On July 2, 2022, the 2022 All-China Federation of Industry and Commerce Chairman High-end Summit and the National Excellent and Strong Private Enterprises Boost Heilongjiang High-quality Development Conference were held in Harbin. Qi Xiangdong, vice chairman of Beijing Federation of Industry and Commerce and chairman of Qi Anxin Group, issued a speech entitled “Enterprise Data Requirements”. “Three Defenses”: Anti-Illegal, Anti-Theft, Anti-Ransomware”, he pointed out that corporate data violations will face huge fines, and it is necessary to speed up the establishment of a self-certified technical system to protect corporate data security with endogenous security. 
“Illegal Prevention”: Enterprise data activities that violate the law will face national censorship, APP removal, and huge fines
Since the promulgation of the Cybersecurity Law in 2017, my country has successively promulgated a series of laws and regulations regulating data activities. Enterprise data often involves state secrets, corporate secrets and personal secrets.
“Does the chairman know that corporate data activities are illegal?” Qi Xiangdong pointed out that data activities involve a series of links, including collection, storage, use, sharing, destruction, etc., each of which faces national supervision. Enterprise data illegal will face many problems –
First, corporate data violations will face national censorship. Since July last year, many Chinese companies have been subject to cybersecurity review for suspected data violations, and data violations will affect their development; secondly, corporate data violations face the risk of APP removal. In 2018, my country has continuously carried out special rectification of apps infringing on the rights and interests of users. Nearly 3,000 illegal and illegal APPs have been notified and taken off the shelves due to illegal collection of personal information, big data killing, pop-up advertisements and other violations. The illegal data affects the company’s operations; , Enterprise data violations will also face huge fines. Since the implementation of the EU General Data Protection Regulation, a total of more than 1,200 fines have been issued, with a total fine of more than 1.581 billion euros, or about 11.05 billion yuan, involving Amazon, Google, WhatsApp and other large Enterprises, data illegality affects the company’s revenue.
On June 5, 2022, my country’s “Announcement on Carrying out Data Security Management Certification” requires companies to speed up the improvement of data security systems to prevent data violations. Qi Xiangdong suggested that enterprises should speed up the establishment of a technical system for self-certification, and use network security technology to ensure that corporate data can be reviewed, alerted, and self-certified.
“Anti-theft”: 82% of data theft involves human factors
Since corporate data involves all aspects, once the data is stolen, it may endanger national security, breed online fraud, and destroy corporate operations. In April 2022, the national security agency announced that some spies had stolen some data of my country’s telecom operators, airlines and other units and sent them overseas, damaging national interests.
“Does the chairman know that the company’s data has been stolen?” Because corporate data exists in various devices and various types of personnel in the company, according to Verizon’s “2022 Data Breach Investigation Report”, 82% of data breaches Human factors are involved.
Qi Xiangdong analyzed that there are two main reasons for data theft: “internal ghosts” and external attacks.
He said that the core of preventing “inner ghosts” is to manage privileges. Privileged accounts are the “keys” to the door to enterprise data, and are privileged accounts that access or operate important data in business processes. Therefore, the use of the right account management system and the linkage of the bastion machine can realize comprehensive management and control of privileged accounts.
To prevent external attacks, use API security guards to lock the API. The API interface is the neuron of the digital system and has a wide range of application scenarios. The number of API interfaces in a medium-sized digital enterprise may be as many as 100,000. Data theft through API interfaces has become the focus of cyber attacks. Use API security guards to control access to APIs and block network attacks against API vulnerabilities.
“Anti-ransomware”: Establish an endogenous security system to meet the needs of “three defenses”
Ransomware attacks have become an “epidemic” in the era of the digital economy. According to the forecast of Cybersecurity Ventures in the United States, in 2022, it is expected that a ransomware attack will occur every 11 seconds, and more than 3 million times a year. In March 2021, computer giant Acer was attacked by the REvil ransomware, and hackers paid a ransom of up to $50 million, or about RMB 325 million.
“Does the chairman know that corporate data has been extorted?” Qi Xiangdong said that the top priority for enterprises to prevent extortion is to do basic protection. Qi Anxin’s “five-piece set” to ensure data security: privileged account management, bastion machine, database audit, API security guard and data security situational awareness. The “five-piece set” can help enterprises consolidate basic security protection around important data assets and improve the overall protection level.
In addition, Qi Xiangdong also suggested that data security is a part of network security. To ensure data security, systematic defense work needs to be done well. Only by building an endogenous security system and strengthening the overall security capabilities can we finally meet the requirements of enterprise data security “anti-illegal laws”. “The actual needs of “anti-theft” and “anti-ransomware”.
It is reported that the conference was hosted by the All-China Federation of Industry and Commerce and the People’s Government of Heilongjiang Province, and organized by the Economic Service Department of the All-China Federation of Industry and Commerce, the Department of Commerce of Heilongjiang Province, and the Heilongjiang Provincial Federation of Industry and Commerce. . Relevant leaders of national ministries and commissions, relevant leaders of Heilongjiang Provincial Party Committee, Provincial Government and Provincial Political Consultative Conference, main responsible comrades of Heilongjiang Provincial Party Committee and Provincial Government departments, representatives of private enterprises, chambers of commerce and representatives of both parties in Heilongjiang Province were invited to attend. The conference aims to build momentum for emerging industries such as digital economy, biological economy, ice and snow economy, and creative economy in Heilongjiang Province. Leading enterprises and key enterprises will go to Longjiang to create a first-class business environment and create a new hot spot for investment. Fully empowered.
Leifeng.com
This article is reprinted from: https://www.leiphone.com/category/industrynews/65OpaOxi4WmySWBl.html
This site is for inclusion only, and the copyright belongs to the original author.