It’s hard to say goodbye in the era of “streaking” on the Internet

There is no end to the network’s offensive and defensive confrontation, and there is no absolute security.

It's hard to say goodbye in the era of "streaking" on the Internet

In 1986, many people who used computers encountered a strange thing: the computer lost memory inexplicably, the hard disk drive was extremely slow, and even suddenly crashed.

These computers were infected with the “brain virus” (C-BRAIN)-the first popular computer virus recognized worldwide.

The brain virus was written by a pair of Pakistani brothers. The software sold by their company is often stolen and there are fewer and fewer people buying genuine software. To solve this problem, the brothers wrote a brain virus to track and attack people who illegally use their company’s software. The virus runs under the DOS system and spreads through “floppy disks”. As long as someone pirates the software, C-BRAIN will attack and “eat up” the remaining hard disk space of the thief. C-BRAIN soon infected computers all over the world.

The prevalence of brain viruses has made McAfee, who is working on a classified speech recognition project in California, very excited. The drug addict who has just given up for four years saw a business opportunity from people’s panic.

In 1987, McAfee founded the world-famous anti-virus software McAfee at home and released the world’s first commercial anti-virus software McAfee VirusScan. He was therefore known as the “father of anti-virus software.” McAfee was listed on the Nasdaq in 1992 and sold to Intel in 2010 for US$7.68 billion .

It's hard to say goodbye in the era of "streaking" on the Internet

“Father of Antivirus Software” McAfee

McAfee himself has been a bohemian throughout his life. He was an initiator of cryptocurrency, a tax opponent, a candidate for president of the United States, and a fugitive who publicly accepted drugs, guns, and sexual behavior. He was even more involved in lawsuits and controversies in his later years.

And on June 23, McAfee “suicide” died in Spanish prison, and his dramatic life came to an end.

The online world behind McAfee seems to be even more fragile.

01 Who is “streaking”?

McAfee had in August 2016, first came to China to participate in “2016 China Internet Network Security full General Assembly,” his Chinese network security industry pertinent comments: very good hardware engineering, software engineering, a little lacking.

Five years have passed, and the shortcomings of China’s software engineering have been constantly compensated. However, the security awareness of enterprises has not improved much. On the contrary, with the acceleration of digitization, the company’s protection system is full of loopholes, even those leading Internet companies with a sense of science and technology. In the “streaking”.

Let’s look at a few live cases.

2020 at 18:56 on February 23, micro-AU operation and maintenance personnel R & D center of a greeting, by personal VPN log into the company network springboard machine, data systems mercilessly delete operations. Later, the Weimeng merchant found that the store backstage could not be logged in, and even the official website of Weimeng could not be opened.

In the evening, merchants shouted that the new crown epidemic has caused the stagnation of offline store business. Originally, online stores can still bring some business. This downtime will undoubtedly push Weimob’s merchants into a deeper predicament. After the accident, Micro One desperate coping week did not exactly get a system problem, hundreds of thousands of businessmen families angry and helpless.

In the previous two years, Weimeng’s customer churn rate was both 27%, and the database deletion incident undoubtedly made the customer churn situation worse. After “deleting the database”, Weimob lost more than one billion market value and compensated about 93 million yuan. The revenue in the first half of the year fell by 3%. The lesson is not unfathomable.

In fact, in the past few years, the Weimeng website system has been exposed dozens of times by white hat hackers, and there have also been downtime incidents. However, these have not changed the security concept of Weimeng. Weimeng still insists on being pragmatic and even Some short-sighted decision-making style. The CTO of Weimob once shared with the media the company’s consideration of cloud providers. He ranked the elements according to their importance as follows: 1. Stability 2. Cost 3. Convenience 4. Security 5. Service. Putting the pivotal security in the penultimate place, the outbreak of the security crisis in Weimob made people feel sudden, but not surprising.

Another company is the popular Internet giant ByteDance .

June 23, that is, the “father of the anti-virus software,” McAfee leave that day, tenderness have the friends broke the news bytes beating an intern delete all other lightweight machine learning models (lite model), in the company Almost all machine learning models below the GB size have been deleted. It is reported that the intern directly deleted the parent directory and added skip trash (temporarily disable recovery when deleting files) operation, resulting in the deleted model cannot be restored.

The whole company of Byte announced that night that the accident was directly included in the P0 accident level (serious accident). There were as many as 300 people in the group that only dealt with the problem, and the scope of the business involved can be imagined.

