Cyber Attacks on Manufacturers Up Globally, But Less Than Half Prepared in Security
全球針對制造商的網(wǎng)絡(luò)攻擊增加，但不到一半企業(yè)在安全方面做好了準備

A global study by Omdia has found that 80% of manufacturing firms experienced a significant increase in overall security incidents or breaches last year, but only 45% are adequately prepared in their cyber security.

Omdia的一項全球研究發(fā)現(xiàn)，去年80%的制造企業(yè)的整體安全事件或違規(guī)行為顯著增加，但只有45%的企業(yè)在網(wǎng)絡(luò)安全方面做好了充分準備。

Omdia surveyed over 500 technology executives worldwide on the convergence of Information Technology (IT) and Operational Technology (OT)–or physical systems–in their core operations, and how they managed cyber security challenges. The report for the study was produced in partnership with Telstra International, the global arm of leading telecommunications and technology company Telstra.

Omdia調(diào)查了全球500多名技術(shù)高管，了解信息技術(shù)（IT）和運營技術(shù)（OT）或物理系統(tǒng)在其核心運營中的融合，以及他們?nèi)绾螒?yīng)對網(wǎng)絡(luò)安全挑戰(zhàn)。該研究報告與Telstra International合作編寫，Telstra International是領(lǐng)先的電信和技術(shù)公司Telstra的全球部門。

The heightened risk of cyber attacks comes as manufacturers move to leverage IT such as cloud, AI, and Internet of Things (IoT) as part of their digital transformation–a process defined as Industry 4.0. While the convergence of IT with traditional OT can increase scale, resilience and efficiency in operations, it also increases the attack surface for cyber threats. Critical industries are increasingly lucrative targets for cyber exploitation including ransomware.

隨著制造商開始利用云、AI和物聯(lián)網(wǎng)（IoT）等IT作為其數(shù)字化轉(zhuǎn)型的一部分，這一過程被定義為工業(yè)4.0，網(wǎng)絡(luò)攻擊的風(fēng)險也隨之增加。雖然IT與傳統(tǒng)OT的融合可以提高運營規(guī)模、彈性和效率，但它也增加了網(wǎng)絡(luò)威脅的攻擊面。關(guān)鍵行業(yè)越來越成為網(wǎng)絡(luò)利用（包括勒索軟件）有利可圖的目標。

Manufacturers affected by a cyber attack reported a resilience or availability issue that cost individual firms between US$200,000 and US$2 million, taking the biggest hit when incidents affected enterprise and corporate systems or production control.

受網(wǎng)絡(luò)攻擊影響的制造商報告稱，彈性或可用性問題給單個公司造成了20萬至200萬美元的損失，當事件影響企業(yè)和企業(yè)系統(tǒng)或生產(chǎn)控制時，受到的打擊最大。

Geraldine Kor, Telstra International’s Head of Global Enterprise Business, said: “Greater connectivity between IT and OT is necessary to harness advanced technology for manufacturing innovation, but it increases the risks of a breach. However, very few firms are mature in protecting and defending against such cyber risks.“

Telstra International全球企業(yè)業(yè)務(wù)主管Geraldine Kor表示：“要利用先進技術(shù)進行制造創(chuàng)新，必須加強 IT 和 OT 之間的連接，但它會增加泄露的風(fēng)險。然而，很少有公司在保護和防御此類網(wǎng)絡(luò)風(fēng)險方面成熟。”

“Our study also uncovered a fragmented approach to security responsibility, which can leave manufacturing businesses without a clear direction. This responsibility must be clear and integrated so that one group or person will have the authority to act on security challenges for mission-critical systems.  It is equally important to have the right people and security-focused culture as their absence will hinder security posture readiness, compounding technical challenges.”

“我們的研究還揭示了一種分散的安全責(zé)任方法，這可能會使制造企業(yè)沒有明確的方向。此責(zé)任必須明確且集成，以便一個組或個人有權(quán)對任務(wù)關(guān)鍵型系統(tǒng)的安全挑戰(zhàn)采取行動。 擁有合適的人員和注重安全的文化同樣重要，因為他們的缺席將阻礙安全態(tài)勢的準備，從而加劇技術(shù)挑戰(zhàn)。”

Ganesh Narayanan, Telstra International’s hlobal head of Cyber Security, noted that the manufacturing and other industrial sectors historically relied on air gapping for security, where OT systems are typically segregated from corporate IT systems to protect against external threats. However, this approach is no longer sustainable with increasing IT-OT convergence, which expands the threat surface significantly.

Telstra International網(wǎng)絡(luò)安全主管Ganesh Narayanan指出，制造業(yè)和其他工業(yè)部門歷來依賴空氣間隙來實現(xiàn)安全，其中OT系統(tǒng)通常與企業(yè)IT系統(tǒng)隔離，以抵御外部威脅。但是，隨著IT-OT融合的提高，這種方法不再可持續(xù)，這大大擴大了威脅面。

He said: “IT and OT integration create enormous value for organisations across industries, although organisations must address risks to unlock its potential. Organisations should prioritise IT/OT and IoT security across six core areas: Collaboration and planning, defining a strategy, bolstering technical expertise, assign responsibility and accountability, leveraging the right tools, and expedite readiness with standards.”

他說：“IT和OT集成為各行各業(yè)的組織創(chuàng)造了巨大的價值，盡管組織必須解決風(fēng)險以釋放其潛力。組織應(yīng)在六個核心領(lǐng)域優(yōu)先考慮IT/OT和IoT安全：協(xié)作和規(guī)劃、定義策略、加強技術(shù)專業(yè)知識、分配責(zé)任和問責(zé)制、利用正確的工具以及加快標準準備工作。”

Adam Etherington, Senior Principal Analyst at Omdia, said: “Our study illuminates critical attack vectors and lessons learned, and provides timely advice for any executive responsible for IT and OT.

Omdia高級首席分析師Adam Etherington表示：“我們的研究闡明了關(guān)鍵的攻擊向量和經(jīng)驗教訓(xùn)，并為任何負責(zé) IT 和 OT 的高管提供了及時的建議。

“More pervasive connectivity between IT and OT is essential across greenfield and brownfield manufacturing system design and enhancements. Step change improvements to innovation, availability, safety and security require firms to harness cloud, IoT, AI and private networks, with IT/OT convergence bringing these technologies to life.

“在綠地和棕地制造系統(tǒng)設(shè)計和增強中，IT和OT之間更普遍的連接至關(guān)重要。創(chuàng)新、可用性、安全和安全性的重大改進要求公司利用云、物聯(lián)網(wǎng)、人工智能和專用網(wǎng)絡(luò)，而IT/OT融合使這些技術(shù)栩栩如生。

“However, most firms have been hit with expensive outages and security incidents while traditional security controls, policies and culture struggle to keep pace. Given the magnitude of downtime costs from any breach or network incident that impacted operations, it’s important to better understand the causes for proactive remediation.”

“然而，大多數(shù)公司都遭受了代價高昂的中斷和安全事件的打擊，而傳統(tǒng)的安全控制、政策和文化難以跟上步伐。鑒于影響運營的任何漏洞或網(wǎng)絡(luò)事件造成的停機成本之大，更好地了解主動補救的原因非常重要。”