With the year almost coming to a close, there is a need for reflection and tweaks in various business departments in a bid to navigate the new year — 2021 — more effectively. When it comes to cybersecurity, in particular, getting acquainted with the emerging issues in the sector and acting in accordance with them can help companies stay abreast of any challenges that might arise.

随着即将到来的一年，各个业务部门都需要进行反思和调整，以期更有效地应对2021年新的一年。 特别是在网络安全方面，熟悉该领域中正在出现的问题并采取相应的行动可以帮助企业紧贴可能出现的任何挑战。

Note, failure to take note of emerging trends in cybersecurity, relying on outdated systems, as well as, lack of adequate information on today’s security concerns poses a significant risk for companies. For these reasons, business executives always need to be updated on the state of cybersecurity to ensure prosperity.

请注意，未能注意网络安全的新兴趋势，依赖于过时的系统以及缺乏有关当今安全问题的足够信息，对公司构成了重大风险。 由于这些原因，业务主管始终需要更新网络安全状况，以确保繁荣。

Despite the fact that artificial intelligence itself becomes a new attack surface, it is effectively used as a powerful weapon against cyber threats. Let’s see what artificial intelligence brings to the table and what other trends continue to be dominant in this realm.

尽管人工智能本身已成为一种新的攻击面，但它已有效地用作抵御网络威胁的强大武器。 让我们看看人工智能带来了什么，以及其他什么趋势继续在这个领域占主导地位。

网络安全与合规之间的平衡将继续被优先考虑 (The balance between cybersecurity and compliance will continue to be prioritized)

The adverse effects of cyberattacks on businesses and people have pushed administrative bodies to enact various regulations and compliance measures. It is all in a bid to offer more protection, especially to establishments that have not paid much attention to cybersecurity issues.

网络攻击对企业和人民的不利影响促使行政机构制定各种法规和合规措施。 所有这些都是为了提供更多保护，尤其是对于那些对网络安全问题不太重视的机构。

In May of 2018, for instance, the General Data Protection Regulation was implemented, becoming one of the significant legal precedents in this sector. While companies need to abide by this regulation, they should also brace themselves for other laws in 2020 and beyond. Remember, failure to comply with these rules can be very costly, as already evidenced by GDPR’s hefty fines on British Airways and the Marriot hotel chain. As such, it essential to ensure that your cybersecurity measures are in line with the relevant legal obligations.

例如，2018年5月实施了《通用数据保护条例》 ，成为该领域的重要法律先例之一。 尽管公司需要遵守该法规，但它们也应该为2020年及以后的其他法律做好准备。 请记住，不遵守这些规则可能会造成巨大的损失，正如GDPR对英国航空公司和Marriot酒店连锁店的巨额罚款所证明的那样。 因此，确保您的网络安全措施符合相关法律义务至关重要。

With that cleared out, even though complying to set regulations is necessary, companies must heed the fact that IT compliance does not necessarily translate to IT security. Nonetheless, in 2020, going forward, businesses must implement essential cybersecurity measures while also abiding by the set rules of play.

清除这些漏洞后，即使必须遵守既定法规，公司也必须注意以下事实：IT遵从性不一定转化为IT安全性。 尽管如此，在2020年之前，企业必须实施必要的网络安全措施，同时还要遵守既定的游戏规则。

影子信息技术将继续成为威胁 (Shadow information technology will continue to be a threat)

The things that companies do not know about their areas of operation form some of their fast-evolving threats. Shadow information technology — the use of hardware and software internally without revealing the same to the entire department- is the term for this situation. Case in point, the use of personal data storage accounts for enterprise information or the use of Software-as-a-Service that is acquired and utilized without the knowledge of IT departments.

公司对其运营领域一无所知的事情构成了他们快速发展的威胁。 影子信息技术-内部使用硬件和软件而不向整个部门透露-是这种情况的术语。 例如，使用个人数据存储来获取企业信息，或者使用在IT部门不了解的情况下获得和使用的软件即服务。

Most of the time, when tech executives have no idea what is being used in their teams, it becomes hard for them to manage security issues and ensure that laws are observed. The Internet of Things, for instance, is plagued by this problem. Its total installed base of linked gadgets is forecasted to reach about 75.44 billion in 2025 across the planet. However, a notable fraction of these devices is undocumented and unrestricted.

大多数时候，当技术主管不知道团队中正在使用什么时，他们很难管理安全问题并确保遵守法律。 例如，物联网受此问题困扰。 预计到2025年，全球小工具的安装总量将达到约754.4亿。 但是，这些设备中有相当一部分是未记录且不受限制的。

In light of this information, companies should endeavor to stay aware of the shadow IT while keeping a close eye on the use of the Internet of Things by documenting gadgets where possible. There is also a need for a holistic approach in this situation that entails the implementation and supervision and security measures to ensure suspicious activities are identified fast.

根据这些信息，公司应该努力保持对影子IT的了解，同时通过记录可能的小工具来密切关注物联网的使用。 在这种情况下，还需要采取一种整体方法，要求采取实施，监督和安全措施，以确保Swift识别可疑活动。

随着新时代网络钓鱼的泛滥，网络卫生将继续至关重要 (With the proliferation of new-age phishing, cyber hygiene will continue to be paramount)

Classic phishing has become less effective as more people have become aware of the scheme, managing to safeguard themselves better. Consequently, the attackers have since evolved becoming smarter and skilled enough to decipher the most impenetrable cybersecurity algorithms. Today, while the level of phishing has gone significantly lower, the vice has become more targeted. Nowadays, phishing attacks aim at a particular employee, with more elaborate measures intended for collecting information and other credentials from the victim. While it might seem isolated, this is often a part of a more significant attack.