ByteDance is known for its flat management. Interns and regular employees have the same file permissions. Such an arrangement not only improves work efficiency, but also increases security risks. How to weigh efficiency and safety is a multiple-choice question before the management of ByteDance.

There is also a story about hackers extorting Bitcoin.

On the eve of the Spring Festival in 2021, a SaaS manufacturer in the education sector was attacked by hackers and ransomed Bitcoin. Although the ransomware data system was mainly used for internal testing, it was also an external development environment. The relevant person in charge of the company told Niutoushe that some data (such as the company’s business opportunities, visit records, etc.) could not be restored due to an imperfect backup mechanism.

Data security is particularly important for SaaS vendors. A large amount of customer data is in the hands of SaaS vendors. If SaaS is hacked, it will be a disaster for customers. Fortunately, these data are the SaaS company’s own data, not from customers.

From a legal perspective, Guo Zhengjun, a lawyer at Beijing Weiji Law Firm, told Niutoushe that my country’s Civil Code protects legitimate interests related to data from multiple dimensions such as copyright, trade secrets, privacy rights, and personal information rights, but The coverage of legitimate interests related to data is not comprehensive enough. The newly promulgated “Data Security Law” clearly protects data-related rights and interests in a general way. In fact, it establishes a new form of rights-“data rights”, which are civil law, economic law, administrative law, and criminal law. Such departmental laws have laid a more comprehensive and solid foundation for further and better adjustment of social relations related to data from different dimensions and protection of interests related to data.

After all, the law focuses on punishment after the fact. To avoid losses, you need to minimize risks in advance. With the increasing popularity of digitalization today, the fragility of corporate protection systems is an indisputable fact, so why is this?

APUS is an overseas enterprise dedicated to the innovation of mobile Internet products. Over the years, it has achieved a number of technical achievements and user markets in the field of network security. Li Tao, founder and CEO of APUS, has a vivid analogy for this: In the past, important items such as paper documents were stored in safes; in the digital age, where is the “safe” for things stored in computers ?

Regarding the fragility of the protection system, Li Tao explained: “The current security system is relatively fragile, but the nature of fragility is not caused by the fragility of the digital itself. When you digitize your data and assets, when you adopt digitalization, which is more efficient When dealing with these data and assets, a corresponding protection system should be established for these data and assets. The fragility is because the supporting security protection measures have not kept up.”

After the term “digitalization” appeared many times in the representative proposals of the “Two Sessions” and government work reports, it was rewritten in the “14th Five-Year Plan” and the 2035 long-term goal last year. An era where everything can be digitized is coming to us. . Only by understanding the evolution trend of network offense and defense can we calmly deal with the security challenges of the digital age.

02 The confrontation never ends

1. What is cyber security?

Many network security, data security, information security innocently tell, all three actually turn nested relationship: network security nested under a number of data security, data security under the nesting information security.

Information security is a concept that has been widely recognized since the 1980s. It mainly emphasizes the reliability, confidentiality, controllability, and authenticity in the process of information transmission. In our lives, telephone numbers, bank deposits, Passwords, etc. are more easily linked to information security.

In the digital age, everything can be digitized. These numbers become data, and a large amount of data is generated in the business of enterprises every day. Whether the data is stolen, tampered with, or abused is the focus of data security.

Li Tao said that people are more sensitive to information security, mainly because information is a medium that connects to individuals in real time. Once information security is violated, the impact is immediately visible; but the impact of data security violations may not be immediately obvious. Data security has an impact at different levels, and information security is more time-sensitive. “Data, you can understand it as the aggregate of information for each time period.” Li Tao said.

Network security is a broader concept, which includes software, hardware, systems, terminals, data, etc. People’s perception of network security can be summarized in three changes: from information and Internet security to the security of the entire cyberspace; from personal/consumer security to organization/commercial security; from external security to internal security .

The two sides of the network offensive and defensive confrontation are like spears and shields. Over time, both of them are escalating in turn, like an endless war.

2. Cyber ​​threats continue to escalate

The history of cyber threats can be roughly divided into the budding era, the hacker era, the black industry era, and the advanced threat era. From the evolution of threats, we can see why cyber threats are increasing day by day.

The budding era (1980s-1990s): During this period, the number of computer viruses was small and the targets of attacks were uncertain. Infectious and destructive traditional computer viruses were the main threat, such as brain viruses.

