亚洲公司的网络安全世界最差

BBC News – Many Asian organisations are badly defended against cyber-attacks, a year-long investigation by US security company Mandiant indicates.

BBC资讯 – 许多亚洲组织在防范网络攻击上应对不善，美国网络安全公司曼迪昂特一年来的调查表明。

The median time between a breach and its discovery was 520 days, it says. That is three times the global average.

从网络被攻破到被发现的时间中值是520天，曼迪昂特说。这是全球平均值的3倍。

Asia was also 80% more likely to be targeted by hackers than other parts of the world. An average of 3.7GB in data had been stolen in each attack, which could be tens of thousands of documents.

亚洲成为黑客攻击目标的可能性比世界其他地区多了80%。每次攻击中平均有3.7GB的数据被盗，这可能是数以万计的文件。

However, the bulk of the incidents were not made public because the region lacks breach disclosure laws.

然而，大部分事件并未公之于众，因为亚洲地区缺乏网络侵入事件披露的法律。

Grady Summers, the chief technology officer of Mandiant's parent company, FireEye, said the findings were "very concerning". "We knew responses to cyber-incidents here in Asia often lag those elsewhere, but we didn't know it was by this much."

曼迪昂特母公司火眼的首席技术官萨默斯说，调查结果“令人忧心忡忡”。“我们知道亚洲这儿对网络事故的应对经常滞后于其它地方，但我们不知道滞后了这么多。”

As part of the study, Mandiant hacked into one organisation's network with its permission to see how vulnerable it was. "Within three days we had the keys to the kingdom," Mr Summers said. "If an expert group of hackers can do the same in three days, imagine what can they do in 520 days."

作为调查的一部分，曼迪昂特经过某组织的允许，侵入其网络，以看看它有多么易受攻击。“3天内我们就得到了这个王国的密钥。”萨默斯说。“如果一个黑客专家团队能在3天内做同样的事，试想在520天里他们能做什么吧。”

Mandiant has published a global security report for the past six years, but this is the first time it has focused on Asia. The report is based on the company's investigations last year, each of which analyzed an average of 22,000 machines.

曼迪昂特发布过一份过去6年的全球网络安全报告，但这回是首次重点关注亚洲。此次报告以公司去年的调查为基础，每次调查分析了平均2.2万台电脑。

Leaving breaches undiscovered or unreported for too long can ultimately compromise a country's economic competitiveness or national security, Mandiant warns.

曼迪昂特警告说，长时间不去发现或不去报告网络入侵，最终可危及国家的经济竞争力或国家安全。

Hackers could take over key infrastructure such as power stations, which happened in the Ukraine, and potentially even transport systems in so-called smart cities. On a consumer level, personal information can be used for fraudulent purposes.

黑客可能接管发电站等关键基础设施 乌克兰就发生了这样的事，甚或可能接管所谓的智能城市的交通系统。在消费者层面，个人信息可被用于欺诈目的。

More than 500 million digital identities were stolen or exposed last year, an earlier report by security company Symantec suggests.

早前安全公司赛门铁克的报告表明，去年有超过5亿的数字身份被盗或暴露。

Asian organisations were ill-equipped to defend their networks from attackers because "they frequently lack basic response processes and plans, threat intelligence, technology and expertise", Mr Summers said.

亚洲组织设备不良，无法保护自己的网络免遭攻击，因为“他们常常缺乏基本的应对流程和计划，安全威胁情报，技术和专门知识。”萨默斯说。