Recently, a data deletion database security incident occurred in China. Bai, a former employee of a hospital, was unwilling to take his work seriously. In addition, his former colleagues often asked him to help solve network problems. The hospital will find a solution again”, so through a series of operations such as VPN remote operation, resetting routers, tampering with administrator passwords, deleting virtual machine files, etc., the network information system is finally paralyzed. Globally, data leakage and database deletion accidents are not accidental phenomena:
- In 2015, a U.S. multinational with "thousands of employees and numerous offices around the world" fired an IT person responsible for preventing a former employee from sabotaging the corporate network. When it was his turn to resign, you may have guessed that, yes, he deleted the database... When handling the resignation, the employee did not return the relevant equipment issued by the company normally, but directly sent it I took it home and carried out a series of database deletions, which not only resulted in the loss of data of some customers and users, but even more painful was the customer and user data that had not been included in the latest backup copy before the employee deleted the files. Finally forever! Long! leave! lose!
- The same thing will be repeated "a hundred times" in China: For example, a former employee of a company admitted that he deleted the database. After he left, he used his personal account to deploy the code, and deleted 456 units for video conferencing, video messaging, etc. Virtual machines for file sharing and other collaboration tool services. Likewise, the employee's actions have resulted in huge financial losses for the company, and he himself will face legal sanctions.
This is enough to sound the alarm for all enterprises - any governance method that takes a chance on network, data, and business system security protection, or does not pay attention or care about it, will make enterprises put themselves in the face of sudden emergencies. Dangerous situation, causing direct or indirect economic losses, and even more serious disasters may suffer . In the era of the Industrial Internet, no company can completely avoid the use of networks, systems, and data. However, employees can delete the database, and resigned employees can also access the company network, which shows that there are very serious problems in the security deployment and rights management of enterprises .
At the root, enterprise information security is often closely related to internal and external related technologies, processes, and people, and among the three, the “people” variable is the most obvious.
From the inside of the company -
Risk 1: At the technical level, improper selection of models by IT technicians will cause intermittent system downtime, unrecoverable data without backup, etc.;
Risk 2: At the process level, the high authority of a single person implies the risk of deliberate destruction and misoperation, such as privileged users being given too many access rights;
Risk 3: At the personnel level, the service crashes or the core database is deleted due to human operations, including employee data theft, employee bribery and sales of information, and retaliatory operations by operation and maintenance personnel.
From the external environment -
Risk 4: Hackers will use specific vulnerabilities to steal information for show or other purposes;
Risk 5: Attacks from malicious actors, including phishing scams, data theft ransoms, spear phishing campaigns.
All of the above are man-made disasters, whether intentional or unintentional, and will eventually lead to network security incidents.
In the final analysis, the security problem is the result of the comprehensive effect of "people + methods + tools". The three work together, not only restraining and restraining each other, but also producing a security protection bonus effect of 1+1+1>3. The retaliation incident of the former employees of the hospital has largely confirmed the ability of the business information system to attach importance to security protection, optimize rights management methods, and strengthen the legal awareness of relevant personnel .
So how to quickly build safe, stable, and cost-effective business IT capabilities?
Integrating the company's business to the cloud is an effective way to reduce costs and increase efficiency for enterprise information security protection. It is a general trend for enterprises to go to the cloud. However, some enterprises still hold the concept of "holding the information on their own" and refuse to go to the cloud or just go to the cloud for some of their businesses. In fact, the self-owned network and system architecture is a double-edged sword, and it also hides great risks: in the state of "not going to the cloud", operation and maintenance personnel are more likely to have the opportunity to execute "rm -rf /*" and Extreme operation of "fdisk" type; on the other hand, because there is no relatively perfect automatic backup and recovery mechanism, the technical difficulty of data recovery and system maintenance is also greatly increased.
With the deepening of cloud infrastructure construction, migrating to the cloud has become the "optimal solution" to deal with security issues in the digital age . For example, JD.com's public cloud security operation center can provide a systematic full-process security guarantee—a security system covering prevention, detection, response, and visibility of the entire life cycle, which can provide coverage of "pre-event, in-process, and "After the fact" process assurance, create a "perception-defense-response" integrated security operation system, making business security management simpler, more effective, and more valuable.
Through unified asset management, system risk detection, Trojan killing, and hacker intrusion detection, JD Cloud Host Security builds a hybrid multi-cloud unified protection system for your cloud hosts, local servers, and containers, and satisfies the compliance requirements for security protection. Automatic data backup and recovery of specified files at any time to prevent ransomware encryption.
JD Cloud unified security hosting service builds a unified security management platform, security expert service and security hosting operation service, aiming to ensure the "continuous and effective" of user network security, and is committed to becoming the "digital and intelligent security operation steward of enterprises" to help enterprises cope with In the process of digital transformation, the security operation challenges under the complex infrastructure structure. Realize the intelligent analysis of multi-dimensional security risk events of hosts, networks, applications and data, and use the efficient operation and disposal of security orchestration and automatic response and disposal technology combined with security experts to provide users with all-weather security services.
Finally, from a humanistic perspective, companies need to take precautions before they happen, and we also need to think from the perspective of "programmers". The structure of related personnel in the system process is complex, and the requirements for "rule of man" are higher - from senior management to employees, from system handlers to security operation and maintenance personnel, from within the enterprise to service providers, only by allowing security awareness to penetrate into every one. People, strengthening people's safety ability and safety awareness is the inner driving force.
程序员
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。