[TechWeb] at the opening ceremony of the 2022 Global Digital economy Conference and the main forum, Qi Xiangdong, chairman of Qianxin Group, said that to improve China's data security protection system, we need to constantly improve it from three aspects: "abiding by the law, investing money, and training people." on the other hand, enterprises should "prevent violations of the law, prevent theft, and prevent blackmail."
For the suggestion of data security protection system, Qi Xiangdong summed up three key words: "abiding by the law", "investing money" and "training people".
With the landing of the "Network Security Law", "data Security Law" and other relevant laws and regulations, the society is changing from "there are laws to abide by" to "laws must be followed". In 2021, the Ministry of Industry and Information Technology announced the rectification and reform of more than 1500 APP models and the removal of more than 500 refusing APP from the shelves. Qi Xiangdong stressed that enterprises and individuals must enhance their awareness of abiding by the law and make clear the "red line consciousness" of data security.
In terms of the level of investment in network security, there is still a certain gap between China and Europe and the United States and other developed countries. At present, the Ministry of Industry and Information Technology has issued the three-year Action Plan for the High-quality Development of the Network Security Industry (2021-2023) (draft for soliciting opinions), in which network security investment in key industries such as telecommunications accounts for 10% of the information investment. But at present, most of the government and enterprise organizations in our country can not meet this requirement, and there is still huge room for improvement.
In terms of personnel training, it is necessary to establish a fixed mechanism for joint training between universities and enterprises, give full play to the actual combat advantages of network security enterprises in the front line of attack and defense, and work with colleges and universities to formulate training plans for undergraduates and masters and doctorates. we will jointly train a team of high-level talents who meet the needs of the industry and have the ability of actual combat.
In view of the digital security problems in the process of industrial digital transformation, Qi Xiangdong is summarized as "three defenses": prevention of violation of the law, prevention of theft, prevention of extortion.
There is no doubt about "preventing violations of the law". Qi Xiangdong suggested that enterprises can make a good digital transformation with the help of third-party security enterprises in the case of legal compliance.
The key point of "preventing theft" is to guard against "mole". Qi Xiangdong pointed out two kinds of "mole" that must be paid attention to. One is the internal staff, a large number of real cases have proved that the internal staff can not be completely trusted, especially for the management of the "three" administrators, technicians and operators, we can not only rely on the system, but also rely on technology. To be able to review, alarm, and intercept The second is the supplier, in the development, delivery and use of the supply chain, each link may introduce risks, and the security problems of the upstream link will be transferred to the downstream and magnified, as long as there are a few loopholes can infiltrate layer by layer.
"Prevention of extortion" requires the establishment of an endogenous security system of in-depth defense. According to the statistics of Qianxin Emergency response Center, blackmail attacks accounted for nearly 30% of the emergency response incidents of large and medium-sized government and enterprise organizations in 2021. "this is a very high proportion." Qi Xiangdong said that through in-depth defense, the integration of data, technology and service capabilities, comprehensive monitoring from the decision-making level and operational level, and cross-verification of multiple lines of defense, even if the network is breached, it can also be achieved without interruption of business, data without accident, compliance without stepping on the line.