考虑以下四项关键举措:
1. 大力开展员工安全意识培训,并考虑纳入 AI 意识模块,以应对不断变化的威胁。虽然仅靠培训不能解决所有问题,但如果放任员工无力识别和应对潜在威胁,风险实在太高。培训目标始终是赋能员工,让他们参与到解决方案中,而不是推卸责任。董事会和高管也应参与培训,因为他们将是主要攻击目标。
2. 开始实施 Zero Trust 原则,并以强大的多层安全控制措施为后盾,重点保护电子邮件收件箱防范网络钓鱼攻击。通过在这个常见的入口点保护用户,可以显著降低员工无意中成为攻击手段的风险。
3 .淘汰传统的网络设备和安全设备,它们不仅耗费宝贵的管理时间和资源,还会给安全技术栈带来漏洞。简化安全技术栈并整合供应商,以充分利用现有的但可能未得到充分利用的功能。
4. 对组织的各个方面进行全面审查,以降低整体复杂性,缩小攻击面,并重新专注于有效执行网络安全的基本原则。评估哪些资源可能因保护过于复杂的系统而过度消耗,并考虑可以移除或简化哪些资源。
通过简化安全方法并专注于构建韧性,企业可以创建更有效的网络安全态势,更好地应对当前和未来的挑战。
平衡现在与未来
请不要误解我的意思,参加网络安全会议无疑是有价值的。无论如何,一定要利用这段时间与团队一起充电。但必须采用战略思维来看待这些活动。不要为供应商的炒作以及对未来的猜测而困扰。相反,应该利用这些机会为目前实施的计划注入新的活力,并巩固对于成功抵御威胁至关重要的基本原则。
成功的企业会在投入资源应对当前挑战与放眼未来之间取得平衡,确保他们为应对当前和未来不断变化的威胁形势做好准备。
携手合作,共创未来
Cloudflare 深知企业在确保当前安全与为未来做好准备之间取得微妙平衡时所面临的挑战。正因如此,我们的安全解决方案以韧性、简洁和应对当前挑战为核心。我们深知复杂性是安全的大敌,因此,我们的平台旨在简化和整合安全,让企业能够专注于最重要的关键控制措施,从而增强韧性。
在这个瞬息万变的世界,拥有一个可靠的合作伙伴��至关重要。Cloudflare 致力于成为这样的合作伙伴,不仅在当下,也为未来做好准备。让我们帮助您应对网络安全的复杂性,以便您可以专注于最重要的事情:保护企业、客户和数据安全。
Cloudflare 就影响当今技术决策者的最新趋势和主题发布了系列文章,本文为其一。
作者
John Engates — @jengates
前现场首席技术官,Cloudflare
关键要点
阅读本文后,您将能够了解:
如何平衡当今的威胁防御与不断演变的未来安全格局
简化安全和关注韧性的重要作用
提升网络防范能力的四项关键举措