In the era of big data, data has become a key production factor to promote economic and social innovation and development. The opening and development based on data has promoted cross-organization, cross-industry and cross-regional assistance and innovation, spawned various brand-new industrial forms and business models, and fully activated human creativity and productivity.
However, while creating value for the organization, big data also faces severe security risks. On the one hand, the development characteristics of data economy make the circulation and processing of data among different subjects an inevitable trend, which also breaks the boundary of data security management and weakens the risk control ability of management subjects; On the other hand, with the prominent commercial value of data resources, activities such as attacking, stealing, abusing and hijacking data continue to flood, showing the characteristics of industrialization, high technology and internationalization, which poses new challenges to the national data ecological governance level and the organization's data security management ability. Under the dual pressure of internal and external, major incidents of big data security occur frequently, which has become a major security issue of concern to the whole society.
Based on the discovery of major data security incidents at home and abroad in recent years, big data security incidents are showing the following characteristics: (1) The risk causes are complicated and intertwined, including external attacks, internal leaks, technical loopholes and management defects; There are not only new risks caused by new technologies and new modes, but also the constant triggering of traditional security problems. (2) The threat scope covers the whole world, and the threat of big data security permeates all aspects of the big data industry chain such as data production, circulation and consumption, including data source providers, big data processing platform providers and big data analysis service providers. All these are sources of threats; (3) The event has a significant and far-reaching impact. The cloud storage of data leads to the aggregation and polarization effect of data risks. Once data leakage occurs, its impact will go beyond the technical scope and organizational boundaries, and it will have an impact on the economic, political and social fields, including causing huge property losses, threatening life safety and changing the political process.
With the advent of the era of data economy, comprehensively improving the security of cyberspace data resources is the core task of national economic and social development. Just like the governance of environmental ecology, the governance of data ecology is facing an arduous battle. The success or failure of this campaign will determine the rights of citizens, the interests of enterprises and the trust of society in the new era, and will also determine the development of data economy and even the fate and future of the country. To this end, we suggest starting from the two dimensions of government and enterprises to comprehensively improve the security of big data in China.
From the perspective of the government, the report proposes to continuously improve the level of data protection legislation and build a cornerstone of trust in cyberspace; Strengthen the ability of network security law enforcement and carry out long-term governance of network black products; Strengthen security governance in key areas and maintain the national data economy ecology; Standardize the development of the data circulation market and guide the demand for legitimate data transactions; Scientifically carry out cross-border data supervision and effectively protect national data sovereignty.
From the perspective of enterprises, the report suggests that network operators need to standardize the rules of data development and utilization, clarify the data ownership relationship, focus on strengthening the security management of personal data and key data, protect all links such as collection, storage, transmission, processing, exchange and destruction, and strengthen the capacity building of data security from the aspects of institutional processes, personnel capacity, organizational construction and technical tools.
Attached are ten typical events (in chronological order):
1. Attacked by ransomware all over the world.
Keywords: network weapon leakage, ransomware, data encryption, bitcoin.
On May 17, 12, 2065438, a ransomware (WannaCry) infection incident against Windows operating system broke out worldwide. The ransomware exploits the WindowsSMB service vulnerability leaked by the National Security Agency's network arsenal. The attacked file is encrypted, and the user must pay bitcoin to retrieve the file, otherwise the ransom will be doubled or the file will be completely deleted. Hundreds of thousands of users in more than 0/00 countries around the world have been recruited, and domestic enterprises, schools, medical care, electricity, energy, banking, transportation and other industries have been affected to varying degrees.
The development and utilization of security vulnerabilities has formed a large-scale global black industrial chain. The leakage of the US government's network arsenal has intensified the threat of hackers using many unknown zero-day vulnerabilities to launch attacks. On March 20 17, Microsoft released a patch to fix the vulnerability exploited by this hacker attack. However, too many users around the world failed to fix the update in time. In addition, many educational systems and hospitals are still using Windows XP, and Microsoft has stopped security updates. The lack of awareness of network security has defeated the first line of defense of network security.
