The event was a defining moment for the country and the world's approach toward cybersecurity.

這件事決定了該國與全世界對於網路安全的態度

And it all started with this statue.

一切從這尊雕像開始說起

From the WannaCry ransomware attack to election meddling,

從 WannaCry 勒索軟體到選舉干涉

cyberattacks are becoming increasingly common, and costly, around the world.

全世界的網路攻擊越來越普遍、破壞力越來越強

Global spending on information security products and services is expected to reach $124 billion in 2019.

全球花在資安相關產品的支出，預期在 2019 年前達到 1240 億

But that hasn't been enough to stop cyberattacks from becoming one of the global economy's biggest threats.

然而，這仍無法阻止網路攻擊成為全球經濟最大的威脅之一

So how can governments keep hackers out?

所以，政府到底要怎麼防止駭客？

The short answer is they can't. But that doesn't mean they're not trying.

簡單來說：駭客無法擋，但這不代表政府沒在努力

One of the leaders in this space has been the tiny Baltic country of Estonia,

位於波羅的海的一個小國家：愛沙尼亞，是這個領域的領導者之一

which gained independence from the Soviet Union in 1991.

愛沙尼亞於 1991 年從蘇聯中獨立

For years, this Bronze Statue stood in the center of Tallinn as a Soviet War memorial.

這尊紀念蘇聯戰爭的銅像在塔林的市中心佇立多年

Then in 2007, the Estonian government decided to move it here to a less prominent location.

2007 年時，愛沙尼亞政府決定將銅像移到較不顯眼之處

The move sparked protests and riots from Estonia's ethnic Russian population that wanted the statue to stay in place.

此舉引起俄裔愛沙尼亞人的抗議與暴動，他們不希望遷移銅像

Then, within days, Estonian institutions were crippled by a series of cyberattacks.

幾天內，一連串的網路攻擊癱瘓了愛沙尼亞的政府機關：

Parliament, government ministries, banks and newspapers went offline.

國會、政府部門、銀行，新聞網站都下線了

And though it hasn't ever been confirmed, it's widely believed that Russia was behind the attacks.

即使未經證實，但普遍認為俄國是幕後兇手

The 2007 attack on Estonia has been called the first cyberwar, which is defined as: "the use of computer technology to disrupt the activities of a state or organization".

2007 年這場針對愛沙尼亞的攻擊，被稱做第一場網路戰爭，定義為「使用電腦科技以干擾政府或機構的活動」

The cyberattack was a wake-up call for Estonia,

這場網路攻擊喚醒了愛沙尼亞

which at the time was already one of the world's most advanced digital societies.

在當時成為了世上最先進的數位社群之一

The country decided it needed to take steps to protect data online and prevent future cyberattacks.

該國認為採取行動保護網路資料，與預防未來的網路攻擊，是必要的

But how?

但確切該如何執行？

The first step was building a strategy that would allow the government to keep systems up and running during a cyberattack.

第一步，建立一套策略：讓政府系統在遭受網路攻擊的同時，可以繼續運作

IT experts in the public and private sectors worked together

檯面上與私下的資訊科技專家協力合作

to make systems more resilient against hackers.

讓系統對抗駭客的能力提升

One part of Estonia's strategy is a voluntary Cyber Defence League made up of hundreds of civilians,

愛沙尼亞策略的一部份，就是成立一個志願性的網路防禦聯盟，成員是上百個平民百姓

including IT professionals and young people who would mobilize during an attack.

包含資訊科技專家，以及不受攻擊牽制的年輕人

Estonia also decided to store copies of its information in a data embassy in Luxembourg,

同時，愛沙尼亞決定將備份的資訊存在位於盧森堡的資料大使館

as a backup in case there was a cyberattack on home soil.

以防國土遭受網路攻擊

Which brings us to another key deterrent for cyber threats, international cooperation.

這也提醒了我們下一個防止網路威脅的關鍵：國際合作

NATO, the military alliance between North American and European countries, was a good place to start.

