The information security risk gap refers to the imbalance between IT development and security investment, security awareness and security means.

At the "First Anniversary of Anti-information Fraud Alliance and the First Anti-information Fraud Summit Forum" held in 215, the first White Paper on Anti-information Fraud in China pointed out that many fraudsters have mastered the details of the victims, including their names, ID numbers, telephone numbers, consumption records, etc., so as to carefully create "accurate fraud" with scenes. In addition, big data has become a fraud tool, and the amount of fraud cases is also increasing.

Recently, the well-known vulnerability response platform "Patian" released a message that the data of 23 million users of Jifeng Forum had been leaked. It is understood that the leaked information includes account information including account name, email address and encryption password. Coincidentally, 1236.cn, the online booking website of China Railway Corporation, has recently been exposed that user information including account number, clear text password and ID email address has been leaked.

Obviously, users are experiencing an unprecedented information crisis. According to the data of Tencent Mobile Security Lab, from January to November, 214, Tencent Mobile Manager * * * received 62.55 million fraudulent text messages reported by users, and users actively marked 62.87 million fraudulent phone calls, and the number of new fraudulent text messages and fraudulent phone calls was increasing every month.

Extended information:

In order to "world without thieves", the black industrial chain is an important channel for this link. The "White Paper" believes that it is precisely because the legislation on the protection of personal information is scattered in laws and regulations and lacks systematicness that there are many problems in actual operation. This requires mobilizing the strength of the entire industrial chain, and establishing an anti-information fraud skynet through the joint defense of "police, enterprises and people", so that all links can cooperate closely, so as to effectively crack down on the fraudulent black industrial chain.

Secondly, implement the accountability system for software developers. The behavior of software developers to obtain information is an important trigger of this "fuse", and whether the collected information is necessary or not is related to the majority of users.

However, the frequent information leakage incidents of software developers have laid multiple hidden worries for this state of affairs. Obviously, the competent authorities need to speed up the formulation of policies and security standards, improve the security certification threshold of mobile internet application software, put forward clear norms for software developers to obtain personal information, prohibit the collection of unnecessary information, and allow users to retain the right to choose in privacy authorization.

people's network-the current situation of network security is worrying. How to plug the user information leakage gap?