全球針對制造商的網絡攻擊增加,但不到一半企業在安全方面做好了準備
http://m.sharifulalam.com 2025-02-26 16:04 《中華工控網》翻譯
Cyber Attacks on Manufacturers Up Globally, But Less Than Half Prepared in Security
全球針對制造商的網絡攻擊增加,但不到一半企業在安全方面做好了準備
A global study by Omdia has found that 80% of manufacturing firms experienced a significant increase in overall security incidents or breaches last year, but only 45% are adequately prepared in their cyber security.
Omdia的一項全球研究發現,去年80%的制造企業的整體安全事件或違規行為顯著增加,但只有45%的企業在網絡安全方面做好了充分準備。
Omdia surveyed over 500 technology executives worldwide on the convergence of Information Technology (IT) and Operational Technology (OT)–or physical systems–in their core operations, and how they managed cyber security challenges. The report for the study was produced in partnership with Telstra International, the global arm of leading telecommunications and technology company Telstra.
Omdia調查了全球500多名技術高管,了解信息技術(IT)和運營技術(OT)或物理系統在其核心運營中的融合,以及他們如何應對網絡安全挑戰。該研究報告與Telstra International合作編寫,Telstra International是領先的電信和技術公司Telstra的全球部門。
The heightened risk of cyber attacks comes as manufacturers move to leverage IT such as cloud, AI, and Internet of Things (IoT) as part of their digital transformation–a process defined as Industry 4.0. While the convergence of IT with traditional OT can increase scale, resilience and efficiency in operations, it also increases the attack surface for cyber threats. Critical industries are increasingly lucrative targets for cyber exploitation including ransomware.
隨著制造商開始利用云、AI和物聯網(IoT)等IT作為其數字化轉型的一部分,這一過程被定義為工業4.0,網絡攻擊的風險也隨之增加。雖然IT與傳統OT的融合可以提高運營規模、彈性和效率,但它也增加了網絡威脅的攻擊面。關鍵行業越來越成為網絡利用(包括勒索軟件)有利可圖的目標。
Manufacturers affected by a cyber attack reported a resilience or availability issue that cost individual firms between US$200,000 and US$2 million, taking the biggest hit when incidents affected enterprise and corporate systems or production control.
受網絡攻擊影響的制造商報告稱,彈性或可用性問題給單個公司造成了20萬至200萬美元的損失,當事件影響企業和企業系統或生產控制時,受到的打擊最大。
Geraldine Kor, Telstra International’s Head of Global Enterprise Business, said: “Greater connectivity between IT and OT is necessary to harness advanced technology for manufacturing innovation, but it increases the risks of a breach. However, very few firms are mature in protecting and defending against such cyber risks.“
Telstra International全球企業業務主管Geraldine Kor表示:“要利用先進技術進行制造創新,必須加強 IT 和 OT 之間的連接,但它會增加泄露的風險。然而,很少有公司在保護和防御此類網絡風險方面成熟。”
“Our study also uncovered a fragmented approach to security responsibility, which can leave manufacturing businesses without a clear direction. This responsibility must be clear and integrated so that one group or person will have the authority to act on security challenges for mission-critical systems. It is equally important to have the right people and security-focused culture as their absence will hinder security posture readiness, compounding technical challenges.”
“我們的研究還揭示了一種分散的安全責任方法,這可能會使制造企業沒有明確的方向。此責任必須明確且集成,以便一個組或個人有權對任務關鍵型系統的安全挑戰采取行動。 擁有合適的人員和注重安全的文化同樣重要,因為他們的缺席將阻礙安全態勢的準備,從而加劇技術挑戰。”
Ganesh Narayanan, Telstra International’s hlobal head of Cyber Security, noted that the manufacturing and other industrial sectors historically relied on air gapping for security, where OT systems are typically segregated from corporate IT systems to protect against external threats. However, this approach is no longer sustainable with increasing IT-OT convergence, which expands the threat surface significantly.
Telstra International網絡安全主管Ganesh Narayanan指出,制造業和其他工業部門歷來依賴空氣間隙來實現安全,其中OT系統通常與企業IT系統隔離,以抵御外部威脅。但是,隨著IT-OT融合的提高,這種方法不再可持續,這大大擴大了威脅面。
He said: “IT and OT integration create enormous value for organisations across industries, although organisations must address risks to unlock its potential. Organisations should prioritise IT/OT and IoT security across six core areas: Collaboration and planning, defining a strategy, bolstering technical expertise, assign responsibility and accountability, leveraging the right tools, and expedite readiness with standards.”
他說:“IT和OT集成為各行各業的組織創造了巨大的價值,盡管組織必須解決風險以釋放其潛力。組織應在六個核心領域優先考慮IT/OT和IoT安全:協作和規劃、定義策略、加強技術專業知識、分配責任和問責制、利用正確的工具以及加快標準準備工作。”
Adam Etherington, Senior Principal Analyst at Omdia, said: “Our study illuminates critical attack vectors and lessons learned, and provides timely advice for any executive responsible for IT and OT.
Omdia高級首席分析師Adam Etherington表示:“我們的研究闡明了關鍵的攻擊向量和經驗教訓,并為任何負責 IT 和 OT 的高管提供了及時的建議。
“More pervasive connectivity between IT and OT is essential across greenfield and brownfield manufacturing system design and enhancements. Step change improvements to innovation, availability, safety and security require firms to harness cloud, IoT, AI and private networks, with IT/OT convergence bringing these technologies to life.
“在綠地和棕地制造系統設計和增強中,IT和OT之間更普遍的連接至關重要。創新、可用性、安全和安全性的重大改進要求公司利用云、物聯網、人工智能和專用網絡,而IT/OT融合使這些技術栩栩如生。
“However, most firms have been hit with expensive outages and security incidents while traditional security controls, policies and culture struggle to keep pace. Given the magnitude of downtime costs from any breach or network incident that impacted operations, it’s important to better understand the causes for proactive remediation.”
“然而,大多數公司都遭受了代價高昂的中斷和安全事件的打擊,而傳統的安全控制、政策和文化難以跟上步伐。鑒于影響運營的任何漏洞或網絡事件造成的停機成本之大,更好地了解主動補救的原因非常重要。”
相關新聞
編輯精選