北美與歐洲之間的軍事同盟：北大西洋公約組織 (NATO)，是很好的下手點

In 2008, the 'NATO Cooperative Cyber Defence Centre of Excellence' opened here in Tallinn.

2008 年時，北大西洋公約組織之網路共同防禦卓越中心，成立於塔林

Its goal?

其目標？

To enhance NATO's cyber defense capabilities.

為了增強北大西洋公約組織的網路防禦能力

The center conducts large-scale cyber defense drills, sort of like digital military training,

此中心提供大規模網路防禦之訓練指導，有點類似數位軍事訓練

though it's not technically a NATO operational unit.

即便這不算是北大西洋公約組織的營運組織

It also put together a guide called the Tallinn Manual, which analyzes how to apply existing international law to cyber operations.

它也整理了一份叫做塔林手冊的入門簡介，分析如何讓現存的國際法適用於網路活動

In 2016, NATO allies agreed that a cyberattack on a member country

2016 年時，北大西洋公約組織的同盟國認為針對成員國的網路攻擊

could trigger the same military response as an attack in the air, on land or at sea.

有可能會觸發與空襲、陸地攻擊，或是海上的突擊一樣的軍事反應

EU-wide regulation has also upped the penalties against data breaches.

歐盟國家規範加重侵害資料的刑罰

The General Data Protection Regulation, or GDPR, that went into effect in 2018,

一般資料保護規範 (GDPR) 於 2018 年生效

(It) gave EU regulators the power to fine companies that don't protect user data.

賦予歐盟監管機構權力，得以對不保護用戶資料的公司處以罰鍰

And, unlike in the past, the fines can be massive.

與過去不同的是，現在的罰鍰金額可能非常驚人

up to 4% of global annual turnover or €20 million, whichever is bigger.

不是全球年營收的 4%，就是 2000 萬歐元，取決於大的金額

Still, many countries have not taken steps to prepare for cyber threats.

許多國家仍尚未採許抵擋網路攻擊的準備

The United Nations found half of its member states don't have a cybersecurity strategy in place.

聯合國發現一半成員國的網路安全策略還未就定位

The UN ranks Estonia as the European country most committed to cybersecurity.

聯合國將愛沙尼亞列為最投入網路安全的歐洲國家

And fifth worldwide after Singapore, the United States, Malaysia and Oman.

也是全球的第五名，僅次於新加坡、美國、馬來西亞與阿曼

But even Estonia isn't hacker-proof.

但即使愛沙尼亞並非完全不受駭客影響

Authorities still responded to more than 10,000 cybersecurity incidents in 2017,

官方仍在 2017 年處理了超過一萬件網路安全事件

one third more than the year before.

比前年多了三分之一

Which brings us to one final big step in preventing a cyberattack, getting the public on board.

這帶領我們向網路攻擊的預防更進最後的一大步，也就是將大眾劃為防禦陣線的一員

This can be as simple as using two-factor authentication or changing your password from, well, “password.”

方法可以很簡單，像是使用多重要素驗證，或把易於破解的密碼改掉

Research found only one out of every four internet users in Europe

研究發現，在歐洲只有四分之一的網路使用者

changes his or her password regularly because of security and privacy issues.

會考量安全與隱私問題，而定期更改密碼

In Estonia, it took an unprecedented cyberattack for the country to become a leader in online security.

在愛沙尼亞發生前所未有的網路攻擊後，該國才躍身為網路安全的龍頭

Other countries might want to take a note as the threats of cyberattacks only become bigger and more complex.

其他國家可能要記下這點了：網路攻擊的威脅性只會越來越嚴重、複雜

Hey everyone, Elizabeth here. Thanks so much for watching our video.

嗨大家好！我是伊莉莎白。謝謝收看我們的影片！

Be sure to check out all of our other CNBC Explains over here.

記得點選這裡，看看其他 CNBC Explains 系列影片

And leave us any other ideas in the comments section.

並在留言區留下任何想法

See you later!

再會啦！