亞洲公司的網路安全世界最差

BBC News – Many Asian organisations are badly defended against cyber-attacks, a year-long investigation by US security company Mandiant indicates.

BBC新聞 – 許多亞洲組織在防範網路攻擊上應對不善，美國網路安全公司曼迪昂特一年來的調查表明。

The median time between a breach and its discovery was 520 days, it says. That is three times the global average.

從網路被攻破到被發現的時間中值是520天，曼迪昂特說。這是全球平均值的3倍。

Asia was also 80% more likely to be targeted by hackers than other parts of the world. An average of 3.7GB in data had been stolen in each attack, which could be tens of thousands of documents.

亞洲成為黑客攻擊目標的可能性比世界其他地區多了80%。每次攻擊中平均有3.7GB的資料被盜，這可能是數以萬計的檔案。

However, the bulk of the incidents were not made public because the region lacks breach disclosure laws.

然而，大部分事件並未公之於眾，因為亞洲地區缺乏網路侵入事件披露的法律。

Grady Summers, the chief technology officer of Mandiant's parent company, FireEye, said the findings were "very concerning". "We knew responses to cyber-incidents here in Asia often lag those elsewhere, but we didn't know it was by this much."

曼迪昂特母公司火眼的首席技術官薩默斯說，調查結果“令人憂心忡忡”。“我們知道亞洲這兒對網路事故的應對經常滯後於其它地方，但我們不知道滯後了這麼多。”

As part of the study, Mandiant hacked into one organisation's network with its permission to see how vulnerable it was. "Within three days we had the keys to the kingdom," Mr Summers said. "If an expert group of hackers can do the same in three days, imagine what can they do in 520 days."

作為調查的一部分，曼迪昂特經過某組織的允許，侵入其網路，以看看它有多麼易受攻擊。“3天內我們就得到了這個王國的金鑰。”薩默斯說。“如果一個黑客專家團隊能在3天內做同樣的事，試想在520天裡他們能做什麼吧。”

Mandiant has published a global security report for the past six years, but this is the first time it has focused on Asia. The report is based on the company's investigations last year, each of which analyzed an average of 22,000 machines.

曼迪昂特釋出過一份過去6年的全球網路安全報告，但這回是首次重點關注亞洲。此次報告以公司去年的調查為基礎，每次調查分析了平均2.2萬臺電腦。

Leaving breaches undiscovered or unreported for too long can ultimately compromise a country's economic competitiveness or national security, Mandiant warns.

曼迪昂特警告說，長時間不去發現或不去報告網路入侵，最終可危及國家的經濟競爭力或國家安全。

Hackers could take over key infrastructure such as power stations, which happened in the Ukraine, and potentially even transport systems in so-called smart cities. On a consumer level, personal information can be used for fraudulent purposes.

黑客可能接管發電站等關鍵基礎設施 烏克蘭就發生了這樣的事，甚或可能接管所謂的智慧城市的交通系統。在消費者層面，個人資訊可被用於欺詐目的。

More than 500 million digital identities were stolen or exposed last year, an earlier report by security company Symantec suggests.

早前安全公司賽門鐵克的報告表明，去年有超過5億的數字身份被盜或暴露。

Asian organisations were ill-equipped to defend their networks from attackers because "they frequently lack basic response processes and plans, threat intelligence, technology and expertise", Mr Summers said.

亞洲組織裝置不良，無法保護自己的網路免遭攻擊，因為“他們常常缺乏基本的應對流程和計劃，安全威脅情報，技術和專門知識。”薩默斯說。