The era of hackers (2000-2010): New threats such as Trojan horse programs, horse-mounted webpages, phishing websites, and rogue software appeared, and network fraud was beginning to take shape. At this stage, hackers often fight alone, such as panda burning incense.

The era of black production (2010-present): Traditional cyber threats have faded, and cyber black production has increased day by day. New types of cyber threats such as cyber fraud, ransomware, mining Trojans, DDoS attacks, and web page tampering have become popular. The era of black production basically coincides with the era of mobile Internet. The proliferation of mobile Internet has provided soil for the growth of black production on the Internet.

The era of advanced threats (2010-present): About the beginning of 2010, advanced threats emerged. Attackers no longer fight alone and begin to develop in an organized manner. This threat is called Advanced Persistent Threat (Advanced Persistent Threat).

For example, in May 2021, Colonial, the largest natural gas and diesel transportation pipeline company in the United States, ceased operations due to a ransomware attack. The attackers used illegal software to control its computer systems or data, resulting in the supply of critical fuel for the eastern coastal states of the United States. All networks were forced to shut down. Affected by this, the US government declared a national emergency.

APT’s cyber “nuclear attack” has also made the world’s largest economy nervous. With the continuous escalation of threats, as the defensive party, the past antidote can no longer be used to treat current diseases.

3. Cybersecurity thinking continues to evolve

Corresponding to network threats, the guiding ideology of network security is constantly evolving, with wall-based security ideas, data-driven security ideas, and endogenous security ideas emerging one after another.

Wall-style security concept: Use a set of software or hardware system to separate the area to be protected from the external network environment, just like building a wall outside the system. Early security products, such as firewalls and intrusion detection, are all products of this idea.

Data-driven security thinking: Around 2015, cloud computing technology has gradually matured, and companies have deployed security measures in the IT environment of their internal business systems and implemented safe cloud access. This kind of thinking believes that data is the foundation of network security, and shifts the focus of network security construction to security monitoring and threat discovery, and does not pursue 100% effective defense.

Endogenous security thought: Endogenous security was proposed by Chinese scientist Wu Jiangxing, who first publicly published relevant expositions on endogenous security at the 2016 ISC China Internet Security Conference. This idea emphasizes that by enhancing the inherent immunity of the information system, business security can be achieved. Even if the border defense of the system is breached, it can maintain healthy operation to a certain extent. Endogenous security requires that security capabilities be implanted in every necessary link of the business system, allowing enterprises to obtain self-adaptive, autonomous and self-growth security capabilities.

Some security incidents seem to be accidental, but in fact they have their inevitability. Under certain conditions, security incidents will inevitably occur. It may only be a matter of time, and the impact of people on network security cannot be ignored.

4. Face up to the power of human nature

In the network security industry, the two famous laws of failure are to warn network security practitioners not to violate or challenge human nature.

The first law of failure: all technical and management measures that violate human nature will definitely fail. When management measures violate human nature (referring to everyone’s thinking methods and behavior habits), it is inevitable that someone will try to break through the bottom line of control through technical or artificial means until the “challenge” succeeds. For the undefended internal isolation system, a breakthrough is equivalent to a breakthrough in all. Therefore, if we cannot face up to the power of human nature, we cannot effectively prevent security risks.

The second law of failure: all management measures that are not guaranteed by technical means will definitely fail. Because human nature will continue to challenge management measures, if there are not enough technical means to guarantee, such management measures are useless.

People are an important factor in all aspects of network security. The Great Wall of network security may benefit from or destroy people. In the book “Into New Security: Understanding Cyber ​​Security Threats, Technology and New Ideas”, Qi Anxin regards people as the yardstick of security. “Scale” means proper measure and standard. Qi Anxin believes that the essence of network offense and defense is not the confrontation between programs and programs, but the confrontation between people. People are the core and key of security operations, and people are the weakest link in network security work and the “vulnerabilities that are most easily broken.” “.

As a veteran of the Internet industry for 20 years, Li Tao is very familiar with enterprise-level network security, and his observations of people are more profound than ordinary people. A few words penetrate the current status and essence of my country’s network security. he thinks:

(1) Network security should trust the system and secure technology as much as possible, instead of relying on human control. Because the higher the level of network security system, the less human intervention is needed, and the more the system is separated from people; the lower the level of network security system, the more dependent on people.

