和谐英语

经济学人下载:商业活动与网络安全 鬼魅之声

2012-09-10来源:Economist

Business.
商业。

Businesses and cyber-security.
商业活动与网络安全。

A spook speaks.
鬼魅之声。

Its cost may be hard to count, but cybercrime has companies worried.
网络犯罪损失难料,公司企业忧心忡忡。

LIKE blooms on a peculiar plant, speeches by the head of the British security service are rare; and when they do appear, they draw attention. On June 25th Jonathan Evans, the director-general of MI5, burst into oratorical flower for the first time in 21 months. After commenting on preparations for the Olympic Games and on counter-terrorism, Mr Evans turned to cyber-security-where the "front line…is as much in business as it is in government." States as well as criminals were up to no good, he said: in particular, a "major London listed company with which we have worked" had lost revenue of "some £800m" ($1.2 billion) to state-sponsored cyber-attack. The firm in question had lost intellectual property and had been put at a disadvantage in commercial negotiations.
英国安全局的发言就如铁树开花一般罕见,而一旦他们发话了,便立即吸引众人目光。6月25日,军情五处的总干事Jonathan Evans在沉默了21个月后首次发表演讲。他先评价了奥运会准备工作和反恐的问题,接着便把话题转移到网络安全上——"在前线……企业和政府的遭遇没什么区别"。他说,国家和个人罪犯都不怀好意,尤其是国家给予经济支持的网络攻击,使得"部分受我们保护的主要伦敦上市企业"盈利损失近达"8亿英镑"(12亿美元)。遭受攻击的企业失去了知识产权,还会在商务谈判中处于劣势。

Examples and rumours abound of companies being burgled by cyberfrauds, cyberspooks or cyber-mischief-makers. On June 26th America's Federal Trade Commission sued Wyndham Worldwide, a hotel group, alleging that security failures at the company in 2008 and 2009 had led to the export of hundreds of thousands of guests' payment-card account numbers to a domain registered in Russia. The FTC says "millions of dollars" were lost to fraud. Wyndham says it knows of no customers who lost money and that the FTC's claims are "without merit".
关于公司企业遭受网络诈骗、网络幽灵或者网络恶作剧绑架的例子和传闻遍地开花。6月26日,美国联邦贸易委员会控告温德姆环球酒店公司,控诉其因安全疏忽致使08至09年客户的信用卡账号信息泄露,流入了一个在俄罗斯注册的域名。联邦贸易委员会称因受诈骗,"数百万美元"的资金遭受损失,而温德姆酒店方面则没有客户受害,联邦委员会的说法"毫无根据"。

The loss of industrial secrets is perhaps even more worrying to companies than that of their customers' credit-card data. Some think worry is overdue. Mark Anderson, the chairman of INVNT/IP, a new organisation of technology companies, says: "We are encouraged by discovering the number of global technology CEOs who have come to understand this issue and its importance to their own company welfare, regardless of the incentives and protestations offered by China, Russia and other nations known to actively steal IP."
恐怕对于企业来说,更可怕的是泄露商业机密而不是顾客信用卡数据被窃取,有些人认为现在才开始担心来得太迟。INVNT/IP是一家新成立的技术公司,他的总裁Mark Anderson说:"中国、俄罗斯和其他猖狂进行IP偷窃的国家如今一味发表声明以正其身,尽管如此,我们仍然备受鼓舞,因为我们发现世界上越来越多技术公司总裁意识到网络安全的问题及其对他们公司资产的重要性。

