Kaspersky Report: Targeted attacks against ICS sector on the rise
卡巴斯基報告：針對工業控製係統的目標攻擊上升

January 5, 2018 – According to the Kaspersky Lab, IT Security Risks Survey, every fourth industrial company of over 900 surveyed faced a variety of cyberattacks in 2017. Of the evolving types of threats used by cybercriminals, one of the fastest growing types aimed at industrial organizations is targeted attacks, with 28 percent of those surveyed admitting they faced an attack in 2017, compared to 20 percent in 2016.

2018年1月5日——根據卡巴斯基實驗室的《信息安全風險調查》，在2017年，900餘(yu)家(jia)被(bei)調(tiao)查(zha)的(de)工(gong)業(ye)公(gong)司(si)麵(mian)臨(lin)著(zhe)各(ge)種(zhong)各(ge)樣(yang)的(de)網(wang)絡(luo)攻(gong)擊(ji)。網(wang)絡(luo)罪(zui)犯(fan)所(suo)使(shi)用(yong)的(de)威(wei)脅(xie)不(bu)斷(duan)演(yan)變(bian)，其(qi)中(zhong)一(yi)個(ge)針(zhen)對(dui)工(gong)業(ye)組(zu)織(zhi)的(de)增(zeng)長(chang)最(zui)快(kuai)類(lei)型(xing)是(shi)有(you)針(zhen)對(dui)性(xing)的(de)攻(gong)擊(ji)，28%的被調查者承認他們在2017年遭遇襲擊，而2016年這一比例隻有20%。    

The survey also revealed that 48 percent of industrial businesses have insufficient insight into the threats specifically faced by their business. With a lack of network visibility, 87 percent of industrial companies responded affirmatively when asked if any of the informational technology/operational technology (IT/OT) security events they experienced over the previous year were complex. Given there is an unclear understanding of the threats they are facing, it’s no surprise that industrial organizations spend on average of several days (34%) to several weeks (20%) detecting a cyberattack.

該調查還顯示
，48%的工業企業對其業務所麵臨的威脅沒有足夠的洞察力。由於缺乏網絡可視性


，當被問及他們在過去一年所經曆的信息技術/運營技術（IT/OT）安全事件是否複雜時，87%的工業企業做了肯定回答。鑒於人們對他們所麵臨的威脅了解不多
，工業組織平均花費數天（34%）到數周（20%）來檢測網絡攻擊就不足為奇了。

Although industrial organizations lack insight and have difficultly identifying cyberattacks in their networks, they are fully aware of the need for high-quality protection against cyberthreats. In fact, 62 percent of employees at industrial companies firmly believe it’s necessary to use more sophisticated IT security software. However, software alone is not enough: almost half (49%) of industrial company respondents blame staff for not properly following IT security policies, which is 6 percent more than respondents surveyed that belong to other sectors.

盡(jin)管(guan)工(gong)業(ye)組(zu)織(zhi)缺(que)乏(fa)洞(dong)察(cha)力(li)，在(zai)他(ta)們(men)的(de)網(wang)絡(luo)中(zhong)難(nan)以(yi)識(shi)別(bie)網(wang)絡(luo)攻(gong)擊(ji)，但(dan)他(ta)們(men)充(chong)分(fen)意(yi)識(shi)到(dao)需(xu)要(yao)高(gao)質(zhi)量(liang)的(de)保(bao)護(hu)來(lai)抵(di)禦(yu)網(wang)絡(luo)威(wei)脅(xie)。事(shi)實(shi)上(shang)，工(gong)業(ye)企(qi)業(ye)62%的員工堅信有必要使用更複雜的IT安全軟件。不過，僅靠軟件是不夠的：近一半（49%）的受訪工業企業指責員工沒有正確遵守IT安全政策，這一比例比其他行業的受訪者高出6%。

“Cyberattacks on industrial control systems have become the indisputable number-one concern,” said Andrey Suvorov, head of critical infrastructure protection business development at Kaspersky Lab. “The good news is that the majority of industrial market players know which threats are coming to the forefront today and will be relevant in the near future. With this knowledge in mind, it’s critically important to implement a flexible, complex security solution that is designed to protect automated industrial environments and is configured in accordance with the technological processes of each organization.”

“網絡攻擊在工業控製係統已成為無可爭議的頭號問題，”卡巴斯基實驗室關鍵基礎設施保護業務發展主管Andrey Suvorov
，“好消息是，絕大多數的工業市場參與者知道哪些威脅今天備受關注，並在不久的將來牽涉其身。考慮到這些認知，實現一個靈活的、複雜的安全解決方案至關重要，該解決方案旨在保護自動化的工業環境，並按照每個組織的技術流程進行配置。”

Due to the steady increase in complexity and number of attacks on the industrial market, the consequences of industrial organizations ignoring cybersecurity threats in 2018 could be disastrous. Cybersecurity awareness training is a must when it comes to cybersecurity in industrial organizations, given that all employees – from the administration side to the factory floor – play a key role in the safety of an enterprise and maintaining operational continuity.

由於工業市場的複雜性和攻擊次數不斷增加
，工業組織在2018年忽視網絡安全威脅的後果可能是災難性的。在工業組織中
，網絡安全意識培訓是必須的
，因為所有的員工——從行政部門到工廠——都在企業的安全和保持運營的連續性中扮演著關鍵的角色。

The Kaspersky Lab survey findings further confirm the predictions of Kaspersky ICS CERT experts about the emergence of specific malware that will target vulnerabilities in industrial automation components this year.

卡ka巴ba斯si基ji實shi驗yan室shi的de調tiao查zha結jie果guo進jin一yi步bu證zheng實shi了le卡ka巴ba斯si基ji工gong控kong係xi統tong網wang絡luo應ying急ji響xiang應ying小xiao組zu專zhuan家jia的de預yu測ce，今jin年nian將jiang出chu現xian針zhen對dui工gong業ye自zi動dong化hua組zu件jian漏lou洞dong的de特te定ding惡e意yi軟ruan件jian。