When Nuno Sebasti?o enrolled on the London Business School MBA programme, he looked beyond the traditional careers of consultancy and investment banking. In fact, he decided to fight hackers instead.
当努诺?塞巴斯蒂昂(Nuno Sebasti?o)就读伦敦商学院(LBS) MBA课程时,他的目光超越了咨询和投行等传统职业。实际上,他决定对抗黑客。
This was not for purely ideological reasons. Having witnessed hacking attacks on computer networks at his former employer, the European Space Agency, his MBA training enabled him to spot a lucrative niche for somebody with business and communication skills to enter the technical field of cyber security.这并非出于纯粹的意识形态原因。他在前雇主欧洲航天局(European Space Agency)那里目睹过针对电脑网络的黑客攻击,他的MBA培训让他得以发现一个有利可图的利基市场:让具备商业和沟通技能的人进军网络安全这个技术领域。
“It was clear to me [even] in 2009 that there was an issue here that needed to be addressed,” he says.
他表示:“(甚至)在2009年,对我来说,这里显然有一个问题需要解决。”
After graduation he set up Feedzai, a company that identifies fraudulent payment transactions, with two fellow engineers from his native Portugal. “I was the one who identified the business problem,” he says. His California-based company has 150 employees, with plans to grow to 300 this year.
毕业后,他创建了识别欺诈支付交易的公司Feedzai,合作者是和他一样来自葡萄牙的两位工程师。他表示:“我的任务是识别商业问题。”他的公司总部位于美国加州,拥有150名员工,今年计划增至300人。
Mr Sebasti?o is far from the only MBA candidate or graduate to have spotted an opportunity in cyber crime. Many are becoming interested in picking up skills that leaders of the future will need to fight hacking crises, while a clutch of schools have added cyber security content to their MBA courses.
塞巴斯蒂昂远非唯一在网络犯罪领域发现机会的MBA学员或毕业生。很多人正变得有兴趣掌握未来领导者抗击黑客危机所需的技能,一些学院把网络安全内容纳入他们的MBA课程。
The shortage of cyber security experts at a technical level is acknowledged. A less well-known problem, however, is a corresponding lack of management executives who possess the technical know-how to deal with hacks.
人们认识到,现在缺乏技术层面的网络安全专家。然而,一个不那么为人所知的问题是,还缺乏拥有技术知识、能够对付黑客攻击的管理层高管。
“When companies hire cyber security people they are very strong in the technical skills but they miss the soft skills and the business acumen,” says Gianluca D’Antonio, chief information officer of Spanish construction and services company FCC Group and chair of the Spanish Association for the Advancement of Information Security.
西班牙建筑和服务公司FCC Group首席信息官、西班牙信息安全促进协会(Spanish Association for the Advancement of Information Security)主席詹卢卡?丹东尼奥(Gianluca D’Antonio)表示:“在公司聘用网络安全员工时,他们的技术能力很强,但缺乏软技能和商业智慧。”
He says that the people who are working in cyber security are not able to communicate the risk to the board. “It’s about communications, it’s about management. Everybody now is talking about the incredible digital future but nobody is talking in a proper way about the digital risk.”
他表示,那些在网络安全领域工作的人们无法向董事会介绍相关的风险。“这关乎沟通,关乎管理。大家都在谈论不可思议的数字未来,但没有人恰当地讨论数字风险。”
Hack to the future
防范未来的黑客攻击
At IE Business School in Madrid, José Esteves, a professor of information systems, teaches a digital innovation class to MBAs during which he hacks into the accounts of his own students to show them how easy it is. IE is also launching a cyber security masters degree in October for future business leaders.
位于马德里的西班牙企业学院(IE Business School)信息系统教授约瑟夫?埃斯特韦斯(José Esteves)向MBA学员教授数字创新课程,他在课堂上侵入学生的账号,向他们演示这有多么容易。今年10月,该商学院还将为未来的企业领导者推出网络安全硕士学位课程。
Meanwhile, Iese Business School in Barcelona has brought in Deloitte to help provide sessions on cyber security in one of its MBA electives.
与此同时,位于巴塞罗那的IESE商学院(Iese Business School)邀请德勤(Deloitte)帮助在MBA选修科目之一提供网络安全课程。
“It [cyber security] is not something you can delegate, it’s about the security and the reputation of the company,” says Javier Zamora, a senior lecturer in information systems at Iese.
IESE商学院信息系统高级讲师哈维尔?萨莫拉(Javier Zamora)表示:“(网络安全)无法委托,它关乎公司安全和声誉。”
Even the most secure networks are vulnerable to cyber attacks, as data breaches at Yahoo and Sony showed. Attacks by hackers cost global businesses $280bn in 2016, according to consultancy Grant Thornton, which cites reputational damage as the major risk corporations face.