(2) In the security system, people who enter must also be reviewed by different levels and protected by security levels. Li Tao believes that people are the biggest uncertainty factor in network security. Because man is a node connecting traditional society and digital society, on the one hand he is subject to the requirements and management of the digital society, but on the other hand he is affected by the traditional society; man is also a node in the security system, and the security system can only try to avoid Depends on people, but it is impossible to completely separate from people. People should have security level protection like other nodes, but people just lack level protection.

(3) Enterprises have their own positioning on network security, and this positioning is not on the same channel as security vendors. The Weimob incident mentioned above also confirms the urgent need to strengthen the security awareness of domestic enterprises. The vast majority of Chinese enterprises, including large-scale central enterprises and state-owned enterprises, urgently need to pay attention to the application scenarios and risk awareness of network security.

Under this status quo, companies cannot ignore the human factor in network security. Companies don’t think that security is the first “1”, they think of security as the back “0”. Without this “0”, the company’s business would not be large. With the improvement of network security, the development of enterprises is equivalent to an order of magnitude. This is an essential relationship.

(4) In the next 5 to 10 years, one of the major issues that Chinese enterprise-level security will overcome is the issue of human consciousness, that is, everyone must truly realize that security is a part of the enterprise’s digital ecosystem. Now, most people think that safety is just icing on the cake, not just a matter of fact. Therefore, the first priority for companies and individuals in the next few years is to integrate safety awareness into every aspect of work and study.

From another perspective, if the loss caused by security to the enterprise is large enough, the enterprise can realize the importance of security, and our security level can be higher.

(5) In the next 10 to 20 years, the problem of data security interface must be solved. Currently, cross-platform and cross-system companies still lack universal and standardized interfaces, forming isolated data islands, resulting in data that cannot safely flow on different information nodes, and therefore it is difficult to truly create social value. The two problems of system security and data flow are solved, and the efficiency of digitization will be increased by a hundredfold.

At present, many manufacturers have realized the data security interface problem raised by Li Tao. For example, SaaS manufacturer Beisen and others are also pushing for the integration of software systems, reducing the management and operating costs of enterprises by opening up data flow channels. The integration of data is also regarded as the future development trend. Under the trend of integration, the problem of data security interface will be solved.

Although the security awareness of domestic companies is often criticized, not all companies are “streaking”. Whether it is software vendors, enterprise service providers, or companies as Party A, they are approaching security in their own way. Of course, the problem also exists objectively.

03 Is it safe?

How do enterprise service providers protect customers’ network security?

Niutoushe previously interviewed Song Yi, the product director of Yilu, a one-stop HR management service platform. Yilu has created a security system called the “Onion Model” in order to ensure the safety of users’ salaries.

As the name suggests, the onion model is based on the idea that security is not achieved by one layer or solved by a special technical means. It is like an onion, which wraps and protects each other from the outside to the inside. The core salary data is Protect it. The cost of illegal elements to obtain salary data is much higher than the benefits of obtaining the data, thereby forming the security protection of the data.

Yilu’s “onion model” has a protection principle that coincides with Li Tao’s security concept. Li Tao believes that network security protection is a battle between good and evil, and the two are in the process of fighting against each other. The core of this is that the cost of cyber attacks is so high that the company does not want to attack. Faced with an asymmetrical production ratio, attackers will retreat.

There is a hidden corner of network security that can be easily overlooked, and that is the data security issue in IT equipment that is eliminated by enterprises. From data generation to data use, in the life chain of data, the obsolescence of IT equipment will become an outlet for data leakage if it is not carefully handled. The consequences will be catastrophic if handled improperly.

Cattle Reuters recently been reported, Bear u rent its enterprise IT equipment recycling business brand “Winnie U enjoy” published in the operating data, as of June 2021, the brand three years, recycling IT equipment over 7 million units, its IT The annual recycling scale of equipment has increased by multiples.

As an enterprise stakeholder, will you hand over the old IT equipment to the service provider for disposal? The public information seen by Niutoushe shows that more than 96% of the Top 100 Internet companies have chosen Xiaoxiong Ushare’s IT equipment recycling program, and there are many Internet companies such as Tencent and . From the data of Xiaoxiong Ushare, large-scale Internet companies generally choose to trust service providers.

Judging from the information disclosed by Xiaoxiong Uxiang, it is the only corporate recycling brand in the industry that has obtained the international R2 certification. The R2 (Responsible Recycling) certification is promulgated and implemented by the Sustainable Electronics Recycling International (SERI). A set of international standards on electronic recycling, but currently there are not many domestic institutions with R2 certification qualifications. Xiaoxiong Uxiang said that they provide the highest international security level data removal technology for corporate recycling equipment to maintain corporate data security with zero leakage so far.