Working out the cost of cybercrime is a devil of a job. The FTC and Wyndham are poles apart on their estimates of the effect of the credit-card thefts. Companies say they are under constant cyber-attack in ever more ingenious forms, but they are loth to say in public how often the raiders get through and how much damage they do—assuming that the breach is spotted. That suggests the damage is underreported. When they are speaking to the security services they may be more forthcoming, but will they be accurate? Companies might anyway have lost some of the business written off to cybercrime. In that case, Mr Evans's £800m would be on the high side.
核算网络犯罪带来的成本损失让人避之若浼,联邦贸易委员会和温德姆酒店集团对信用卡盗窃的影响预估大相径庭。公司企业声称他们经常受到网络攻击,其形式更甚高明,但他们却不愿意公布,如果他们的漏洞被盯上的话,他们受入侵的次数以及受损程度会是多少,估计损失也被低估。他们可能会向安全局透露更多,但在这过程中他们会给出准确信息吗?企业的部分业务收入可能也与网络犯罪的损失勾销。在之前提到的事例中,Evan先生的8亿美金就算偏高了。

In a report by Britain's Cabinet Office last year, Detica, the software arm of BAE Systems, a defence company, put the cost of cybercrime to the country at a staggering £27 billion, or 1.8% of GDP. Businesses bore £21 billion, mostly because of the theft of secrets and industrial espionage. Lots of people doubted these numbers-including, it seems, the Ministry of Defence, which commissioned a study from a team led by Ross Anderson, a computer-security expert at Cambridge University.
据英国内阁办公厅去年的报告显示,主理防卫业务的英国BAE系统公司的附属公司Detica给其提供软件助理,Detica在去年投入到英国国内的网络犯罪防范成本惊人,达到270亿英镑,占了GDP的1.8%。他们的业务收入达到210亿英镑,大部分涉及偷取商业机密和行业间谍活动。包括国防部在内的许多人都质疑这份数据,国防部还特此委任了剑桥大学计算机安全专家Ross Anderson组织团队开展研究。

The team's report, published this month, shies away from adding up totals, preferring to assess the costs of different types of crime in turn, but comes up with much lower figures-partly because it discounts Detica's numbers for intellectual-property theft and espionage entirely, saying they have "no obvious foundation". Most of the cost of cybercrime, it concludes, is indirect, such as spending on antivirus software or other corporate defences. In other words, a lot goes on payments by one lot of businesses to another: the computer-security industry.
该团队于本月发布了报告,报告避而不谈损失总量,却反过来评估各种网络犯罪造成的不同损失,但是其估算出来的数据远远偏低——部分原因是他们完全不重视Detica关于知识产权窃取和商业间谍活动的数据,声称他们"没有明显基础"。该报告总结,大部分针对网络犯罪的成本损失都是间接的,比如说杀毒软件或其他公司防卫手段的支出。换句话说,大部分花费支付给了另一类行业:计算机安全保障行业。

That may be inevitable. Cyber-attacks are happening more often and are becoming more precisely targeted. Greg Day, the chief technology officer for security in the European business of Symantec, a computer-security firm, says that for years cybercrime was more or less "random", as crooks looked for any holes they could find anywhere. In the past couple of years, however, they have chosen their corporate targets more precisely. Symantec observed virtually no targeted attacks before Stuxnet, a worm that attacked industrial-control systems, appeared in 2010. Last December it spotted an average of 154 a day.
这是不可避免的,网络攻击越来越频繁,目标越来越精确。计算机安全公司赛门铁克的欧洲分公司技术总监Greg Day说,过去的网络犯罪多多少少有点"随机性",不法分子只是在到处找寻他们可以突破的漏洞而已。然而,在最近几年,他们更加有的放矢。据赛门铁克观察发现,2010年之前,没有任何网络受到过针对性攻击,后来,旨在攻击企业控制系统的蠕虫病毒Stuxnet出现了,这种情况就改变了,去年12月,每天就有154个系统受到这种病毒的攻击。

The bad guys are increasingly using social media to try to find a way in, either by gathering intelligence or by befriending employees who may be tricked into opening an e-mail with nasty code within. People, a security-industry adage runs, are the weakest link. Training them to be careful may still be the best defence.
越来越多坏蛋利用社交媒体进行黑客攻击活动,他们要么成群结队地展开活动,要么找易上当的雇员下手,欺骗他们打开含有恶意代码的电子邮件。正如安保行业的格言所说,人们是最脆弱的环节。因此,训练人们警惕小心可能仍是最好的防卫手段。