就连最安全的网络在网络攻击面前也很脆弱,就像雅虎(Yahoo)和索尼(Sony)数据泄露事件所显示的那样。根据咨询公司均富(Grant Thornton)的估算,2016年,黑客攻击导致全球企业损失2800亿美元,该公司把声誉损害列为公司面临的主要风险。
The high-level ramifications of cyber attacks mean they have to be addressed by executives who steer corporate strategy, instead of being left to the techies, says Stuart Madnick, professor of IT and engineering systems at MIT Sloan School of Management.
麻省理工斯隆管理学院(MIT Sloan School of Management) IT和工程系统教授斯图尔特?马德尼克(Stuart Madnick)表示,网络攻击的高层次后果意味着,它们必须由指导公司战略的高管负责应对,而不是留给技术人员。
Mr Madnick, who teaches cyber security on the school’s MBA course, says dealing with hacks takes extremely nimble management thinking because they can be less predictable than natural disasters.
马德尼克在该学院的MBA课程中教授网络安全,他表示,应对黑客需要极为灵活的管理思维,因为黑客攻击可能比自然灾难更加不可预测。
“A hurricane doesn’t change direction because you know it’s coming, but cyber attackers can.”
“飓风不会因为你知道它们要来而改变方向,但网络攻击者可以。”
A big part of the problem for managers is the complexity of dealing with such issues, says David Upton, professor of operations management at Oxford’s Sa?d Business School.
牛津大学(Oxford)萨伊德商学院(Sa?d Business School)运营管理教授戴维?厄普顿(David Upton)表示,对于管理者而言,很大一部分问题在于这类问题在应对上的复杂性。
Cyber attacks encompass everything from state-sponsored espionage to petty criminal acts for financial gain, he adds.
他补充称,网络攻击包括各种行为,从政府支持的间谍活动,到旨在获得金钱好处的琐碎犯罪行为。
But defending against a catastrophic negative event is also “inherently unsexy” for many business leaders, he adds. “Managers’ eyes tend to glaze over when you mention it.”
然而,他补充称,对于很多企业领袖而言,防范灾难性负面事件“从根本上说是没有吸引力的”。“在你提到这个问题时,管理者往往神情茫然。”
Nevertheless, he says, the risk must be addressed at board level and include all corporate departments.
然而,他表示,这种风险必须在董事会层面得到应对,并包括所有公司部门。
A job for the board
董事会的职责
Prof Upton has helped design a board-level executive course and teaches a compulsory course on Sa?d’s MBA. “There is a whole global industry that is at work on this and we have managers that are asleep at the wheel,” he says.
厄普顿教授帮助设计了董事会层面的高管课程,并在萨伊德商学院MBA课程中执教一门必修课程。他说:“有一个全球性行业正致力于此,而我们有些管理者却在昏睡。”
Iese’s Prof Zamora also believes cyber security issues will permeate every aspect of a business, as technology spreads, from HR to insurance risk.
IESE商学院的萨莫拉教授还认为,随着技术的传播,网络安全问题将渗透到一家公司的方方面面,从人力资源到保险风险。
Security is often an afterthought, with speed to push the latest gadgets to market taking precedence. “Whenever you design a product or a service you have to build in cyber security from the beginning,” says Prof Zamora. “It’s an integral part of the design issue.”
目前,安全往往沦为一个事后的想法,将最新产品推向市场的速度变成优先任务。“每当你设计产品或服务,一开始就必须构建网络安全,”教授表示,“这是设计方面不可或缺的一部分。”
At Harvard Business School, associate professor Ben Edelman defends his fellow academics’ reluctance to engage with these problems, because the technical aspects are at odds with a general management approach. But it has not stopped him. “I thought these were really important issues and jumped right in with two feet,” he says.
在哈佛商学院(Harvard Business School),副教授本?埃德尔曼(Ben Edelman)为学者们不愿讨论这些问题做出辩护,因为技术层面与总体管理策略格格不入。但这并未阻止他。他表示:“我认为这些问题确实很重要,于是全身心投入了。”
In Mr Edelman’s teaching he presents a hypothetical case in which a company’s systems are hacked and the students have to decide how the manager should respond. The case goes to a core ethical issue: should the manager close the company network to prevent further hacking or hope to tackle it behind the scenes without informing customers.
在埃德尔曼的授课中,他提出了一个假想案例,一家公司的系统遭到黑客攻击,学生们不得不就管理者应该如何回应做出决定。这个案例涉及到一个核心的道德问题:管理者是应该关闭公司网络阻止进一步入侵,还是希望在不告知客户的情况下在幕后解决?“Obviously these are difficult questions but that doesn’t mean we shouldn’t tackle these issues,” says Prof Edelman.
埃德尔曼教授表示:“显然,这些问题回答起来很难,但这并不意味着我们不应解决。”
Mr Sebasti?o likens the situation to the run-up to the 2008 financial crisis. “No one was interested and then the whole world came crashing down and then all sorts of mechanisms were put in place to prevent it happening again. It is exactly the same in cyber security.”
塞巴斯蒂昂将这种情况比作2008年金融危机之前。“没有人感兴趣,接着整个世界坍塌了,后来人们设立了各种机制以防范危机再次爆发。这与网络安全一模一样。”