In the era of big data, data has become a key production factor to promote economic and social innovation and development, and the openness and development based on data have promoted cross-organizational, cross-industry, and cross-geographical assistance and innovation, spawned all kinds of brand-new industrial forms and business models, and comprehensively activated the creativity and productivity of human beings.
However, while creating value for organizations, big data also faces serious security risks. On the one hand, the characteristics of the development of the data economy make the circulation and processing of data among different subjects an inevitable trend, which also breaks the boundaries of data security management and weakens the risk control ability of the main body of management; on the other hand, as the commercial value of data resources comes to the fore, the attacks on data, theft, misuse, hijacking and other activities continue to proliferate, and present the characteristics of industrialization, high-tech and transnationalization, which will have an impact on the level of governance of the national data ecosystem and the development of the national data ecosystem and the development of the business model. It poses brand new challenges to the level of data ecological governance of the country and the data security management capability of organizations. Under both internal and external pressures, major incidents of big data security are occurring frequently, and have become a major security issue of concern to the whole society.
Consolidating the major data security incidents at home and abroad in recent years, it is found that big data security incidents are presenting the following characteristics: (1) the causes of risk are complex and intertwined, with both external attacks and internal leaks, as well as technical loopholes and management deficiencies; both new risks triggered by new technologies and new modes, and also the persistent triggering of traditional security problems. (2) The scope of the threat covers the whole domain, and big data security threats permeate all aspects of the big data industry chain such as data production, circulation and consumption, including the provider of the data source, the provider of the big data processing platform, the provider of the big data analysis service, and other types of main bodies are the source of the threat; (3) The impact of the incident is significant and far-reaching. Data cloud-based storage leads to data risks present agglomeration and polarization effect, once the data leakage and its impact will go beyond the scope of technology and organizational boundaries, the economic, political and social fields, including the generation of major property losses, threats to life safety and change the political process.
With the advent of the era of data economy, comprehensively improving the security of data resources in cyberspace is the core task of the country's economic and social development, just like the governance of the environmental ecology, data ecological governance is facing an uphill battle, and the success or failure of the battle will determine the rights of citizens, the interests of enterprises, and the trust of society in the new era, and also will determine the development of the data economy and even the destiny and future of the country. To this end, we suggest focusing on the two dimensions of government and enterprise to comprehensively improve China's big data security
From the government's perspective, the report suggests continuing to improve the level of data protection legislation and constructing a cornerstone of trust in cyberspace; strengthening the capacity of cybersecurity law enforcement, and carrying out long-term governance of cyber blackmail; strengthening the governance of security in key areas, and safeguarding the country's data economy ecosystem; standardizing the development of the data circulation market, and guide the demand for legitimate data transactions; and scientifically carry out cross-border data supervision to effectively safeguard national data sovereignty.
From the perspective of enterprises, the report suggests that network operators need to standardize the rules of data exploitation and utilization, clarify data ownership, focus on strengthening the security management of personal data and key data, carry out life-cycle protection for collection, storage, transmission, processing, exchange and destruction, and strengthen their data security capabilities in terms of system flow, personnel capacity, organizational construction and technical tools. Construction.
Attached to the top ten typical events (chronological order):
1. Ransomware Attacks Worldwide
Keywords: cyberweapon leakage, ransomware, data encryption, bitcoin
On May 12, 2017, there was a worldwide outbreak of ransomware (WannaCry) infections targeting the Windows operating system. The ransomware utilized the previously leaked Windows SMB service vulnerability in the NSA cyber arsenal to carry out the attack, and the attacked files were encrypted, and users were required to pay Bitcoin to retrieve the files, or else the ransom was doubled or the files were completely deleted. Hundreds of thousands of users in more than 100 countries around the world have been hit, and domestic enterprises, schools, medical care, power, energy, banking, transportation and many other industries have suffered varying degrees of impact.
The discovery and utilization of security vulnerabilities has formed a large-scale global black industry chain. The leakage of the U.S. government's cyber arsenal has exacerbated the threat of hackers launching attacks using numerous unknown zero-day vulnerabilities.In March 2017, Microsoft has released a fix patch for the vulnerabilities utilized in this hacking attack, but too many users around the globe have not repaired and updated in a timely manner, coupled with the fact that numerous educational systems, hospitals, and other institutions are still using the Windows XP system, which has long since ceased to be securely updated by Microsoft, the lack of awareness of cybersecurity has shattered the security system. The lack of network security awareness has shattered the first line of defense for network security.