Similar events: 20 16 10, 165438, the San Francisco municipal subway system was infected with ransomware, the ticket vending machines were forced to close, and passengers took the light rail for free on Saturday.
2.JD。 COM employees are suspected of stealing 5 billion user data.
Keywords: enterprise insider, data trafficking, internal authority of data
2065438+March 2007, JD.COM joined hands with Tencent's security team to help the Ministry of Public Security solve a case of stealing and selling citizens' personal information. The main suspect is an employee of JD.COM. This employee only joined the company at the end of June, 2065438+2006, and is still in the probation period, that is, stealing 5 billion pieces of personal information related to transportation, logistics, medical care, social networking, banking, etc., and selling them on the online black market through various means.
In order to prevent data from being stolen, enterprises spend huge sums of money every year to protect information systems from hackers. However, the risk of losses caused by insiders stealing data should not be underestimated. The huge profits of underground data transactions and the disorder of internal management of enterprises induce insiders to take risks and steal, steal and sell user data from the inside. According to a survey released by management consulting firm Accenture and other research institutions in 20 16, among the 208 companies surveyed, 69% were "stolen or attempted to steal data by insiders" in the past year. Failure to take effective measures such as data access authority management, identity authentication management and data use control is the main reason for the theft of personnel data in most enterprises.
Similar events: 2065438+April 2006, 5 million pieces of personal information of the American Child Support Executive Office were stolen by former employees.
3. Yahoo was hacked, and 654.38 billion user account information was leaked.
Keywords: vulnerability attack, user password, Russian hacker
On September 22nd, 20 16, the global Internet giant Yahoo confirmed that at least 500 million user account information was stolen in 20 14, including user's name, email address, telephone number, date of birth and partial login password. 20 16 12 14, Yahoo issued a statement again, announcing that in August of 20 13, unauthorized third parties stole the account information of more than 10 billion users. The two hacker attacks on 20 13 and 20 14 are similar, both of which are hackers who cracked the Yahoo user account security algorithm and stole the user password. 2065438+In March 2007, American prosecutors filed criminal proceedings against Russian intelligence officials on the grounds that they participated in the cyber attacks on Yahoo users.
Yahoo information disclosure is the biggest single website data disclosure event in history. At present, the massive user data of important commercial websites is the core asset of enterprises, and it is also an important target of private hackers and even national attacks. The data security management of key enterprises is facing higher requirements, and it is necessary to establish a strict security capability system, not only to ensure the encryption of user data, but also to accurately control the access rights of data, to establish an elastic design scheme for network damage events and emergency response, and to establish an emergency communication mechanism with regulatory authorities.
Similar events: 2065438+February 2005, the information system of Anthem Company, the second largest health insurance company in the United States, was breached, and the records of nearly 80 million customers and employees were leaked.
4. SF staff leaked user data.
Keywords: allowing resale of internal data and malicious programs.
20 16 On August 26th, Song of SF Express Hunan Branch was tried in Shenzhen Nanshan District People's Court for the crime of infringing citizens' personal information. Previously, SF, as a leader in the express delivery industry, had many incidents in which insiders leaked customer information. The modus operandi includes selling personal company website accounts and passwords to others; Write malicious programs to download customer information in batches; Use multiple accounts to query customer information in large quantities; By buying the address, account number and password of the internal office system, hacking into the system to steal information; R&D personnel directly export customer information from the database.
A series of data leakage incidents of SF Express exposed the shortcomings of internal personnel data security management. Due to the development of black data production, the phenomenon of collusion between internal and external users to steal user data for profiteering is spreading rapidly. Although SF's IT system has the tracing ability after the incident, it can't warn and prevent employees from downloading data in batches. It is necessary to set up strict data control to desensitize the data of internal personnel and effectively ensure the security of enterprise data.
Similar incidents: Store 20 12 1 Internal personnel colluded with the resigned and external personnel to disclose 900,000 user data.
5. Xu Yuyu died of telecom fraud.
Key words: security vulnerability, database drag and drop, personal data, precision fraud, black production.
