登录

卡巴斯基报告:半数以上的工控系统事故由员工失误造成

2019-08-23 14:29 来源:翻译

Kaspersky Report: Over half of ICS incidents caused by employee errors
卡巴斯基报告:半数以上的工控系统事故由员工失误造成

August 22, 2019 – According to a new report from Kaspersky, 52% of incidents affecting operational technology and industrial control system (OT/ICS) networks last year were caused by employee errors or unintentional actions. The report, “State of Industrial Cybersecurity 2019,”found this issue to be the result of the growing complexity of industrial infrastructures and a shortage of professionals who understand how to detect new threats as well as low awareness among existing employees.

2019年8月22日——根据卡巴斯基的一份新报告,去年影响运营技术和工控系统(OT/ICS)网络的事件中有52%是由员工错误或无意行为造成的。这份《2019年工业网络安全状况》的报告认为,这一问题是工业基础设施日益复杂、缺乏了解如何检测新威胁的专业人员以及现有员工认识不足的结果。 

According to the survey, digitalization of industrial networks and adoption of Industry 4.0 standards are a priority for many industrial companies. Four out of five organizations (81%) consider operational network digitalization to be an important or very important task for this year.

根据调查,工业网络数字化和采用工业4.0标准是许多工业公司的优先事项。五分之四的组织(81%)认为运营网络数字化是今年的一项重要或非常重要的任务。 

A majority (87%) of respondents confirmed that OT/ICS cybersecurity is becoming a top priority for industrial companies. However, to achieve the necessary level of protection, they need to invest in dedicated measures and have highly qualified professionals to make them work effectively. Despite stating it as a priority, only just over half of companies (57%) have allocated budget for industrial cybersecurity.

大多数(87%)受访者明确表示,运营技术/工控系统网络安全正成为工业企业的重中之重。
但是,为了达到必要的保护水平,他们需要投入专门的措施,并拥有高素质的专业人员,以使他们有效地工作。尽管将其作为优先事项,但只有略多于一半的公司(57%)为工业网络安全分配了预算。

In addition to budget constraints, there is also a question over skilled staff. Organizations are not only experiencing a lack of cybersecurity experts with the right skills to manage protection for industrial networks, but also are worried that their OT/ICS network operators are not fully aware of the behavior that can cause cybersecurity breaches. These challenges make up the top two major concerns relating to cybersecurity management and directly correlates as to why employee errors cause half of all ICS incidents such as malware infections and more serious targeted attacks. 

除了预算限制,还有一个关于技术人员的问题。企业不仅缺乏具备管理工业网络保护的正确技能的网络安全专家,还担心他们的运营技术/工控系统网络运营商没有充分意识到可能导致网络安全漏洞的行为。这些挑战构成了与网络安全管理相关的两大主要问题,并直接关系到为什么员工错误会导致一半的工控系统事故,比如恶意软件感染以及更严重的目标攻击。

In almost half of the companies (45%) surveyed, the employees responsible for IT infrastructure security also oversee the security of OT/ ICS networks. Although operational and corporate networks are becoming increasingly connected, OT and ICS specialists can often have different approaches (37%) and goals (18%) when it comes to cybersecurity.

在接受调查的近一半公司(45%)中,负责信息技术基础设施安全的员工也负责监督运营技术/工控系统网络的安全。尽管运营和企业网络越来越紧密地联系在一起,但在网络安全方面,运营技术和工控系统专家通常会有不同的方法(37%)和目标(18%)。 

In addition to a technical and awareness boost for industrial cybersecurity, organizations must consider specific protection for Industrial IoT which can become highly connected externally. Almost half of companies (41%) are ready to connect their OT/ICS network to the cloud using preventive maintenance or digital twins.

除了提高工业网络安全的技术和意识,这些公司还必须考虑对工业物联网的特殊保护,因为工业物联网可以与外部高度连接。几乎一半的公司(41%)准备使用预防性维护或数字孪生将其运营技术/工控系统网络连接到云。 

“As this ARC Advisory Group survey conducted on behalf of Kaspersky reflects, the growing interconnection between IIoT edge devices and cloud services continues to stand as a security challenge,” said Dr. Jesus Molina, chair, IIC Security Working Group and director of business development, Waterfall Security Solutions. “It was a major driver for the creation of the IIC Industrial Internet of Things Security Framework as well as the subsequent best practices documents and recent IoT Security Maturity Model.”

工业互联网联盟(IIC)安全工作组主席、Waterfall安全解决方案业务发展总监Jesus Molina博士表示:“正如ARC咨询公司代表卡巴斯基进行的调查所反映的那样,工业物联网边缘设备和云服务之间日益增长的互连仍然是一大安全挑战。它是创建IIC工业物联网安全框架,以及随后的最佳实践文档和最近的物联网安全成熟度模型的最主要推动力。” 

相关新闻

编辑精选