2018年1月11日 來源:防爆云平臺(tái)--防爆產(chǎn)業(yè)鏈服務(wù)平臺(tái) 防爆電氣 防爆通訊 瀏覽 3243 次 評(píng)論 0 次
Kaspersky Report: Targeted attacks against ICS sector on the rise
卡巴斯基報(bào)告:針對(duì)工業(yè)控制系統(tǒng)的目標(biāo)攻擊上升
January 5, 2018 – According to the Kaspersky Lab, IT Security Risks Survey, every fourth industrial company of over 900 surveyed faced a variety of cyberattacks in 2017. Of the evolving types of threats used by cybercriminals, one of the fastest growing types aimed at industrial organizations is targeted attacks, with 28 percent of those surveyed admitting they faced an attack in 2017, compared to 20 percent in 2016.
2018年1月5日——根據(jù)卡巴斯基實(shí)驗(yàn)室的《信息安全風(fēng)險(xiǎn)調(diào)查》���,在2017年�����,900余家被調(diào)查的工業(yè)公司面臨著各種各樣的網(wǎng)絡(luò)攻擊�。網(wǎng)絡(luò)罪犯所使用的威脅不斷演變,其中一個(gè)針對(duì)工業(yè)組織的增長快類型是有針對(duì)性的攻擊�,28%的被調(diào)查者承認(rèn)他們?cè)?017年遭遇襲擊,而2016年這一比例只有20%�����。
The survey also revealed that 48 percent of industrial businesses have insufficient insight into the threats specifically faced by their business. With a lack of network visibility, 87 percent of industrial companies responded affirmatively when asked if any of the informational technology/operational technology (IT/OT) security events they experienced over the previous year were complex. Given there is an unclear understanding of the threats they are facing, it’s no surprise that industrial organizations spend on average of several days (34%) to several weeks (20%) detecting a cyberattack.
該調(diào)查還顯示�����,48%的工業(yè)企業(yè)對(duì)其業(yè)務(wù)所面臨的威脅沒有足夠的洞察力���。由于缺乏網(wǎng)絡(luò)可視性���,當(dāng)被問及他們?cè)谶^去一年所經(jīng)歷的信息技術(shù)/運(yùn)營技術(shù)(IT/OT)安全事件是否復(fù)雜時(shí),87%的工業(yè)企業(yè)做了肯定回答���。鑒于人們對(duì)他們所面臨的威脅了解不多���,工業(yè)組織平均花費(fèi)數(shù)天(34%)到數(shù)周(20%)來檢測(cè)網(wǎng)絡(luò)攻擊就不足為奇了�����。
Although industrial organizations lack insight and have difficultly identifying cyberattacks in their networks, they are fully aware of the need for high-quality protection against cyberthreats. In fact, 62 percent of employees at industrial companies firmly believe it’s necessary to use more sophisticated IT security software. However, software alone is not enough: almost half (49%) of industrial company respondents blame staff for not properly following IT security policies, which is 6 percent more than respondents surveyed that belong to other sectors.
盡管工業(yè)組織缺乏洞察力,在他們的網(wǎng)絡(luò)中難以識(shí)別網(wǎng)絡(luò)攻擊�����,但他們充分意識(shí)到需要高質(zhì)量的保護(hù)來抵御網(wǎng)絡(luò)威脅�����。事實(shí)上�,工業(yè)企業(yè)62%的員工堅(jiān)信有必要使用更復(fù)雜的IT安全軟件。不過�����,僅靠軟件是不夠的:近一半(49%)的受訪工業(yè)企業(yè)指責(zé)員工沒有正確遵守IT安全政策���,這一比例比其他行業(yè)的受訪者高出6%�。
“Cyberattacks on industrial control systems have become the indisputable number-one concern,” said Andrey Suvorov, head of critical infrastructure protection business development at Kaspersky Lab. “The good news is that the majority of industrial market players know which threats are coming to the forefront today and will be relevant in the near future. With this knowledge in mind, it’s critically important to implement a flexible, complex security solution that is designed to protect automated industrial environments and is configured in accordance with the technological processes of each organization.”
“網(wǎng)絡(luò)攻擊在工業(yè)控制系統(tǒng)已成為無可爭議的頭號(hào)問題���,”卡巴斯基實(shí)驗(yàn)室關(guān)鍵基礎(chǔ)設(shè)施保護(hù)業(yè)務(wù)發(fā)展主管Andrey Suvorov�,“好消息是,絕大多數(shù)的工業(yè)市場(chǎng)參與者知道哪些威脅今天備受關(guān)注���,并在不久的將來牽涉其身���。考慮到這些認(rèn)知�,實(shí)現(xiàn)一個(gè)靈活的、復(fù)雜的安全解決方案至關(guān)重要�����,該解決方案旨在保護(hù)自動(dòng)化的工業(yè)環(huán)境�,并按照每個(gè)組織的技術(shù)流程進(jìn)行配置?����!?
Due to the steady increase in complexity and number of attacks on the industrial market, the consequences of industrial organizations ignoring cybersecurity threats in 2018 could be disastrous. Cybersecurity awareness training is a must when it comes to cybersecurity in industrial organizations, given that all employees – from the administration side to the factory floor – play a key role in the safety of an enterprise and maintaining operational continuity.
由于工業(yè)市場(chǎng)的復(fù)雜性和攻擊次數(shù)不斷增加���,工業(yè)組織在2018年忽視網(wǎng)絡(luò)安全威脅的后果可能是災(zāi)難性的�����。在工業(yè)組織中�����,網(wǎng)絡(luò)安全意識(shí)培訓(xùn)是必須的�,因?yàn)樗械膯T工——從行政部門到工廠——都在企業(yè)的安全和保持運(yùn)營的連續(xù)性中扮演著關(guān)鍵的角色。
The Kaspersky Lab survey findings further confirm the predictions of Kaspersky ICS CERT experts about the emergence of specific malware that will target vulnerabilities in industrial automation components this year.
卡巴斯基實(shí)驗(yàn)室的調(diào)查結(jié)果進(jìn)一步證實(shí)了卡巴斯基工控系統(tǒng)網(wǎng)絡(luò)應(yīng)急響應(yīng)小組專家的預(yù)測(cè)�����,今年將出現(xiàn)針對(duì)工業(yè)自動(dòng)化組件漏洞的特定惡意軟件�����。
網(wǎng)絡(luò)警察提醒你
中國互聯(lián)網(wǎng)舉報(bào)中心
網(wǎng)絡(luò)舉報(bào)APP下載
掃黃打非網(wǎng)舉報(bào)專區(qū)