Similar incident: San Francisco's municipal subway system was infected with ransomware in November 2016, and ticket vending machines were forced to shut down as travelers were allowed to ride the light rail for free on Saturdays.
2. Jingdong internal employees suspected of stealing 5 billion pieces of user data
Keywords: corporate insiders, data trafficking, data internal permissions
March 2017, Jingdong and Tencent's security team teamed up to help the Ministry of Public Security to crack a large theft and trafficking of personal information of citizens, whose main suspects are internal employees of Jingdong. The employee only joined the company at the end of June 2016, and is still in the trial period, that is, the theft of personal information involving transportation, logistics, medical, social, banking and other personal information of 5 billion, through a variety of ways in the network black market trafficking.
In order to prevent data theft, companies spend huge sums of money every year to protect their information systems from hackers, yet the risk of loss due to data theft by insiders should not be underestimated. The huge profits from underground data trading and the disorganized internal management of enterprises have induced insiders to take the risk and supervise the theft, and cases of theft and trafficking of user data are common. According to the results of a survey released in 2016 by management consulting firm Accenture and other research organizations, 69% of the 208 enterprises surveyed had "had their data stolen or attempted to be stolen by insiders" in the past year. Failure to take effective data access rights management, identity management, data utilization control and other measures is the majority of enterprise data insiders data theft of the main reasons.
Similar incident: in April 2016, 5 million personal information of the U.S. Office of Child Support Enforcement was stolen by a former employee.
3. Yahoo Hacked with 1 Billion User Account Information Leaked
Keywords: breach attack, user passwords, Russian hackers
On September 22, 2016, global Internet giant Yahoo confirmed that at least 500 million user account information had been stolen in 2014, covering users' names, emails, phone numbers, dates of birth, and partial login passwords.On December 14, 2016, Yahoo again released a statement announcing that in August 2013, unauthorized third parties stole account information for more than one billion users.The two hacking attacks in 2013 and 2014 shared similarities in that hackers breached Yahoo's user account confidentiality algorithms and stole user passwords.In March 2017, U.S. prosecutors cited involvement in a Yahoo! users were affected by the cyberattack campaign, filed a criminal complaint against Russian intelligence officials.
Yahoo information leakage incident is the largest single website data leakage incident ever, at present, the massive user data of important commercial websites is the core assets of enterprises, but also civilian hackers and even state-level attacks on the important object, the key enterprise data security management is facing higher requirements, must establish a strict security capability system, not only need to ensure that the encryption of user data processing, the Precise control of access rights to data, and establish a flexible design program for network sabotage events, emergency response, and establish an emergency communication mechanism with regulatory authorities.
Similar events: In February 2015, the information system of Anthem, the second-largest health care insurer in the United States, was breached, and the records of nearly 80 million customers and employees suffered a leak.
4. SF insiders leaked user data
Keywords: resale of internal data permissions, malicious programs
August 26, 2016, the Hunan branch of SF Express Song was accused of "infringement of the crime of personal information of the citizens," was tried in the People's Court of Nanshan District, Shenzhen. Previously, SF as the express industry leader, there have been a number of internal personnel leak customer information events, modus operandi include personal mastery of the company's website account number and passwords sold to others; the preparation of malicious programs to download customer information in bulk; the use of multiple accounts to query the customer information in large quantities; through the purchase of the internal office system address, account number and password, invade the system to steal the information; the research and development staff from the database to export directly to the customer information. customer information, etc.
Shunfeng's series of data leakage incidents have exposed the shortcomings of data security management for insiders, and due to the development of data blackmail, internal and external collusion to steal user data for profiteering is spreading rapidly. Although SF's IT system has the ability to track down incidents after they occur, it is unable to issue warnings and risk prevention for the abnormal behavior of employees downloading data in bulk. Strict data control needs to be set up for insider data access and data desensitization is required in order to effectively ensure the safety of corporate data.
Similar events: In 2012, internal employees of 1Shop leaked 900,000 users' data with internal and external collusion.
