2024全球企业资产安全现状报告：超过半数物理设备缺乏可见性（英文版）

Investment Rating - The report does not explicitly provide an investment rating for the cybersecurity industry Core Insights - The cybersecurity industry is experiencing significant changes due to the convergence of operational technology (OT) and information technology (IT), leading to an expanded attack surface and increased vulnerabilities [8][22][24] - Vulnerabilities are being exploited at an unprecedented pace, with organizations struggling to keep up with patch management and security measures [8][9][19] - The report emphasizes the importance of Cyber Asset Attack Surface Management (CAASM) as a foundational component of modern security practices [12][13] Chapter Summaries Chapter 1: Introduction - The introduction highlights the dynamic nature of the cybersecurity landscape, where new threats emerge continuously, and existing threats evolve [5][6] - The report aims to provide insights into the changing security landscape and recommendations for organizations to adapt [6] Chapter 2: OT & Cloud Impacts on Attack Surfaces - The merging of OT and IT networks has created new vulnerabilities, making previously isolated systems more accessible to attackers [22][24] - The report notes that over 7% of industrial control systems (ICS) are directly exposed to the public Internet, increasing the risk of cyberattacks [25] - The complexity of cloud migrations often leads to increased asset exposure and connectivity challenges between on-premises and cloud environments [38][39] Chapter 3: Unusual Assets Are Risky Assets - The concept of "outlier scores" is introduced to identify assets that differ significantly from their peers, indicating potential risks [44][48] - The report finds a strong correlation between outlier scores and asset risk, suggesting that unusual devices may pose greater security threats [51] Chapter 4: Some Old Enemies - End-of-life (EOL) systems remain prevalent in organizations, posing significant security risks as they no longer receive updates or patches [55][56] - The report emphasizes that outdated systems can still be exploited, highlighting the need for organizations to address these vulnerabilities [57][66]