程序员不关心warning_我们仍然不太关心安全性

With many of us stuck inside our homes, a pandemic like COVID-19 is an apt opportunity for hackers to strike. But even as ample awareness takes place, the average consumer doesn’t care about security as much as they should. Why is that? In a word, convenience.

由于我们许多人都被困在家里，因此像COVID-19这样的大流行病是黑客罢工的合适机会。 但是，即使有了足够的意识，普通消费者对安全性的关注程度也没有达到应有的水平。 这是为什么？ 总之，方便。

Take Zoom. Remember those few days where almost everyone reported about Zoom’s many security issues? Governments and tech giants publicly banned employees from using the software. Yet, there seems to be no slowdown of Zoom meetings. Even media platforms that reported about Zoom’s security issues continue to use the software publicly. Times like these, convenience is so important. Particularly when it involves technology.

进行缩放。 还记得过去几天里几乎每个人都报告过Zoom的许多安全问题吗？ 政府和科技巨头公开禁止员工使用该软件。 但是，Zoom会议似乎并没有放缓。 即使报道了Zoom的安全问题的媒体平台也继续公开使用该软件。 在这样的时代，便利是如此重要。 特别是涉及技术时。

In Zoom’s case, the value offering as a means of convenience far outweighs the cons for the normal user. When you’re trying to make a living amidst a global pandemic, you would want technology to make things easier for you.

在Zoom的情况下，作为便利手段提供的价值远远超过了普通用户的弊端。 当您试图在全球性大流行中谋生时，您会希望技术使事情变得更容易。

But this isn’t unique to Zoom or COVID-19. Even Microsoft Teams, a competitor to Zoom, was vulnerable enough that company data could have been stolen by a simple GIF. One might think that something of that nature will entice users to tread carefully in the online space. Unfortunately, that isn’t the case.

但这并不是Zoom或COVID-19独有的。 甚至Microsoft团队(是Zoom的竞争对手)也很脆弱，以至于公司数据可能被简单的GIF所窃取。 有人可能会认为这种性质的东西会吸引用户在在线空间中谨慎行事。 不幸的是，事实并非如此。

Cybersecurity has long been a concern in the general domain. But cybercrime has been on the rise during the past few years. In a 2019 report, Accenture estimates a whopping $5.2 trillion in cybersecurity-related costs within the next 5 years. The question is, why are we still lagging in addressing cybersecurity? It's part ignorance, part unawareness, and part unaffordability.

长期以来，网络安全一直是整个领域的关注点。 但是在过去几年中，网络犯罪一直在上升。 埃森哲在2019年的一份报告中估计，未来五年内与网络安全相关的成本高达5.2万亿美元。 问题是，为什么我们在解决网络安全方面仍然滞后？ 部分原因是无知，部分不了解和部分负担能力。

网络安全是许多小公司买不起的奢侈品 (Cybersecurity is a luxury many small companies can’t afford)

Much of the reported security breaches are from large corporates. Why? Because security breaches in large companies translate to massive numbers, usually in millions either in data or dollars (or both). Although this often brings in much-needed attention, it doesn’t always reflect the full picture. The smaller organizations’ side is hardly given enough attention.

报告的许多安全漏洞来自大型公司。 为什么？ 因为大型公司中的安全漏洞会转化为大量数据，通常以数据或美元(或两者)计为数百万。 尽管这通常会引起急需的关注，但它并不总是能反映出全部情况。 较小的组织方面几乎没有得到足够的重视。

Large scale security breaches may prompt big companies to be proactive towards cybersecurity. But unlike the big corporates, smaller companies do not have the muscle to pull through. Cybercriminals know this and target such companies as a result.

大规模的安全漏洞可能促使大公司主动采取网络安全措施。 但是，与大型公司不同，较小的公司没有能力去克服。 网络犯罪分子知道这一点，并因此将目标对准了这些公司。

According to CNBC, 43% of online attacks are aimed at small businesses. However, only 14% are equipped to handle such attacks. On average, cyberattacks cost businesses around $200,000, an almost six-fold increase Year on Year. As a result, 60% go out of business in 6 months following a cybercrime incident.

据CNBC称 ，43％的在线攻击针对小型企业。 但是， 只有14％的人有能力处理此类攻击。 平均而言，网络攻击使企业蒙受了约20万美元的损失 ，比去年同期增长了近六倍。 结果，有60％的人在网络犯罪事件发生后的6个月内倒闭。

It isn’t surprising given the actual costs of a cyberattack. The losses include the financial damage of the attack itself, the effect on a company’s brand value and goodwill, investigation expenses, legal fees, etc. All this tally up to unbearable costs for small businesses.

考虑到网络攻击的实际成本，这不足为奇。 损失包括攻击本身造成的财务损失，对公司品牌价值和商誉的影响，调查费用，律师费等。所有这些费用合计起来相当于小型企业无法承受的成本。

Even in such a scenario, businesses still continue to underestimate the threat of a possible cyberattack. As per Keeper Security’s 2019 report, almost 66% of 500 leaders of SMBs believe a cyberattack is unlikely. Essentially, this leads to a lack of planning for cybersecurity across the board. Companies end up without a cyberattack prevention plan, a security policy. Leaders may not even have an idea of where to start with cybersecurity. This issue trickles down from the management to every single individual in a company.

