企业安全可能是一团糟:构建安全意识文化
1 分•作者: rezliant•7 个月前
你的高管团队理解这一点。他们批准了预算,在董事会会议上提到安全问题,他们明白其中的利害关系。你不再需要在高层争取认可了。
但当你看看实际发生在基层三级的情况时,就会发现问题。市场营销团队在共享社交媒体账号的凭据。销售团队抵制多因素身份验证(MFA),因为它会增加登录时间。开发人员将 API 密钥存储在公共存储库中,因为这比批准的方法更快。远程员工在不安全的网络上工作,对此毫不在意。
高管的承诺是有的,但全公司的行为却并非如此。而这种差距正是安全漏洞发生的地方。
这就是让安全主管夜不能寐的挑战。你得到了来自上级的授权,但将其转化为由成千上万有着完全不同优先事项的人每天做出的决策,则是完全不同的另一回事。
查看原文
Your executive team gets it. They've approved the budget, they mention security in board meetings, they understand the stakes. You're not fighting for recognition at the top anymore.<p>But then you look at what's actually happening three levels down. The marketing team is sharing credentials to social media accounts. Sales is pushing back on MFA because it adds seconds to their login process. Developers are storing API keys in public repositories because it's faster than the approved method. Remote employees are working from unsecured networks and don't think twice about it.<p>The executive commitment is there. The company-wide behavior isn't. And that gap is where breaches happen.<p>This is the challenge that keeps security leaders up at night. You have the mandate from above, but translating that into thousands of daily decisions made by people who have completely different priorities is a different game entirely.