Promote trust in the digital world

The pandemic has accelerated the digital transformation , Beyond anyone's imagination . Considering the increased network security risks brought by digital technology , What should society do to prevent cyber attacks 、 Reduce losses and enhance trust ？ In this post , I will try to explain how through consciousness 、 Culture and reasonable control （ For example, implement zero trust architecture 、 Encryption and digital sovereignty , And sharing information to build a trusted partner network .

Promote trust with awareness and culture

With artificial intelligence 、 Cloud computing 、 Blockchain and the Internet of things (IoT) And other new technologies become more and more prominent in the workplace , Digital trust practitioners will need to adapt responsibly and safely . Besides , Effective safety requires skilled personnel , This is now hampered by inadequate network security skills . Individuals who have received basic training will be better able to protect their organization . For healthcare And other key infrastructure blackmail software groups , Making large-scale data leakage on the rise , Is endangering the government to protect the lives of citizens 、 The capacity for property and well-being . Some countries advocate taking some public and private security measures to deal with the dangers brought by cyber security attacks .

Strengthen trust through reasonable control

in the past , Organizations can establish reasonable defenses based on physical barriers and peripheral controls . As cloud computing and mobile computing become the norm , Strong identity based authentication is a key step to enhance trust in the digital world . Implement preventive safety control , Such as multifactor authentication 、 encryption 、 Strategies such as zero trust architecture and digital sovereignty are the basic pillars of strengthening digital trust . Besides , Companies of all sizes need to strengthen trust through reasonable control , In order to better deal with network security threats . be based on NIST Network security framework , Here I list seven areas that enterprises can focus on . Achieving these goals will greatly contribute to enhancing the organization's security posture , At the same time, it meets the regulatory compliance requirements of various countries and industries , Including the growing network security and Privacy Act .

• distinguish ： An organization must be able to find and classify data anywhere it is located . These data can take many forms ： file 、 Databases and big data ; Distributed in local storage 、 In the cloud and backup . Data security and compliance begin with discovering exposed sensitive data in front of hackers and auditors . Identify those that enable the organization and its stakeholders to identify sensitive data and key business processes “ Content ” and “ Location ”, Thus, appropriate safety measures can be implemented .
• Zero trust protection ： Zero trust Of The slogan is “ Don't trust anyone , Always verify ”. people 、 The machine and API Should be based on their identity 、 Purpose and use context use this method for authentication . Then it can be extracted under the control of zero trust 、 transmission 、 Storage 、 Analyze and operate basic data , To produce meaningful results .
• Protect through encryption and de identification ： Once an organization knows where its sensitive data is , It can apply key data leakage mitigation controls , Such as encryption or tokenization . In order to successfully protect the encryption and tokenization of sensitive data , The encryption key itself must be organized Protect 、 Management and control . Even if the data is inadvertently leaked , Once encrypted or de identified , The generated data string is nonsense in the eyes of unauthorized people , No value .
• With Digital sovereignty protection ： The term refers to putting encryption and data access under your control . This eliminates the risk of regulatory non-compliance caused by sensitive data falling into the hands of others without explicit permission . Digital sovereignty promotes cloud operation , At the same time, it avoids supplier locking .
• Detect through continuous monitoring and evaluation ： This enables organizations to always focus on information security 、 Vulnerabilities and threats , To support risk management decisions . To detect ongoing or recent attacks , Malicious insiders must be monitored 、 Privileged users 、APT、 Abnormal conditions of system and user behavior and other network threats .
• Respond to ： By testing 、 distinguish 、 analysis 、 control 、 eliminate 、 Recover and learn to prepare for events .
• Restore business continuity and resilience ： Business continuity plan (BCP)、 Event response plan (IRP) And disaster recovery plans (DRP) The implementation of can ensure that even if an accident occurs 、 Critical or abnormal operating conditions , The operation can also happen as usual .

Share Information , Build a network of trusted partners

The hacker community continues Development , Make victims of public and private sectors , It causes trillions of dollars of losses every year . In order to better understand and adapt to the changing threat situation , Organizations must share information with each other , To build a trusted partner network , And implement and develop safety baselines and policies , To strengthen the defense and response plan . for example , Hong Kong SAR government Cyber​​sec Infohub And the latest in the United States administrative decree Call on the government and basic service providers to share information related to network security , And effectively cooperate to resist the growing threat of network attacks .

I hope the above list can help you improve your network security preparation , And provide some information about avoiding network attacks 、 Insights on steps to reduce damage and strengthen trust . therefore , To make a long story short , We need a secure digital society , And the only way to achieve this goal is through consciousness 、 Culture 、 Wise control and information sharing to build a trusted partner network .