即使在这种情况下，企业仍然继续低估可能发生网络攻击的威胁。 根据Keeper Security的2019年报告 ，在500名中小型企业领导人中，有近66％的人认为网络攻击不太可能发生。 本质上，这导致缺乏全面的网络安全计划。 公司最终没有制定网络攻击预防计划和安全策略。 领导者甚至可能不知道从何处着手网络安全。 这个问题从管理层流传到公司中的每个人。

缺乏认识 (Lack of awareness)

When companies as a whole downplay the importance of cybersecurity, it's hard to make the case for individuals. If the company doesn’t care enough about security, how will employees? This is where the cybersecurity issue starts to propagate at an individual level.

当公司整体上淡化网络安全的重要性时，很难为个人辩护。 如果公司对安全性不够重视，员工将如何？ 这是网络安全问题开始在个人层面传播的地方。

The same Keeper Security report states that 73% of SMBs under $1M in revenue believe they are unlikely to face a cyberattack. “We are too small, too new, too unappealing to be targeted” is a sentiment that draws parallel among the general audience as well.

Keeper Security的同一份报告指出，收入低于100万美元的SMB中有73％认为他们不太可能面临网络攻击。 “我们太小了，太新了，太没有吸引力了，无法成为目标。”这一观点在普通观众中也很普遍。

The idea that one’s digital activities are uninteresting enough for an attacker to ignore, is a misguided notion. If anything, putting your guard down in the digital space makes you a far more likely target.

认为数字活动不够有趣，攻击者无法忽略的想法是一个错误的观念。 如果有的话，将您的防护放到数字空间中会让您更有可能成为目标。

But unlike companies, security at an individual level need not be a comprehensive plan. Maintaining one’s security starts with simple tasks like updating your passwords and your software. Of course, there are practical issues. For example, we use so many services online that it has become practically impossible to change passwords often. But the problem also bleeds into the fact that consumers don’t care enough to pay attention.

但是与公司不同，个人级别的安全性不必是一个全面的计划。 维护个人安全始于简单的任务，例如更新密码和软件。 当然，还有一些实际问题。 例如，我们在线使用了许多服务，因此实际上几乎不可能经常更改密码。 但是问题还出在消费者没有足够注意的事实上。

Remember WannaCry? Out of the 150+ countries affected, England’s National Health Services (NHS) was one of the hardest hit. But the extensive damage could have been easily avoided if computer systems were kept updated in the first place. With the vast number of products and services we use every day, there are bound to be security vulnerabilities. Its important that users are attentive enough to update systems.

还记得WannaCry吗？ 在受灾的150多个国家中，英格兰的国家卫生服务(NHS)是受灾最严重的国家之一。 但是，如果首先对计算机系统进行更新， 就可以轻松避免造成广泛的破坏。 我们每天使用大量产品和服务，因此必然会存在安全漏洞。 用户必须足够专心地更新系统，这一点很重要。

安全性是设计过程的一部分 (Security needs to be part of the design process)

Speaking of systems, part of the responsibility also falls on the service providers too. As the Zoom scenario demonstrates, it's not uncommon to see cybersecurity as a compromise for convenience. When UI/UX takes precedence, security takes a backseat during product development. It only takes priority as a reactive measure rather than a proactive one.

说到系统，部分责任也落在服务提供商身上。 正如Zoom场景所示，将网络安全视为便利的折衷方案并不少见。 当UI / UX处于优先地位时，安全性在产品开发过程中将退居二线。 它仅将优先级作为一种被动措施，而不是主动措施。

For products and services to work at an optimum level, security needs to be part of the design process. After all, the current situation is only amplifying the need for secure products and services. Many people from around the world are trying to achieve normalcy through the comfort of their homes. This means that people, whether tech-savvy or not, are heavily reliant on technology. It should not be as simple as sending an emoji to crash your phone.

为了使产品和服务以最佳水平运行，安全性必须成为设计过程的一部分。 毕竟，当前的情况只会放大对安全产品和服务的需求。 来自世界各地的许多人都在努力通过居家般的舒适来实现正常生活。 这意味着人们，无论是否精通技术，都严重依赖技术。 它不应该像发送表情符号使手机崩溃那样简单。

这取决于我们所有人 (It's up to all of us)

At the end of the day, it's up to all of us. More people get tech-savvy by the day. But that still hasn’t stopped cybercrime from rising on a global scale. The current pandemic situation is only fueling this trend.

归根结底，这取决于我们所有人。 越来越多的人每天都精通技术。 但这仍然没有阻止网络犯罪在全球范围内的上升。 当前的大流行情况只会助长这一趋势。

Thereby, as individuals its vital that all of us take extra precautions when engaged in the digital space. It can be as simple as changing your password or updating your Windows OS. But it could very well safeguard your digital privacy.

因此，作为个人，至关重要的是，当我们从事数字空间时，我们所有人都要格外小心。 它可以像更改密码或更新Windows OS一样简单。 但这很可能会保护您的数字隐私。