調查顯示 亞洲企業網絡安全狀況世界範圍內最差

Many Asian organisations are badly defended against cyber-attacks, a year-long investigation by US security company Mandiant indicates.

根據美國網絡安全公司Mandiant一份長達一年的調查顯示，許多亞洲企業在抵禦黑客網絡攻擊方面表現很差。

The median time between a breach and its discovery was 520 days, its says. That is three times the global average.

這份調查顯示，從入侵發生到發現入侵，大多數亞洲企業花費的時間的520天。這一數值是全球平均水平的三倍。

Asia was also 80% more likely to be targeted by hackers than other parts of the world, the report said. An average of 3.7GB in data had been stolen in each attack, which could be tens of thousands of documents.

該報告顯示，相比於世界其他地區，亞洲被黑客當做目標的機率要高80%。在每次黑客入侵中，亞洲企業平均要損失3.7G的數據，那可能是數以萬計的文件。

padding-bottom: 58.69%;">

However, the bulk of the incidents were not made public because the region lacks breach disclosure laws.

然而，大部分類似事件都沒有被公開，因爲亞洲地區缺少違反信息披露的法律。

Grady Summers, the chief technology officer of Mandiant's parent company, FireEye, said the findings were "very concerning".

Mandiant母公司“火眼”的首席技術主管格雷迪·薩默斯指出，這些發現“令人非常擔憂”。

"We knew responses to cyber-incidents here in Asia often lag those elsewhere, but we didn't know it was by this much," he told the BBC.

格雷迪在接受BBC採訪時表示：“我們知道亞洲地區對網絡事件的反應要落後於世界其他地區，但是我們沒想到居然會落後這麼多。”

As part of the study, Mandiant hacked into one organisation's network with its permission to see how vulnerable it was.

作爲研究的一部分，Mandiant在一家機構的允許之下入侵了他們的網絡，從而展示他們的網絡是多麼的不堪一擊。

"Within three days we had the keys to the kingdom," Mr Summers said. "If an expert group of hackers can do the same in three days, imagine what can they do in 520 days."

薩默斯說道：“三天不到我們就掌握了進入網絡的鑰匙。如果一個專業的黑客團伙可以在三天做到同樣的事的話，想想看他們在520天內可以幹些什麼。”

The year-long investigation included vulnerability checks on about 22,000 machines across a variety of sectors.

在這份長達一年的調查中，Mandiant公司對不同行業共22000臺機器做了漏洞檢查。

Leaving breaches undiscovered or unreported for too long can ultimately compromise a country's economic competitiveness or national security, Mandiant warns.

Mandiant警告稱，如果沒有發現入侵或者太長時間不報告的話，最終會損害一個國家的經濟競爭力或國家安全。

Hackers could take over key infrastructure such as power stations, which happened in the Ukraine, and potentially even transport systems in so-called smart cities.

黑客們可以佔領例如發電站一類的關鍵基礎設施（烏克蘭曾經發生過這樣的事），甚至有可能佔領所謂的“智能城市”中的交通系統。

On a consumer level, personal information can be used for fraudulent purposes. More than 500 million digital identities were stolen or exposed last year, an earlier report by security company Symantec suggests.

在消費者層面上，個人信息也許會被用作欺詐目的。此前由網絡安全公司賽門鐵克發佈的一份報告顯示，去年全球有超過5億人的數字身份信息被盜或被泄露。