2065438+August 2006, Xu Yuyu, a college entrance examination student, was defrauded of 9900 yuan by telecom fraudsters, and died of cardiac arrest after being found cheated. According to the police investigation, the information of telecom fraudsters who defrauded Xu Yuyu's tuition fees came from the personal information of college entrance examination illegally sold online. The source was that hackers used security loopholes to invade the website of "Shandong 20 16 College Entrance Examination Online Registration Information System", downloaded more than 600,000 pieces of data of college entrance examination candidates in Shandong Province, and began to illegally sell them to telecom fraudsters online after the college entrance examination.
In recent years, a huge black industrial chain has been formed against the theft and transaction of China citizens' personal information. The leaked personal data has promoted a series of criminal activities, such as telecom fraud and financial theft, to be increasingly "precise" and "intelligent", posing a serious threat to the public's property and personal safety. The direct cause of this situation is that our state-owned enterprises and institutions collect all-round user data. However, the low level of network security protection and the lack of enterprise data security management ability give hackers and insiders an opportunity. The lack of user notification mechanism after the disclosure of personal information increases the harmfulness and persistence of criminal activities.
Similar incident: On August 23, 20 16, Song Zhenning, a sophomore in Linshu County, Shandong Province, died of sudden cardiac arrest due to telecom fraud.
6. Hillary Clinton encountered a "mail door" and failed in the election.
Keywords: private mail, official mail, Wikileaks, hackers
Hillary Clinton's "mail door" means that during her tenure as US Secretary of State, Democratic presidential candidate Hillary Clinton used private mailboxes and servers to handle official business without prior notice to relevant departments in the State Council. Thousands of unencrypted emails handled by Hillary Clinton contained state secrets. At the same time, Hillary Clinton didn't have any official mail records of Shanghai Stock Exchange before she left office, which violated the State Council's relevant regulations on the preservation of federal information records. 2065438+On July 22nd, 2006, after the US Department of Justice announced that it would not accuse Hillary Clinton, Wikileaks began to publish the emails obtained after hackers invaded Hillary Clinton and her cronies' email system, which eventually led to the resumption of the investigation by the US Federal Bureau of Investigation, and Hillary Clinton's support rate for running for the presidency plummeted.
As an important government official, Hillary lacks the necessary awareness of data security. During her tenure as US Secretary of State, she set up a server to handle official mail without permission, which violated the federal information security management requirements and the State Council's regulations that it is illegal to use a private mailbox to send, receive or store confidential information. The mail server built privately lacks the necessary security protection and cannot cope with the attacks of high-level hackers, which leads to the leakage of important data, which is fully utilized by political opponents at home and abroad, and ultimately leads to the defeat of the general election.
Similar events: 2065438+March 2006, the Pentagon announced that hundreds of emails from US Secretary of Defense ashton carter were sent by private mail. Carter once again admitted that he was wrong, but none of the related emails were confidential.
7. The French Data Protection Agency warned Microsoft that Windows 10 collected too much user data.
Keywords: excessive data collection, informed consent, compliance, privacy protection
On July 20 16, CNIL, the French data protection regulator, sent a warning letter to Microsoft, accusing Microsoft of using Windows 10 system to collect too much user data and tracking users' browsing behavior without users' consent. At the same time, Microsoft did not take satisfactory measures to ensure the security and confidentiality of user data, nor did it comply with the "safe harbor" regulations of the European Union, because it saved user data to a server outside the user's country without the user's permission, and turned on many data tracking functions by default without the user's permission. CNIL limited Microsoft to solve these problems within three months, or face sanctions from the Committee.
In the era of big data, all kinds of enterprises are fully tapping the value of user data, which will inevitably lead to excessive collection and development of user data. With the increasingly strict protection of personal data in the world, enterprises must strengthen legal and compliance management when collecting data, especially paying attention to the protection of users' privacy. When obtaining users' personal data, the principles of "informed consent" and "data security" must be followed to ensure that the development of the organization's business will not face the risk of data security and compliance. For example, the EU's new general data protection regulation, which will be implemented on 20 18, stipulates that the maximum penalty for enterprises violating this regulation will reach 4% of global revenue, which comprehensively enhances the compliance risk of enterprise data protection.
