调查发现大多数工业组织对OT网络安全攻击的准备不足

New Survey Finds Most Industrial Organizations Are Inadequately Prepared for an OT Cybersecurity Attack
调查发现大多数工业组织对OT网络安全攻击的准备不足

PAS Global LLC, the OT Integrity company,announced findings from its survey of Operational Technology (OT) Cybersecurity Readiness including that 85% of respondent organizations are not highly prepared for an OT cyber attack. This finding and others will be discussed at OptICS 2020, taking place on Oct. 27 and 28 online and around the world.

OT完整性公司PAS Global LLC宣布了其对运营技术（OT）网络安全准备情况的调查结果，其中包括85％的受访组织没有为OT网络攻击做好充分准备。

Survey respondents were asked to gauge the degree of OT cybersecurity risk for several potential threats. “Human Error” topped the list as the highest risk area followed by “Nation States,” “Digital Transformation,” “Remote Work,” “Criminal Activity,” and “Internal Malicious Actors."

调查受访者被要求评估OT网络安全风险的程度，以应对几种潜在威胁。“人为错误”是风险最高区域，其次是“民族国家”、“数字化转型”、“远程工作”、“犯罪活动”和“内部恶意行为者”。

Other survey highlights include:

• Only 12% of respondents indicated OT cybersecurity risk is low
• 37% have experienced an OT cybersecurity incident in the last year or do not know if they have
• 85% reported an inadequate OT asset inventory
• 38% are taking an ad hoc or reactive approach to OT vulnerability management
• Only 27% are taking a proactive approach to OT vulnerability management based on business risk

其他调查要点包括：

• 只有12％的受访者表示OT网络安全风险较低
• 37％的人在去年经历过OT网络安全事件或不知道他们是否经历过
• 85％的受访者表示OT资产库存不足
• 38％的受访者采用临时或被动式方法来管理OT漏洞
• 只有27％的企业根据业务风险采取积极的OT漏洞管理方法

“The need to reduce OT cybersecurity risk is more important than ever with inadvertent human error representing the greatest threat according to our survey respondents followed by adversarial nation states, expanding digitalization and an increasingly remote workforce,” said Eddie Habibi, CEO and founder of PAS. “Organizations such as the Cybersecurity and Infrastructure Security Agency (CISA) in the United States Government continue to raise awareness of the threat, however, our survey demonstrates there is still a long way to go.”

“降低OT网络安全风险的需求比以往任何时候都更为迫切，因为根据我们的调查，受访者无意中的人为错误是最大的威胁，其次是敌对的民族国家、不断扩大的数字化和不断增加的远程劳动力，” PAS首席执行官兼创始人Eddie Habibi表示。“美国政府的网络安全和基础设施安全局（CISA）等组织继续提高对这一威胁的认识，但我们的调查表明，仍有很长的路要走。”

“With only 12% of respondents indicating the OT cybersecurity risk to their organization is low, it is surprising to see just 15% say they are highly prepared for an OT cyber attack,” Habibi continued. “Additionally, 16% of respondents said they had experienced an OT cyber incident in the last year, which indicates such attacks are not isolated cases any longer. We should be just as concerned, however, that 21% of the respondents were unsure whether their organization had experienced an OT cybersecurity attack in the last year.”

Habibi继续说道:“只有12%的受访者表示他们组织面临的OT网络安全风险较低，令人惊讶的是，只有15%的受访者表示他们对OT网络攻击做好了充分准备。此外，16%的受访者表示，他们在过去一年中经历过一次OT网络事件，这表明此类攻击不再是孤立的案例。但我们应该同样担心的是，有21％的受访者不确定他们的组织在去年是否遭受过OT网络安全攻击。”

“It is a foundational best practice in OT cybersecurity to have a detailed and accurate asset inventory,” said Mark Carrigan, Chief Operating Officer of PAS. “However, 85% of our survey respondents reported having an inadequate inventory. While the industry has made strides over the last few years, it is clear much more work needs to be done.”

“拥有详细准确的资产清单是OT网络安全的基础最佳实践，”PAS首席运营官Mark Carrigan表示。“但是，我们调查的受访者中有85％的人报告库存不足。尽管该行业在过去几年中取得了长足进步，但显然还有很多工作要做。”

“Trying to reduce OT cybersecurity risk without a solid OT asset inventory is like attempting to build a house without a solid foundation,” Carrigan added. “As such, it is not surprising that 38% of respondents indicate their organization is taking only an ad hoc or reactive approach to OT vulnerability management with just 27% taking a proactive approach based on business risk.”

Carrigan补充说：“在没有坚实的OT资产库存的情况下，尝试降低OT的网络安全风险 就像在没有坚实的基础的情况下盖房一样。” “因此，不足为奇的是，有38％的受访者表示他们的组织对OT漏洞管理仅是采用临时或被动的方法，只有27％的受访者根据业务风险采用了积极主动的方法。”