Employees supervised the theft of hundreds of millions of pieces of user information
Earlier this year, the Ministry of Public Security cracked a large theft and trafficking of citizens' personal information case.
The stolen user information mainly involved hundreds of millions of pieces in the fields of transportation, logistics, medical care, social networking and banking, etc., which were then trafficked in various ways on the online black market. Police found that the main suspects behind the scenes were employees of the company where the information leak occurred.
Industry data security experts commented that the case leaked hundreds of millions of citizens' personal information, and one of the main problems, lies in the internal data security management defects.
The situation abroad is also not optimistic. on September 22, 2016, global Internet giant Yahoo confirmed that in 2014 at least 500 million users' account information was stolen. The theft involved users' names, e-mail addresses, phone numbers, dates of birth and some login passwords.
Enterprise data and information leaks, it is easy to be used by lawless elements network black and gray industry operations for profit, the harm within the light is to steal money heavy life, last August, Shandong high school candidates Xu Yuyu was telecom fraud 9,900 yuan tuition fees to death and other data security incidents, as evidenced by the case.
In July last year, Microsoft Window10 also failed to comply with the European Union's "Safe Harbor" regulations, excessive collection of user data and was warned by the French data protection regulator CNIL's letter.
The report, released by the Internet Research Center of the Shanghai Academy of Social Sciences, pointed out that with the commercial value of data resources coming to the fore, attacks, theft, misuse and hijacking of data have continued to proliferate, and have taken on the characteristics of industrialization, hi-tech and transnationalization, presenting a whole new challenge to the level of governance of the national and data ecosystems as well as to the organization's data security capabilities.
Currently, the massive user data of important commercial websites is the core asset of enterprises, and also an important target of private hackers and even state-level attacks, and the data security management of key enterprises is even under severe pressure.
How can enterprises, organizations and other institutions improve their data security capabilities?
Enterprises and organizations urgently need to improve their data security management capabilities
"Big data security threats permeate all aspects of the big data industry such as data production, circulation and consumption, including data sources, big data processing platforms and big data analysis services and other aspects of the various types of subjects are the source of the threat." Shanghai Academy of Social Sciences, Director of the Institute of Information Hui Zhibin analyzed to the reporter that the risk causes of big data security incidents are complex and intertwined, both external attacks and internal leaks, both technical loopholes and management deficiencies, both new technologies and new modes of triggering the new risks, but also the continued triggering of traditional security issues.
On May 27, Shi Xiansheng, deputy secretary-general of the Internet Society of China (ISOC), said the Internet is increasingly becoming the basis of economic and social operations, and network data security awareness, capabilities and means of protection are facing new challenges.
The Cybersecurity Law, which will come into effect on June 1 this year, focuses on issues related to data leakage by business organizations. The bill requires that all types of organizations should effectively assume the responsibility of safeguarding data security, i.e. confidentiality, integrity and availability. It also needs to guarantee that individuals have safe and controllable access to their personal information.
Shi Xian Sheng introduced, in fact, as early as 2015, the State Council issued the "Outline of Action for Promoting the Development of Big Data", it is clear to "improve the security system of big data", "strengthen the security support, enhance the level of safety and reliability of infrastructure key equipment ".
"At present, many enterprises and organizations do not know how to improve their data security management capabilities, nor do they know what standards to base on as a measure." An industry source analyzed that the crux of the problem lies in the fact that domestic data security management is still in its infancy, and many enterprises and organizations have not set up a data security assessment system, or do not have a complete assessment of reference standards.
"Big Data Security Capability Maturity Model" has been submitted to the national standard application
During the Digital Expo, the reporter learned from the "Big Data Security Industry Practice Summit Forum" that in order to solve this problem, the National Information Security Standardization Technical Committee and other functional departments, together with the data security field, have been working together to develop a national standard. The National Information Security Standardization Technical Committee and other functional departments, in collaboration with standardization experts and scholars in the field of data security and industry representative enterprises, started to develop a set of assessment standards for the data security capabilities of organizations - "Big Data Security Capability Maturity Model", which is based on the Data Security Maturity Model (DSMM) proposed by Alibaba. Security Maturity Model, DSMM) proposed by Alibaba.
Bin Zheng, Director of Alibaba Group Security Department, introduces DSMM.
As the lead drafter of this standard project, Bin Zheng, Director of Alibaba Group Security Department, said the standard is the first draft of Alibaba based on the results of its own practical experience in data security management results of the DSMM formulated with the aim of sharing with the industry the experience of Ali to enhance the industry's overall security capabilities.
"The information security of Internet users has never been the business of a particular company enterprise." Zheng Bin said, "Big Data Security Capability Maturity Model" development also by the China Electronic Technology Standardization Institute, the National Center for Information Security Engineering and Technology Research, China Information Security Evaluation Center, Public Security three, Tsinghua University and Ali Cloud Computing Co. and other industry authority data security institutions, academic units enterprises, etc. *** with the cooperation of the comments.