增強網路安全性和建立韌性的 4 項舉措
Each year top CISOs and high-level government officials make the pilgrimage to events like Black Hat and the RSA Conference to share their views on the current threat landscape and the state of cybersecurity. What are some of the typical topics?
“Protecting AI implementations is today’s top priority"
"Already massive distributed denial of service (DDoS) attacks are amplified further”
「醫療保健和關鍵基礎架構面臨越來越多的勒索軟體威脅」
「API 安全措施不足,軟體供應鏈攻擊日益令人擔憂」
“AI-driven phishing and social engineering attacks are the new normal”
「內部部署 VPN 基礎架構漏洞不斷累積並遭到利用」
And of course: "Things will get worse on the cyber front before they get better.”
With challenges like these, it's easy to get caught up in the excitement of future innovations and the promise of new solutions. But amid the anticipation and speculation of what’s to come, security professionals must stay grounded in the present and remain focused on the immediate challenges at hand.
現今網路安全的緊迫性
While it’s tempting to constantly look toward the distant horizon, many organizations still need help with the basics, like web application firewalls (WAFs) or DDoS protection. Recent record-breaking DDoS attacks and high-profile breaches underscore the need for organizations to be fully engaged in their current cyber security efforts. Action must be taken now to protect from today’sthe very real threats we face today. Looking too far ahead or waiting for future solutions is not an option. And, the truth is many organizations aren’t executing well on the fundamentals with the technology they already have. With tight budgets and an ongoing cyber security talent shortage, what are the chances teams can effectively add any more to their already full plates?
over the horizon and discuss future threats and emerging security capabilities. But, all too often I find the companies I speak with still need help with the basics like web application firewall (WAF) or DDoS protection. Incidents like last year’s record-breaking DDoS attacks and recent high-profile breaches underscore the need for organizations to be fully engaged in their current cybersecurity efforts. Action must be taken now to protect from the very real threats we face today. Looking too far ahead or waiting for future solutions is not an option. And, the truth is many organizations aren’t executing well on the fundamentals with the technology they already have. With tight budgets and an ongoing cyber security talent shortage, what are the chances teams can effectively add any more to their already full plates?
擁抱韌性和簡便性
為了在當下提升網路安全性並建立韌性,企業應優先考慮以下四項關鍵舉措:
1. 加倍重視員工的安全意識訓練,並考慮整合 AI 意識模組以應對不斷變化的威脅。雖然僅靠訓練不能解決所有問題,但風險實在太高,不能讓員工在識別和應對潛在威脅方面毫無準備。我們的目標應該始終是將授權員工作為解決方案的一部分,而不是責備他們。要將董事會和高層主管納入訓練範圍,因為他們將成為主要目標。
2. 開始實施由強大的多層次安全控制措施支援的 Zero Trust 原則,特別要著重保護電子郵件收件匣免受網路釣魚嘗試。透過在這個常見的進入點保護使用者,可以顯著降低員工無意中成為攻擊媒介的風險。
3 .淘汰傳統網路裝置和安全設備,因為它們不僅需要耗費寶貴的時間和資源來進行管理,還會為您的安全堆疊帶來漏洞。簡化您的安全技術堆疊並整合廠商,以充分利用您已有的可能未充分利用的功能。
4. 檢查整個組織,以降低整體複雜性、限制攻擊面,並重新專注於切實執行網路安全的基本要素。評估哪些資源可能因保護過度複雜的系統而不成比例地消耗,並考慮可以移除或簡化哪些資源。
透過簡化其安全方法並專注於韌性,組織可以建立更有效的網路安全狀態,從而更好地應對當前和未來的各種挑戰。
平衡現在與未來
別誤會,參加網路安全會議無疑是非常有價值的。一定要去,並利用這段時間與團隊一起充電。但以戰略性思維參加這些活動至關重要。不要被廠商的炒作和對未來的猜測所迷惑。相反,應利用這些機會來重振您目前已實施的計畫,並鞏固對成功至關重要的基礎。
成功的組織將在投入資源應對當前挑戰和關注未來之間取得平衡,確保他們為當今的威脅和未來不斷變化的情勢做好準備。
攜手合作,共創未來
在 Cloudflare,我們深知各組織在保護現在和為未來做準備之間尋求微妙平衡時所面臨的挑戰。這就是為什麼我們的安全解決方案以韌性、簡單性和當今行動為首要目標。我們明白,複雜性是安全的敵人,因此,我們的平台旨在簡化和整合安全性,讓組織透過專注於最重要的控制措施來建立韌性。
在瞬息萬變的世界中,擁有一個可靠的合作��夥伴可以使一切變得不同。Cloudflare 致力於成為這樣的合作夥伴——不僅僅是今天,而是無論明天帶來什麼樣的挑戰。讓我們幫助您應對網路安全的複雜性,而您可以專注於最重要的事情:保護您的組織、客戶和資料。
Cloudflare 就影響當今技術決策者的最新趨勢和主題發表了一系列文章,本文為其一。
作者
John Engates — @jengates
Cloudflare 前現場技術長
重點
閱讀本文後,您將能夠瞭解:
如何平衡當下的威脅與未來不斷演變的安全格局
簡化安全性並專注於韌性的重要性
提升網路準備就緒程度的 4 項關鍵舉措