Enterprise service providers attach so much importance to security issues. So, how do Party A’s enterprises, especially corporate CIOs, view cyber security issues?

Xu Hong is currently the Director and Chief Information Officer of the Digital Intelligence Industry Department of Suzhou Keyuo Engineering Technology Co., Ltd. (formerly the Chief Information Officer of Suzhou Tongrun Drive Group). Prior to this, he had work experience in foreign and private enterprises. Recently, both companies have encountered hacker ransomware incidents: one is the infection of general manager-level executives in China through email, and the other is through the equipment provided by the supplier. The author summarizes Xu Hong’s insights and thoughts on network security-related issues as follows:

1. Know the trade-offs under limited resources.

An enterprise’s attitude towards network security depends on the stage of its informatization and digitization. If a large amount of business informationization, from marketing to delivery, the entire manufacturing chain is in the information system, the company has higher requirements for business continuity, and it is difficult to engage in business operations and production once problems occur. Therefore, when talking about security in terms of the continuity of the information system, the recognition of the enterprise will be relatively high. On the other hand, from the perspective of business scenarios, the stronger an enterprise’s dependence on the business, the more the security medium will be enlarged.

Companies often weigh the necessity of their own safety construction based on the degree of loss. So, to what extent does security investment need to be? This is difficult to measure with loss. Therefore, it depends on the scale stage and profitability of the enterprise to build a safety guarantee system.

In view of the size and financial situation of the enterprise, the enterprise must know how to make trade-offs in the construction of network security: let everyone know where the enterprise puts the main resources, and the most important part must be absolutely guaranteed; the part that has taken security measures, To do a risk assessment, if there is a problem, there will be a quantitative concept that tells you that you can only do so much; and for this part that has not been invested in too many resources, you must be aware of and should accept it. Once a problem occurs, What is the loss incurred.

CIOs generally use this method to explain security construction strategies to decision-makers. What is the focus of security investment? To find the key points and strengthen them, make decisions after quantifying the risks and losses through the information collected.

2. The safety concept of managers needs to be improved.

The previous generation of managers had a weak understanding of security management, which was still the management philosophy before the 1970s. The understanding and awareness of network security were uneven, and the security construction plans proposed by CIOs and their value and significance would be greatly reduced.

The informatization of many enterprises is still in its infancy, and it is very hard to talk about security construction. Because leaders have special secretaries to handle content archiving and other tasks, they are more concerned about the level and authority of protection than whether the data is safe. In addition, some of the company’s organizational procedures will also cause interference and damage to security protection.

3. All employees reach a consensus on safety.

The CIO must inform all employees why the company needs to build a security system and let everyone reach a consensus that building a security system is not about the company’s distrust of individuals, and avoiding the deviation of the organization and the individual’s cognition. Let everyone understand the goals, plans, content, etc. of the safety system construction, and let employees know which channels to seek help from when they encounter problems.

On the other hand, to authorize and grant credit to different roles in the organization, we must let everyone know who (role) needs authorization and what is the relationship with security.

The phenomenon he described is more common in domestic private enterprises. Managers’ safety concepts have not kept pace with the times. They are still operating companies in the past world. Wherever they are aware of the turbulence of the cyber world, there is still a long way to go to cultivate safety awareness.

04 Conclusion

Most people think that being attacked is only accidental and coincidental. In fact, this is an inevitable event. If the system is weak, it is only a matter of time before it is attacked by network hackers. There is no end to the network’s offensive and defensive confrontation, and there is no absolute security.

Chinese people have always emphasized a sense of security, with high walls, unbreakable security doors, and even communicative expressions, to ensure that they are in a safe place where they are not attacked or accused. But in today’s era when everything can be digitized, people have come to realize the issue of network security with hindsight, or even unawareness.

The most difficult thing to overcome in network security is not technology, but those who “streaking”. It is difficult to say goodbye to this era of “streaking”.

Reference materials:

“Data Security Law of the People’s Republic of China”

Qi Anxin: “Entering New Security: Understanding Cyber ​​Security Threats, Technology and New Ideas”

Qi Xiangdong: “The Loophole”

360 Community: [Get Closer to Safety] “Two Safe Failure Laws”

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-07-05 03:26
Next 2021-07-05 03:52

Related articles