New Survey Finds Most Industrial Organizations Are Inadequately Prepared for an OT Cybersecurity Attack
調查發現大多數工業組織對OT網絡安全攻擊的準備不足

PAS Global LLC, the OT Integrity company,announced findings from its survey of Operational Technology (OT) Cybersecurity Readiness including that 85% of respondent organizations are not highly prepared for an OT cyber attack. This finding and others will be discussed at OptICS 2020, taking place on Oct. 27 and 28 online and around the world.

OT完整性公司PAS Global LLC宣布了其對運營技術（OT）網絡安全準備情況的調查結果，其中包括85％的受訪組織沒有為OT網絡攻擊做好充分準備。

Survey respondents were asked to gauge the degree of OT cybersecurity risk for several potential threats. “Human Error” topped the list as the highest risk area followed by “Nation States,” “Digital Transformation,” “Remote Work,” “Criminal Activity,” and “Internal Malicious Actors."

調查受訪者被要求評估OT網絡安全風險的程度，以應對幾種潛在威脅。“人為錯誤”是風險最高區域，其次是“民族國家”、“數字化轉型”、“遠程工作”、“犯罪活動”和“內部惡意行為者”。

Other survey highlights include:

• Only 12% of respondents indicated OT cybersecurity risk is low
• 37% have experienced an OT cybersecurity incident in the last year or do not know if they have
• 85% reported an inadequate OT asset inventory
• 38% are taking an ad hoc or reactive approach to OT vulnerability management
• Only 27% are taking a proactive approach to OT vulnerability management based on business risk

其他調查要點包括：

• 只有12％的受訪者表示OT網絡安全風險較低
• 37％的人在去年經歷過OT網絡安全事件或不知道他們是否經歷過
• 85％的受訪者表示OT資產庫存不足
• 38％的受訪者采用臨時或被動式方法來管理OT漏洞
• 只有27％的企業根據業務風險采取積極的OT漏洞管理方法

“The need to reduce OT cybersecurity risk is more important than ever with inadvertent human error representing the greatest threat according to our survey respondents followed by adversarial nation states, expanding digitalization and an increasingly remote workforce,” said Eddie Habibi, CEO and founder of PAS. “Organizations such as the Cybersecurity and Infrastructure Security Agency (CISA) in the United States Government continue to raise awareness of the threat, however, our survey demonstrates there is still a long way to go.”

“降低OT網絡安全風險的需求比以往任何時候都更為迫切，因為根據我們的調查，受訪者無意中的人為錯誤是最大的威脅，其次是敵對的民族國家、不斷擴大的數字化和不斷增加的遠程勞動力，” PAS首席執行官兼創始人Eddie Habibi表示。“美國政府的網絡安全和基礎設施安全局（CISA）等組織繼續提高對這一威脅的認識，但我們的調查表明，仍有很長的路要走。”

“With only 12% of respondents indicating the OT cybersecurity risk to their organization is low, it is surprising to see just 15% say they are highly prepared for an OT cyber attack,” Habibi continued. “Additionally, 16% of respondents said they had experienced an OT cyber incident in the last year, which indicates such attacks are not isolated cases any longer. We should be just as concerned, however, that 21% of the respondents were unsure whether their organization had experienced an OT cybersecurity attack in the last year.”

Habibi繼續說道:“只有12%的受訪者表示他們組織面臨的OT網絡安全風險較低，令人驚訝的是，只有15%的受訪者表示他們對OT網絡攻擊做好了充分準備。此外，16%的受訪者表示，他們在過去一年中經歷過一次OT網絡事件，這表明此類攻擊不再是孤立的案例。但我們應該同樣擔心的是，有21％的受訪者不確定他們的組織在去年是否遭受過OT網絡安全攻擊。”

“It is a foundational best practice in OT cybersecurity to have a detailed and accurate asset inventory,” said Mark Carrigan, Chief Operating Officer of PAS. “However, 85% of our survey respondents reported having an inadequate inventory. While the industry has made strides over the last few years, it is clear much more work needs to be done.”

“擁有詳細準確的資產清單是OT網絡安全的基礎最佳實踐，”PAS首席運營官Mark Carrigan表示。“但是，我們調查的受訪者中有85％的人報告庫存不足。盡管該行業在過去幾年中取得了長足進步，但顯然還有很多工作要做。”

“Trying to reduce OT cybersecurity risk without a solid OT asset inventory is like attempting to build a house without a solid foundation,” Carrigan added. “As such, it is not surprising that 38% of respondents indicate their organization is taking only an ad hoc or reactive approach to OT vulnerability management with just 27% taking a proactive approach based on business risk.”

Carrigan補充說：“在沒有堅實的OT資產庫存的情況下，嘗試降低OT的網絡安全風險 就像在沒有堅實的基礎的情況下蓋房一樣。” “因此，不足為奇的是，有38％的受訪者表示他們的組織對OT漏洞管理僅是采用臨時或被動的方法，只有27％的受訪者根據業務風險采用了積極主動的方法。”