Similar events: 2065438+February 2007, Vizio, a subsidiary of LeTV, was fined $2.2 million for illegally collecting user data.
8. Hackers attacked the SWIFT system and stole $8,654,380,000 from the Central Bank of Bangladesh.
Keywords: network attack, system control authority, false command data, network financial theft.
2065438+February 5, 2006, Bangladesh Central Bank was hacked, resulting in the theft of 8 1 10,000 USD. The attacker obtained the operating authority of the SWIFT system of the Bangladeshi Central Bank through cyber attacks or other means, and further sent false SWIFT transfer instructions to the Federal Reserve Bank of new york. The Federal Reserve Bank of new york received 35 transfer requests with a total amount of 95 1 10,000 US dollars, of which 8 1 10,000 US dollars was successfully transferred and stolen, making it the biggest theft case of online finance so far.
SWIFT is an important financial payment and settlement system in the world, which is famous for its safety, reliability and efficiency. Hackers successfully attacked the system, indicating that the technical level of cyber crime is constantly improving. Objectively, it is required that the network security and data protection capabilities of key infrastructure such as financial institutions continue to improve. The network security protection of the financial system must strengthen the coordination between the government and enterprises and carry out necessary international cooperation. The new financial regulations of New York State came into effect on March 17, 2007, requiring all financial services institutions to deploy network security plans, appoint chief information security officers, and monitor the network security policies of business partners. New york's financial supervision requirements set a benchmark for global financial network security supervision. China's financial institutions also need to further clarify the responsibilities and obligations of network security, and implement network security responsibilities in organizational structure, security management and security technology.
Similar events: February 2, 20 16, 16, the agent account of the Russian central bank was hacked and 2 billion Russian rubles were stolen.
9. Hikvision security monitoring equipment has loopholes and is controlled by overseas IP.
Key words: Internet of Things security, weak password, vulnerability, remote hijacking.
On February 27th, 20 15, the Jiangsu Provincial Public Security Department issued an urgent notice that Hikvision monitoring equipment used by public security organs at all levels in Jiangsu Province had serious security risks, and some of the equipment was controlled by overseas IP addresses. Hikvision issued a statement overnight on February 27th, saying: Jiangsu Internet Emergency Center found that some Hikvision devices were hacked due to weak passwords (including using simple passwords such as initial product passwords), resulting in video data leakage.
Internet of things devices such as video surveillance are becoming new targets of cyber attacks. There are many risks in IOT devices, such as weak passwords, known vulnerabilities that have not been fixed, and insufficient product security reinforcement. After the device is connected to the Internet, its ability to deal with network attacks is very weak, which provides convenience for hackers to gain control, monitor real-time data and carry out various attacks remotely.
Similar events: 20 16, 10 In June, hackers launched a zombie attack on the domain name service area by controlling the Internet of Things devices, which led to a large-scale disconnection of the west coast of the United States.
120 million domestic hotel check-in information was leaked.
Keywords: personal privacy disclosure, third-party storage, outsourcing service data rights, supply chain security
20 13,10 June, the domestic security vulnerability monitoring platform revealed that Zhejiang Huida Inn Company, which provides digital room service providers for more than 4,500 hotels nationwide, leaked the check-in data of the hotels it cooperated with online because of security vulnerabilities. A few days later, a file named "2000w Room Opening Data" appeared on the Internet, which contained 20 million pieces of personal information about hotel room opening. In the room opening data, the room opening time is from the second half of 20 10 to the first half of 20 13, including name, ID number, address, mobile phone and other 14 fields, which involve
Hotel Wi-Fi coverage is a routine service that rises with the development of hotel industry. Many hotels choose to cooperate with third-party network service providers, but there is a serious risk of data leakage in actual data interaction. Judging from the Huida Station incident, on the one hand, the hotels involved lacked management measures to protect personal information and failed to formulate strict data management authority, which made the third-party service providers master a large amount of customer data. On the other hand, the third-party service provider Huida Post Company has a low level of network security encryption, and does not encrypt the transmitted data during the password verification process, which has serious system design defects.