5. Xu Yuyu was killed by telecom fraud
Keywords: security breach, dragging the library, personal data, precision fraud, blackmail
August 2016, high school candidate Xu Yuyu was cheated by telecom fraudsters of 9,900 yuan of tuition fees, and found that he had been cheated and then suddenly went into cardiac arrest, and passed away tragically. According to police investigations, the telecom fraudsters who cheated Xu Yuyu tuition information from the online illegal sale of personal information on the college entrance examination, and its source is hackers using security loopholes to invade the "Shandong Province 2016 college entrance examination online registration information system" website, downloaded more than 600,000 Shandong Province college entrance examination candidates data, the end of the college entrance examination began to sell illegally to telecom fraudsters on the Internet. The company's website has been sold illegally to telecom scammers.
In recent years, the theft and trade of citizens' personal information in China has formed a huge black industrial chain, and the leakage of personal data has driven a series of criminal activities such as telecom fraud and financial theft to become increasingly "precise" and "intelligent". The property and personal safety of the public poses a serious threat. The direct cause of this state of affairs is that our enterprises and institutions to collect user data in all aspects, but the low level of network security protection and data security management capabilities, so that hackers and ghosts can take advantage of the lack of personal information leakage of the user to inform the mechanism, increasing the harm and sustainability of criminal activities.
Similar incident: on August 23, 2016, Song Zhenning, a sophomore student in Linshu County, Shandong Province, suffered a cardiac arrest from telecom fraud and passed away.
6. Hillary's "Emailgate" campaign failure
Keywords: private email, official email, wikileaks, hacking
Hillary's "Emailgate" refers to Democratic presidential candidate Hillary Clinton's tenure as U.S. Secretary of State. Hillary Clinton, the Democratic presidential nominee, used a private email address and server to handle official business during her tenure as U.S. Secretary of State without prior notification to the State Department, and that thousands of unencrypted emails handled by Hillary contained state secrets. At the same time, Hillary failed to turn in all records of emails involving official business prior to leaving office, in violation of the State Department's regulations regarding the retention of federal information records.On July 22, 2016, after the U.S. Department of Justice announced that it was not charging Hillary, WikiLeaks began to release to the public the emails obtained by hackers after breaching the email systems of Hillary and her close associates, which ultimately led to the reopening of an investigation by the FBI, and Hillary's presidential campaign approval ratings plummeted.
As a key government official, Hillary lacked the necessary awareness of data security, and during her tenure as U.S. Secretary of State, she set up a private server to handle official emails in violation of federal information security management requirements, violating the U.S. Department of State's regulations on the "use of private mailboxes to send, receive, or store classified information as a violation of the law". The private email server lacked the necessary security protection and could not cope with high-level hacker attacks, resulting in the leakage of important data and being fully utilized by domestic and foreign political opponents, which ultimately led to the loss of the election.
Similar events: In March 2016, the Pentagon announced that hundreds of emails from US Secretary of Defense Ashton Carter had been sent via a private email address, and Carter again admitted that he had been negligent, but none of the emails in question were classified.
7. French Data Protection Agency Warns Microsoft of Excessive User Data Collection for Windows 10
Keywords: excessive data collection, informed consent, compliance, privacy protection
In July 2016, the French data protection regulator, the CNIL, sent a warning letter to Microsoft accusing it of using the Windows 10 system to collect excessive amounts of user data and tracked users' browsing behavior without their consent. At the same time, Microsoft did not take satisfactory measures to ensure the security and confidentiality of user data and did not comply with the EU Safe Harbor regulation because it saved user data on servers outside the user's country without the user's permission and enabled many data-tracking features by default without the user's permission. The CNIL gave Microsoft three months to fix these problems or face sanctions from the commission.
In the era of big data, all kinds of enterprises are fully exploiting the value of user data, which inevitably leads to excessive collection and exploitation of user data. As the protection of personal data becomes increasingly stringent globally, enterprises must strengthen legal compliance and compliance management in data collection, especially focusing on the protection of user privacy, and the acquisition of user personal data must meet the principles of "informed consent" and "data security" to ensure that the development of the organization's business will not be exposed to data security. The development of the organization's business will not face the risk of data security compliance. For example, the EU's new General Data Protection Regulation, which will be implemented in 2018, stipulates that the maximum penalties for violating the Regulation will be up to 4% of global revenue, which comprehensively raises the compliance risk of enterprise data protection.
Similar incident: in February 2017, Vizio, a subsidiary of LeEco, was fined $2.2 million for collecting user data in violation of the regulation.
