当前位置:首页 > 报告详情

图书馆网络安全、隐私与保护.pdf

上传人: 五**** 编号:1241095 2026-05-16 56页 1.83MB

1、Cybersecurity,Privacy&Protection for LibrariesThe Human Factor:Security Starts With StaffCyberattacks are on the riseMost breaches(68%),whether they include a third party or not,involve a non-malicious human element,which refers to a person making an error or falling prey to a social engineering att

2、ack.Source:Verizon Credential Abuse&Social Engineering AttacksWhat is credential abuse?When criminals use stolen or leaked credentials to access systems Reusing Passwords Not monitoring data breaches Keeping accounts active for people whove leftCredential Vunderabilities Accounts are not deleted fro

3、m the ILS or Library Software when a staff member leaves Staff share a login to a system/resource/tool A 3rd party is breached and staff email is accessedPassword Security Reused passwords Weak passwords Lack of multi-factor authenticationHow do we educate staff to defend against this type of attack

4、?Training Points:Credentials Never reuse passwords across accounts Never share passwords Enable MFA on everything especially email and your ILS Report login alerts you didnt trigger immediately When someone leaves,disable accounts the same day(MFA)on all accounts,as it blocks 99.9%of automated attac

5、ksSocial engineering accounts for 98%of cyber-attacksPhishing&Social Engineering Email phishing,spear phishing,smishing(SMS),vishing(voice)Impersonation Baiting Scareware Dumpster DivingImpersonationAn email arrives that looks like its from your ILS vendor.The logo is right.The tone is professional.

6、It says your password expired.Theres a link.Two Recent ExamplesHow do we educate staff to defend against this type of attack?STOP MethodS SuspectT ThinkO ObserveP Proceed&Report Analyze the Header How can you confirm the sender?Analyzing the header:Typosquatting(Amazon v.Amaz0n)Reveal the email not

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
1. **核心数据**:68%的数据泄露涉及人为失误;98%的网络攻击为社交工程;AI生成的钓鱼邮件点击率20%。 2. **人为因素**:安全始于员工,常见风险包括密码复用、共享登录、未及时停用离职账户。 3. **攻击手段**:钓鱼(邮件/短信/语音)、冒充、AI钓鱼(个性化/语音克隆)、恶意广告。 4. **防护措施**: - 员工培训:使用"STOP"法(怀疑-思考-观察-行动),启用多因素认证(MFA)。 - 数据保护:避免通过个人邮箱/云盘传输用户数据,限制AI工具使用。 - 安全文化:定期模拟钓鱼测试,建立无责报告机制,及时更新软件与权限。 5. **AI威胁**:放大钓鱼与数据风险,需警惕AI生成内容的语言/视觉异常,验证可疑信息。
**如何防范钓鱼攻击?** **AI如何威胁隐私?** **员工如何成为防火墙?**
客服
商务合作
小程序
服务号
折叠