What can save you? Enterprise information security

In the past year, information security incidents occurred frequently at home and abroad: British broadband operators, American medical institutions, Chinese social security system, etc. have all been exposed to scandals of being hacked and causing a large amount of user data to be leaked. Information security has become an issue that cannot be ignored in the Internet field. What are the factors behind this that deserve attention? Faced with the ubiquitous information security challenges, how should enterprises respond?

On March 23, EY released the "EY 18th Global Information Security Survey Report" with the theme of "Creating a Trusted Digital World". We may be able to get some inspiration from it.

What kind of attacks does the digital world face?

As the saying goes, knowing yourself and your enemy ensures victory in a hundred battles. Only by better understanding the actual threats in the network environment can we better resolve potential crises.

Ernst & Young conducted an information security survey on 1,755 companies around the world. The results showed that criminal groups (59%), internal employees (56%) and hacker organizations (54%) were the top three most likely sources of cyber attacks, while attackers with a national background (35%) ranked sixth on the list. Compared with Ernst & Young's survey results last year, respondents' scores for criminal groups, hacker organizations and attackers with a national background have improved. In 2014, the scores for each were criminal groups (53%), internal employees (46%) and hacker organizations (27%).

How do hackers invade corporate data?

In the "Internet +" era, digitalization affects every aspect of a company's operations and has become a risk management issue at the enterprise level. To design a good set of defense measures, we must first understand what hackers are thinking and how they will launch an attack.

According to Ruan Qikang, partner of Ernst & Young Greater China Information Consulting Services, the first step is for hackers to collect a large amount of information about a company, analyze the company's vulnerabilities, and then start designing different attack scenarios. After successfully controlling the company's internal system, hackers will use it as a springboard to further invade the company's email, financial and other systems to carry out illegal activities.

What can save you? Enterprise information security

The survey results show that 20% of respondents said they were unable to estimate the total financial losses related to cyber incidents in the past 12 months, and 88% of respondents did not believe that their information security fully met corporate needs.

54% of respondents’ information security functions currently do not have roles or departments that focus on emerging technologies and their impact; 36% of respondents do not have a threat intelligence system plan; only 12% of respondents believe that the information security function fully meets the needs of the enterprise; the proportion of respondents who do not have a security management platform has increased from 42% in 2014 to 47%; in addition, the proportion of respondents who do not have an identity and access management system has increased from 12% in 2014 to 18%.

It can be seen that the security defense capabilities of enterprises today are still not optimistic. Ernst & Young pointed out that due to the continuous change of tactics, persistence and capabilities of cyber attackers, the nature of cyber threats has also changed, and many measures that were previously considered advanced have now become only basic.

In the face of these threats, EY recommends that enterprises should turn to active defense to actively respond to security threats. Enterprises should continue to take proactive measures to prevent cyber attackers, establish more advanced security management platforms, and use cyber threat intelligence perception systems to effectively maintain operational consistency, help carry out active defense, find potential attackers, analyze and evaluate threats, and eliminate them before they damage the company's key assets.

Li Rui, partner of information security services in North China at EY, said, "Active defense will not replace traditional security operations, but organize and consolidate them. Cybersecurity is not just a technical issue, nor is it limited to the IT field. It is not only the responsibility of every board member, but also affects all levels of the enterprise and every member of the top management in various ways, often hidden and difficult to identify. EY can help you take a customized risk-centric approach to cybersecurity, from strategy to execution, to achieve better and more lasting results. Thereby better protecting your business and creating more trust for your brand."

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.