亞洲公司的網絡安全世界最差

BBC News – Many Asian organisations are badly defended against cyber-attacks, a year-long investigation by US security company Mandiant indicates.

BBC新聞 – 許多亞洲組織在防範網絡攻擊上應對不善，美國網絡安全公司曼迪昂特一年來的調查表明。

The median time between a breach and its discovery was 520 days, it says. That is three times the global average.

從網絡被攻破到被發現的時間中值是520天，曼迪昂特說。這是全球平均值的3倍。

Asia was also 80% more likely to be targeted by hackers than other parts of the world. An average of 3.7GB in data had been stolen in each attack, which could be tens of thousands of documents.

亞洲成爲黑客攻擊目標的可能性比世界其他地區多了80%。每次攻擊中平均有3.7GB的數據被盜，這可能是數以萬計的文件。

However, the bulk of the incidents were not made public because the region lacks breach disclosure laws.

然而，大部分事件並未公之於衆，因爲亞洲地區缺乏網絡侵入事件披露的法律。

Grady Summers, the chief technology officer of Mandiant's parent company, FireEye, said the findings were "very concerning". "We knew responses to cyber-incidents here in Asia often lag those elsewhere, but we didn't know it was by this much."

曼迪昂特母公司火眼的首席技術官薩默斯說，調查結果“令人憂心忡忡”。“我們知道亞洲這兒對網絡事故的應對經常滯後於其它地方，但我們不知道滯後了這麼多。”

As part of the study, Mandiant hacked into one organisation's network with its permission to see how vulnerable it was. "Within three days we had the keys to the kingdom," Mr Summers said. "If an expert group of hackers can do the same in three days, imagine what can they do in 520 days."

作爲調查的一部分，曼迪昂特經過某組織的允許，侵入其網絡，以看看它有多麼易受攻擊。“3天內我們就得到了這個王國的密鑰。”薩默斯說。“如果一個黑客專家團隊能在3天內做同樣的事，試想在520天裏他們能做什麼吧。”

Mandiant has published a global security report for the past six years, but this is the first time it has focused on Asia. The report is based on the company's investigations last year, each of which analyzed an average of 22,000 machines.

曼迪昂特發佈過一份過去6年的全球網絡安全報告，但這回是首次重點關注亞洲。此次報告以公司去年的調查爲基礎，每次調查分析了平均2.2萬臺電腦。

Leaving breaches undiscovered or unreported for too long can ultimately compromise a country's economic competitiveness or national security, Mandiant warns.

曼迪昂特警告說，長時間不去發現或不去報告網絡入侵，最終可危及國家的經濟競爭力或國家安全。

Hackers could take over key infrastructure such as power stations, which happened in the Ukraine, and potentially even transport systems in so-called smart cities. On a consumer level, personal information can be used for fraudulent purposes.

黑客可能接管發電站等關鍵基礎設施 烏克蘭就發生了這樣的事，甚或可能接管所謂的智能城市的交通系統。在消費者層面，個人信息可被用於欺詐目的。

More than 500 million digital identities were stolen or exposed last year, an earlier report by security company Symantec suggests.

早前安全公司賽門鐵克的報告表明，去年有超過5億的數字身份被盜或暴露。

Asian organisations were ill-equipped to defend their networks from attackers because "they frequently lack basic response processes and plans, threat intelligence, technology and expertise", Mr Summers said.

亞洲組織設備不良，無法保護自己的網絡免遭攻擊，因爲“他們常常缺乏基本的應對流程和計劃，安全威脅情報，技術和專門知識。”薩默斯說。