8. Hacking the SWIFT system to steal $81 million from Bangladesh's central bank
Keywords: cyber-attacks, system control access, false instruction data, cyber-financial theft
On February 5, 2016, Bangladesh's central bank was hacked resulting in $81 million being stolen, and the attackers gained access to the operational access to the Bangladesh central bank's SWIFT system, and the attackers further sent fake SWIFT transfer instructions to the Federal Reserve Bank of New York. The Federal Reserve Bank of New York received a total of 35 transfer requests totaling $951 million, of which $81 million was successfully transferred and stolen, making it the largest cyber financial theft to date.
SWIFT is a globally important financial payment and settlement system, and is known for its security, reliability and efficiency. Hackers successfully attacked the system, indicating that the level of cybercrime technology is constantly improving, objectively requiring financial institutions and other critical infrastructures to continue to improve their network security and data protection capabilities, and financial system network security protection must strengthen the synergistic linkage of government and enterprises, and carry out the necessary international cooperation.The new U.S. State of New York financial regulations that came into effect on March 1, 2017, require all financial services institutions to deploy a cybersecurity program, appoint a chief information security officer, and monitor the cybersecurity policies of business partners. The financial regulatory requirements of the U.S. state of New York have set a benchmark for the global financial industry's cybersecurity regulation, and China's financial institutions also need to further define the cybersecurity responsibilities and obligations that they should fulfill, and implement cybersecurity responsibilities in a variety of aspects such as organizational structure, security management, and security technology.
Similar events: on December 2, 2016, the Central Bank of Russia agent account was hacked and 2 billion Russian rubles were stolen.
9. Hikvision security monitoring equipment has vulnerabilities controlled by overseas IP
Keywords: IoT security, weak password, vulnerability, remote hostage-taking
On February 27, 2015, the Public Security Department of Jiangsu Province, a special emergency notification that the Hikvision monitoring equipment used by public security organs at all levels in Jiangsu Province, there are serious security risks, and some of the equipment is controlled by overseas IP addresses. control. Hikvision issued a statement overnight on February 27, saying: Jiangsu Province Internet Emergency Response Center through the network traffic monitoring, found that part of the Hikvision equipment due to the weak password problem (including the use of the product initial password and other simple passwords) was hacked, resulting in the leakage of video data and so on.
IoT devices, represented by video surveillance and other devices, are becoming new targets for cyberattacks. IoT devices are widely available with weak passwords, unrepaired known vulnerabilities, insufficient product security reinforcement and other risks, and the ability to cope with cyberattacks after the device is connected to the Internet is very weak, providing a convenient way for hackers to remotely obtain control privileges, monitor real-time data, and carry out various types of attacks.
Similar events: In October 2016, hackers launched a zombie attack on the domain name service area by controlling IoT devices, leading to a large area of disconnection on the west coast of the United States.
10. 20 million domestic hotel occupancy information leaked
Keywords: personal privacy leakage, third-party storage, outsourced service data permissions, supply chain security
In October 2013, a domestic security vulnerability monitoring platform disclosed that Zhejiang Huida Yiyi Company, which provides digital guest room service providers for more than 4,500 hotels across the country, had been affected by a security vulnerability due to a security In October 2013, a domestic security vulnerability monitoring platform disclosed that Zhejiang Huida Yishang Company, a digital room service provider for more than 4,500 hotels nationwide, had leaked the occupancy data of the hotels with which it cooperated online due to security vulnerabilities. A few days later, a file named "2000w room data" appeared on the Internet, which contained 20 million personal information on hotel rooms, room data, room time between the second half of 2010 and the first half of 2013, including name, ID number, address, cell phone and other 14 fields, which involves A large number of user privacy, causing widespread concern throughout society.
Wi-Fi coverage in hotels is a regular service that has sprung up with the development of the hotel industry, and many hotels choose to cooperate with third-party network service providers, but there is a serious risk of data leakage in the actual data interaction. From the incident of Huida Stagecoach, on one hand, the hotels involved lacked management measures for personal information protection and failed to establish strict data management authority, which allowed the third-party service provider to get hold of a large amount of customer data. On the other hand, the third-party service provider, Huida Stagecoach, had a low level of network security encryption and failed to encrypt the transmitted data during the password verification process, resulting in serious system design flaws.