Kaspersky Report: Targeted attacks against ICS sector on the rise
卡巴斯基报告：针对工业控制系统的目标攻击上升

January 5, 2018 – According to the Kaspersky Lab, IT Security Risks Survey, every fourth industrial company of over 900 surveyed faced a variety of cyberattacks in 2017. Of the evolving types of threats used by cybercriminals, one of the fastest growing types aimed at industrial organizations is targeted attacks, with 28 percent of those surveyed admitting they faced an attack in 2017, compared to 20 percent in 2016.

2018年1月5日——根据卡巴斯基实验室的《信息安全风险调查》，在2017年，900余家被调查的工业公司面临着各种各样的网络攻击。网络罪犯所使用的威胁不断演变，其中一个针对工业组织的增长最快类型是有针对性的攻击，28%的被调查者承认他们在2017年遭遇袭击，而2016年这一比例只有20%。    

The survey also revealed that 48 percent of industrial businesses have insufficient insight into the threats specifically faced by their business. With a lack of network visibility, 87 percent of industrial companies responded affirmatively when asked if any of the informational technology/operational technology (IT/OT) security events they experienced over the previous year were complex. Given there is an unclear understanding of the threats they are facing, it’s no surprise that industrial organizations spend on average of several days (34%) to several weeks (20%) detecting a cyberattack.

该调查还显示，48%的工业企业对其业务所面临的威胁没有足够的洞察力。由于缺乏网络可视性，当被问及他们在过去一年所经历的信息技术/运营技术（IT/OT）安全事件是否复杂时，87%的工业企业做了肯定回答。鉴于人们对他们所面临的威胁了解不多，工业组织平均花费数天（34%）到数周（20%）来检测网络攻击就不足为奇了。

Although industrial organizations lack insight and have difficultly identifying cyberattacks in their networks, they are fully aware of the need for high-quality protection against cyberthreats. In fact, 62 percent of employees at industrial companies firmly believe it’s necessary to use more sophisticated IT security software. However, software alone is not enough: almost half (49%) of industrial company respondents blame staff for not properly following IT security policies, which is 6 percent more than respondents surveyed that belong to other sectors.

尽管工业组织缺乏洞察力，在他们的网络中难以识别网络攻击，但他们充分意识到需要高质量的保护来抵御网络威胁。事实上，工业企业62%的员工坚信有必要使用更复杂的IT安全软件。不过，仅靠软件是不够的：近一半（49%）的受访工业企业指责员工没有正确遵守IT安全政策，这一比例比其他行业的受访者高出6%。

“Cyberattacks on industrial control systems have become the indisputable number-one concern,” said Andrey Suvorov, head of critical infrastructure protection business development at Kaspersky Lab. “The good news is that the majority of industrial market players know which threats are coming to the forefront today and will be relevant in the near future. With this knowledge in mind, it’s critically important to implement a flexible, complex security solution that is designed to protect automated industrial environments and is configured in accordance with the technological processes of each organization.”

“网络攻击在工业控制系统已成为无可争议的头号问题，”卡巴斯基实验室关键基础设施保护业务发展主管Andrey Suvorov，“好消息是，绝大多数的工业市场参与者知道哪些威胁今天备受关注，并在不久的将来牵涉其身。考虑到这些认知，实现一个灵活的、复杂的安全解决方案至关重要，该解决方案旨在保护自动化的工业环境，并按照每个组织的技术流程进行配置。”

Due to the steady increase in complexity and number of attacks on the industrial market, the consequences of industrial organizations ignoring cybersecurity threats in 2018 could be disastrous. Cybersecurity awareness training is a must when it comes to cybersecurity in industrial organizations, given that all employees – from the administration side to the factory floor – play a key role in the safety of an enterprise and maintaining operational continuity.

由于工业市场的复杂性和攻击次数不断增加，工业组织在2018年忽视网络安全威胁的后果可能是灾难性的。在工业组织中，网络安全意识培训是必须的，因为所有的员工——从行政部门到工厂——都在企业的安全和保持运营的连续性中扮演着关键的角色。

The Kaspersky Lab survey findings further confirm the predictions of Kaspersky ICS CERT experts about the emergence of specific malware that will target vulnerabilities in industrial automation components this year.

卡巴斯基实验室的调查结果进一步证实了卡巴斯基工控系统网络应急响应小组专家的预测，今年将出现针对工业自动化组件漏洞的特定恶意软件。