The Enterprise Strategy Group (ESG) recently surveyed 303 IT and information security professionals with awareness of or responsibility for cyber supply chain policies and processes and with overall knowledge of the state of cybersecurity at their organizations. Survey respondents were located in the United States and work for large midmarket (i.e., 500 to 999 employees) and enterprise (i.e., 1,000 or more employees) organizations that operate in critical infrastructure industries as designated by the U.S. Department of Homeland Security. This research project was intended to assess the state of cyber supply chain security and the overall cybersecurity status of organizations in critical infrastructure industries since these entities face constant cyber-attacks from a variety of adversaries including cyber-criminals, hacktivists, and nation states, so they have a bird’s eye view of the threat landscape on a daily basis. When asked to assess this threat landscape in comparison to two years ago, nearly one-third (31%) of organizations claim that the threat landscape is much worse than it was two years ago while 36% believe that the threat landscape is somewhat worse than it was two years ago (see Figure 1). While not surprising, this is discouraging, as an attack on U.S. critical infrastructure could be the “cyber Pearl Harbor” predicted by numerous politicians and pundits. |
企业战略小组(ESG)最近勘测了303它和信息安全专家以对cyber供应链政策和过程的了悟或责任和以cybersecurity状态的整体知识在他们的组织。 勘测应答者位于在重要基础设施产业经营如是由美国选定的美国并且为大midmarket (即, 500到999雇员)工作和企业(即, 1,000名或更多雇员)组织。 国土安全的部门。 这个研究计划意欲估计cyber供应链安全状态,并且组织的整体cybersecurity状况在重要基础设施产业,因为这些个体面对恒定从各种各样的敌人cyber攻击包括cyber罪犯、hacktivists和"台独",因此他们每天有威胁风景的概略的看法。 当要求估计这个威胁风景与二年比较前时,几乎三分之一(31%)组织声称威胁风景比它二年前坏,当36%相信威胁风景比它二年前有些坏时(参见图1)。 当不惊奇,这劝阻,作为对美国的一次攻击。 重要基础设施能是许多政客和专家”预言的“cyber珍珠港。 |
Security professionals’ opinions may be related to the fact that most of their organizations experienced one or several security incidents in the past 24 months. In fact, according to Figure 2, many report a wide variety of incidents including system compromises resulting from generic attacks on user systems (31%), data breaches due to lost or stolen equipment (26%), insider attacks (25%), breaches of physical security (21%), and targeted attacks (19%). The data also points to vulnerabilities in the cyber supply chain. In some cases, security incidents were related to business relationships in which several organizations open IT applications and services to one another. While these arrangements offer cost and operational benefits, they also expose each organization to threat vectors emanating from partner networks. It is also noteworthy that 16% of organizations experienced security incidents related to the purchase of counterfeit IT equipment. Clearly, this risk is still pervasive. |
安全专家’观点在过去24个月也许与大多他们的组织体验一的事实或几个安全事件有关。 实际上,根据图2,许多报告各种各样的事件包括系统妥协起因于对用户系统(31%)的普通攻击,数据突破口由于失去或被窃取的设备(26%),知情人攻击(25%),突破口物理安全(21%)和被瞄准的攻击(19%)。 数据在cyber供应链也指向弱点。 在某些情况下,安全事件与几组织对互相打开它应用和服务的营业关系有关。 当这些安排提供费用和操作的好处时,他们也暴露每个组织在发出从伙伴网络的威胁传染媒介。 它也是显著的16%组织体验了安全事件与假劣有关购买它设备。 清楚地,这种风险是弥漫的。 |
Respondents were then asked to describe the consequences of these security incidents. Not surprisingly, nearly half (47%) of organizations report that security incidents require time and personnel for remediation, but many security incidents also impact the business mission—36% said that security incidents disrupted business processes and/or critical operations, 36% pointed to disruption of a business application, 33% described lost productivity, and 32% said that security incidents led to a breach of sensitive data (see Figure 3). In critical infrastructure industries like financial services, business process disruption could translate to an ATM network going offline, while the breach of a health care organization could expose the sensitive health care records of thousands of patients. |
应答者然后请求描述这些安全事件的后果。 毫不奇怪,近一半(47%)组织报道安全事件要求时刻和人员为治疗,但许多安全事件也冲击企业使命36%说安全事件打乱了业务流程和重要操作, 36%指向商业应用的中断,说的33%被描述的失去的生产力和32%安全事件导致了敏感数据突破口(参见图3)。 在重要基础设施,而医疗保健组织的突破口可能暴露数以万计敏感医疗保健纪录患者,产业喜欢金融服务,业务流程中断可能翻译为ATM网络去离线。 |