随着越来越多的人意识到该计划，并设法更好地保护自己，经典的网络钓鱼已变得无效。 因此，攻击者自此变得更加聪明和熟练，可以破译最难以理解的网络安全算法。 如今，尽管网络钓鱼的水平已大大降低，但副手却变得更有针对性。 如今，网络钓鱼攻击针对的是特定的员工，其措施旨在从受害者那里收集信息和其他凭证。 尽管它似乎是孤立的，但这通常是更重要的攻击的一部分。

To counter such organized attacks, companies should implement cyber hygiene best practices such as:

为了应对此类有组织的攻击，公司应实施网络卫生最佳实践，例如：

• User education用户教育
• The adoption of preventive measures, i.e., reporting of unsolicited emails for quick action采取预防措施，即报告未经请求的电子邮件以快速采取措施
• Multiple factor authentication多因素认证
• Multi-authorization.多重授权。

主动采取安全措施仍然至关重要 (A proactive approach to security is still paramount)

Cyber attacks are guaranteed to evolve, becoming more intelligent (for example, APTs) than in the past. As such, as it is already happening, businesses will continue to adopt innovative security strategies to ensure regular system checks as well as mitigation.

可以保证网络攻击不断发展，比过去变得更加智能(例如APT)。 因此，企业已经继续采用创新的安全策略，以确保定期进行系统检查和缓解。

Businesses will continue leveraging new technologies, for example, machine learning and artificial intelligence, to better plan for attacks. Apart from that, they will put in place policies that spell out the various things to be done after a security breach.

企业将继续利用机器学习和人工智能等新技术来更好地计划攻击。 除此之外，他们还将制定策略，阐明安全漏洞后应采取的各种措施。

为什么人工智能是未来 (Why artificial intelligence is the future)

With the increasing adoption of advanced security analytics, there will be a need to keep embracing the automation of artificial intelligence. This way, companies will increase the effectiveness of security teams while enabling them to respond to issues quickly. Also, worth noting is artificial intelligence will help information technology departments to assess risks and model possible threats.

随着高级安全分析技术的日益普及，将需要不断拥抱人工智能的自动化。 这样，公司将提高安全团队的效率，同时使他们能够快速响应问题。 此外，值得注意的是，人工智能将帮助信息技术部门评估风险并为可能的威胁建模。

The use of AI in cybersecurity enables analysts to address the threats confidently and quickly.

人工智能在网络安全中的使用使分析师能够自信而Swift地应对威胁。

• Artificial intelligence is trained to learn and improve its knowledge dealing with a huge amount of data.培训人工智能以学习和提高其处理大量数据的知识。
• AI cyber solutions apply reasoning to detect the relations between threats, like shady IP addresses or malware enabling analysts to detect issues faster.AI网络解决方案运用推理来检测威胁之间的关系，例如阴暗的IP地址或恶意软件，使分析人员能够更快地检测到问题。
• The application of artificial intelligence in security removes the necessity of conducting time-consuming research and provides carefully selected risk analysis.人工智能在安全中的应用消除了进行耗时的研究的必要性，并提供了精心选择的风险分析。

Surely, it doesn’t mean that they can substitute human brains. AI cyber solutions are incredible assistants to analysts working with cybersecurity algorithms. Combining the strengths of both human and machine intelligence it is possible to provide actionable insights.

当然，这并不意味着它们可以代替人的大脑。 AI网络解决方案是使用网络安全算法的分析师的不可思议的助手。 结合人与机器智能的优势，可以提供可行的见解。

机器学习与网络安全 (Machine learning and cybersecurity)

Machine learning is a part of AI that emulates human brain activities like learning from experience and is able to sort through millions of files to uncover a potential hazard and perform particular safety measures to prevent attacks.

机器学习是AI的一部分，它可以模仿人类的大脑活动，例如从经验中学习，并且能够对数百万个文件进行分类以发现潜在危害并执行特定的安全措施来防止攻击。

机器学习安全性问题 (Machine learning security issues)

Machine learning used in cybersecurity as a shield, however it can be a hazard itself.

机器学习在网络安全中被用作防护，但是它本身可能是一种危害。

Hackers are taking advantage of machine learning too with a view to achieving automated hacks that sabotage data security. The ‘bad actors’ are launching savvier attacks after studying and analyzing the machines on target and identifying vulnerabilities on the go.

黑客也利用机器学习来实现破坏数据安全性的自动化黑客。 在研究和分析目标机器并确定移动中的漏洞之后，“不良行为者”正在发起更猛烈的攻击。

最后的话 (Final words)

As we go into the future, there is a guarantee for impressive advancements in technology as well as the arrival of new measures to improve cybersecurity. However, as the developments come in, emerging cyber threats will too. As such, it is essential for information technology team leaders to ensure that they are always conversant with the latest security developments. Apart from updating their knowledge, they should consider partnering with reliable security partners to secure their systems effectively.

展望未来，我们可以保证技术的显着进步以及新措施的出现，以提高网络安全性。 但是，随着事态的发展，新兴的网络威胁也将出现。 因此，对于信息技术团队负责人而言，确保他们始终熟悉最新的安全开发至关重要。 除了更新知识外，他们还应考虑与可靠的安全合作伙伴合作以有效保护其系统。

Contact inVerita to get a free consultation about artificial intelligence in cybersecurity.

联系inVerita，以获取有关网络安全中人工智能的免费咨询。

Originally published at inveritasoft.com on September 3, 2020

最初于2020年9月3日发布在inveritasoft.com上