全球针对制造商的网络攻击增加，但不到一半企业在安全方面做好了准备

Cyber Attacks on Manufacturers Up Globally, But Less Than Half Prepared in Security
全球针对制造商的网络攻击增加，但不到一半企业在安全方面做好了准备

A global study by Omdia has found that 80% of manufacturing firms experienced a significant increase in overall security incidents or breaches last year, but only 45% are adequately prepared in their cyber security. 

Omdia的一项全球研究发现，去年80%的制造企业的整体安全事件或违规行为显著增加，但只有45%的企业在网络安全方面做好了充分准备。

Omdia surveyed over 500 technology executives worldwide on the convergence of Information Technology (IT) and Operational Technology (OT)–or physical systems–in their core operations, and how they managed cyber security challenges. The report for the study was produced in partnership with Telstra International, the global arm of leading telecommunications and technology company Telstra.

Omdia调查了全球500多名技术高管，了解信息技术（IT）和运营技术（OT）或物理系统在其核心运营中的融合，以及他们如何应对网络安全挑战。该研究报告与Telstra International合作编写，Telstra International是领先的电信和技术公司Telstra的全球部门。

The heightened risk of cyber attacks comes as manufacturers move to leverage IT such as cloud, AI, and Internet of Things (IoT) as part of their digital transformation–a process defined as Industry 4.0. While the convergence of IT with traditional OT can increase scale, resilience and efficiency in operations, it also increases the attack surface for cyber threats. Critical industries are increasingly lucrative targets for cyber exploitation including ransomware.

随着制造商开始利用云、AI和物联网（IoT）等IT作为其数字化转型的一部分，这一过程被定义为工业4.0，网络攻击的风险也随之增加。虽然IT与传统OT的融合可以提高运营规模、弹性和效率，但它也增加了网络威胁的攻击面。关键行业越来越成为网络利用（包括勒索软件）有利可图的目标。

Manufacturers affected by a cyber attack reported a resilience or availability issue that cost individual firms between US$200,000 and US$2 million, taking the biggest hit when incidents affected enterprise and corporate systems or production control.

受网络攻击影响的制造商报告称，弹性或可用性问题给单个公司造成了20万至200万美元的损失，当事件影响企业和企业系统或生产控制时，受到的打击最大。

Geraldine Kor, Telstra International’s Head of Global Enterprise Business, said: “Greater connectivity between IT and OT is necessary to harness advanced technology for manufacturing innovation, but it increases the risks of a breach. However, very few firms are mature in protecting and defending against such cyber risks.“

Telstra International全球企业业务主管Geraldine Kor表示：“要利用先进技术进行制造创新，必须加强 IT 和 OT 之间的连接，但它会增加泄露的风险。然而，很少有公司在保护和防御此类网络风险方面成熟。”

“Our study also uncovered a fragmented approach to security responsibility, which can leave manufacturing businesses without a clear direction. This responsibility must be clear and integrated so that one group or person will have the authority to act on security challenges for mission-critical systems.  It is equally important to have the right people and security-focused culture as their absence will hinder security posture readiness, compounding technical challenges.”

“我们的研究还揭示了一种分散的安全责任方法，这可能会使制造企业没有明确的方向。此责任必须明确且集成，以便一个组或个人有权对任务关键型系统的安全挑战采取行动。 拥有合适的人员和注重安全的文化同样重要，因为他们的缺席将阻碍安全态势的准备，从而加剧技术挑战。”

Ganesh Narayanan, Telstra International’s hlobal head of Cyber Security, noted that the manufacturing and other industrial sectors historically relied on air gapping for security, where OT systems are typically segregated from corporate IT systems to protect against external threats. However, this approach is no longer sustainable with increasing IT-OT convergence, which expands the threat surface significantly.

Telstra International网络安全主管Ganesh Narayanan指出，制造业和其他工业部门历来依赖空气间隙来实现安全，其中OT系统通常与企业IT系统隔离，以抵御外部威胁。但是，随着IT-OT融合的提高，这种方法不再可持续，这大大扩大了威胁面。

He said: “IT and OT integration create enormous value for organisations across industries, although organisations must address risks to unlock its potential. Organisations should prioritise IT/OT and IoT security across six core areas: Collaboration and planning, defining a strategy, bolstering technical expertise, assign responsibility and accountability, leveraging the right tools, and expedite readiness with standards.”

他说：“IT和OT集成为各行各业的组织创造了巨大的价值，尽管组织必须解决风险以释放其潜力。组织应在六个核心领域优先考虑IT/OT和IoT安全：协作和规划、定义策略、加强技术专业知识、分配责任和问责制、利用正确的工具以及加快标准准备工作。”

Adam Etherington, Senior Principal Analyst at Omdia, said: “Our study illuminates critical attack vectors and lessons learned, and provides timely advice for any executive responsible for IT and OT.

Omdia高级首席分析师Adam Etherington表示：“我们的研究阐明了关键的攻击向量和经验教训，并为任何负责 IT 和 OT 的高管提供了及时的建议。

“More pervasive connectivity between IT and OT is essential across greenfield and brownfield manufacturing system design and enhancements. Step change improvements to innovation, availability, safety and security require firms to harness cloud, IoT, AI and private networks, with IT/OT convergence bringing these technologies to life.

“在绿地和棕地制造系统设计和增强中，IT和OT之间更普遍的连接至关重要。创新、可用性、安全和安全性的重大改进要求公司利用云、物联网、人工智能和专用网络，而IT/OT融合使这些技术栩栩如生。

“However, most firms have been hit with expensive outages and security incidents while traditional security controls, policies and culture struggle to keep pace. Given the magnitude of downtime costs from any breach or network incident that impacted operations, it’s important to better understand the causes for proactive remediation.”

“然而，大多数公司都遭受了代价高昂的中断和安全事件的打击，而传统的安全控制、政策和文化难以跟上步伐。鉴于影响运营的任何漏洞或网络事件造成的停机成本之大，更好地了解主动补救的原因非常重要。”