【英语财经】企业IT员工或成情报安全软肋 Foreign spy agencies recruiting IT staff, warns UK security chiefs

  • 【英语财经】企业IT员工或成情报安全软肋 Foreign spy agencies recruiting IT staff, warns UK security chiefs已关闭评论
  • A+
所属分类:双语财经

2014-5-6 13:11

小艾摘要: Foreign intelligence agencies are targeting IT workers at big businesses, hoping to recruit them to gain privileged access to sensitive computer systems, MI5 has warned British corporate chiefs.The gr ...
Foreign spy agencies recruiting IT staff, warns UK security chiefs
Foreign intelligence agencies are targeting IT workers at big businesses, hoping to recruit them to gain privileged access to sensitive computer systems, MI5 has warned British corporate chiefs.

The growing threat is one of the main cyber concerns the Security Service has warned of in high-level conversations with executives in recent months, which are being held to make companies boost their digital defences, according to Whitehall officials.

The national security risk assessment classes cyber attacks as a tier 1 threat to the country, meaning that they are both likely to occur and to have a significant impact.

While many businesses have focused on improving their protections against external cyber attacks, far fewer have adequate internal protections in place to guard against malicious actions by their own staff.

Grooming a source with access to highly sensitive information used to be a process that Cold War spymasters would spend years orchestrating, but now, even the most junior IT employees can be highly coveted intelligence assets thanks to their often wide-ranging network privileges.

IT department employees have been recruited to help foreign spies gain sensitive personnel information, steal corporate or national secrets and upload malware, security officials believe.

The threat of hostile countries such as Russia, China or Iran recruiting insiders for such aims – often with significant financial inducements – is being taken seriously by other western intelligence powers too. “Insider threats are the growing challenge,” said Paul Stockton, who until last year was US assistant secretary of defence, with responsibility for homeland defence and security. “The threat of espionage did not end with the Cold War.”

The theft by the junior security contractor Edward Snowden last year of a huge trove of state secrets has drawn particular attention to the problem, even though Mr Snowden was not in the employ of a foreign power.

“The highest risk employees, they’re not necessarily those at the highest levels of an organisation,” said Mr Stockton, who is now managing director of risk consultancy Sonecon. “Rather it is systems administrators and others who hold the keys to the IT kingdom that pose such significant potential threats.”

英国军情五处(MI5,即英国安全局(Security Service))警告英国企业领导人称,外国情报机构正将目标对准大公司的IT员工,希望招募他们,以获得敏感电脑系统的访问特权。

英国政府官员称,最近几个月,军情五处与企业高管进行了高层会谈,目的是要求企业增强数字防御,军情五处在会谈中针对一些主要网络担忧提出警告,这一日益加剧的威胁就是其中之一。

国家安全风险评估将网络攻击列为英国面临的一级威胁,这意味着网络攻击既很可能发生,又可能产生严重影响。

很多企业一直关注于增强对外部网络攻击的防御,但很少有企业采取足够充分的内部保护措施,防范内部员工的恶意行为。

在冷战期间,要培养一个有权访问高度敏感信息的情报提供者,间谍组织首脑需要花费多年时间策划,如今,即便是职位较低的IT员工也可能会成为极为宝贵的情报资产,因为他们通常具有广泛的网络特权。

安全官员认为,一些企业IT员工已被招募,帮助外国间谍获取敏感个人信息、窃取公司或国家机密并上传恶意软件。

俄罗斯、中国或伊朗等敌对国家可能会以这种目的招募内部人士(通常以大量金钱作诱惑),其他西方情报机构也正严肃对待这类威胁。“内部人威胁正成为日益严峻的挑战,”负责美国国土防卫和安全的前美国国防部助理部长保罗?斯托克顿(Paul Stockton)表示,“间谍威胁不会随着冷战的结束而消失。”斯托克顿于去年卸任。

去年,职位很低的美国安全部门合同工爱德华?斯诺登(Edward Snowden)窃取了大量国家机密,这引发了人们对这个问题的特别关注,尽管斯诺登并非受雇于外国间谍机构。

“风险最高的员工不一定处于组织最高层,”现任风险咨询机构Sonecon董事总经理的斯托克顿表示,“构成重大潜在威胁的,是系统管理员和持有通向IT王国钥匙的其他员工。”

译者/梁艳裳

本文关键字:财经英语,小艾英语,双语网站,财经双语,财经资讯,互联网新闻,ERWAS,行业解析,创业指导,营销策略,英语学习,可以双语阅读的网站!
  • 我的微信
  • 这是我的微信扫一扫
  • weinxin
  • 我的微信公众号
  • 我的微信公众号扫一扫
  • weinxin