There's been much debate over the last several years in the security field about what role internet service providers (ISPs) should play in cybersecurity. Should customers be responsible for their own security? Or should ISPs provide their subscribers with filters and upstream security controls like IP/URL blacklists, malware alerts, and more?
The position of ISPs is powerful. They are our point of entry on the internet. Because of that vital positioning, could they make a real difference in overall security?
Cyber Security Threats Users Face Daily
New threats emerge daily on the internet. They are increasing in frequency and complexity and they aren't aimed solely at larger corporations. Each day internet users and small businesses fall prey to devastating cybersecurity threats.
- Botnets. A powerful threat growing in popularity, botnets can do a lot of damage. They are viable because more people today are using internet-enabled systems. They are also using multiple devices on those systems that thieves can gain control of and compromise.
- Cryptocurrency Hijacking. While anyone can be a victim of this threat, thieves mostly target those who've expressed an interest in cryptocurrency. The threat works by infecting the computer of a victim with a virus that takes over your processors and other hardware and begins to mine for any cryptocurrency. The impact on the affected computer's performance and financial loss can be devastating.
- Distributed Denial-of-service (DDoS). In the past, online high-profile targets like online financial services or gambling had to worry about this sort of attack. Today, DDoS attacks are a major IT security concern across many industries. Attacks have advanced in frequency, scale and sophistication. These attacks overwhelm a system and its resources so they can't respond.
- Phishing. Phishing is an old method of attack but still potent. The idea is to trick you into disclosing personal information like credit card numbers, passwords, usernames, and more. The email will appear to come from a person or business you trust and they look less and less like spam. If you don't detect the threat and give them what they want, your information goes directly to the thieves. They then use it to make purchases, steal your identity, and other nefarious activities.
- Ransomware. This threat takes control of single computers and networks, completely blocking out the end-user until they pay a ransom. The returns are high for thieves because they can extort large sums of money from victims to get their systems back. It doesn't need a lot of effort either making it a favorite attack for cybercriminals. The rise of cryptocurrency and Internet of Things (IoT) devices have boosted the popularity ransomware even more.
- Viruses and Worms. These threats are older than many internet users. They are still very dangerous. Computer viruses are now deployed in everyday documents and spreadsheets and can wait until indefinitely for activation. When you open an infected file, viruses infect the computer. Worms are different, spreading throughout a computer and replicating to infect all files on the computer.
How ISPs Can Take a More Active Security Role
Many in the security field believe there is one thing ISPs should do for their subscribers and that is blocking IP address spoofing. Many ISPs are doing this. According to data gathered by the Center for Applied Internet Data Analysis (CAIDA) as much as 70% of valid IP space can't be spoofed. If that's true, many ISPs are already filtering.
There are, however, many other types of attacks that ISPs could take a more active role in mitigating.
- Botnets. When it comes to botnets, ISPs focus on individual bots and spend a lot of time and effort on prevention. ISPs have the ability to apply advanced detection measures and to trace actions. There's definitely room for improvement. Many ISPs are reluctant to share information from botnet infections because of privacy concerns.
- Cryptocurrency Hijacking. Whether it's a delay or partitioning attack, the stakes are high. ISPs have both short and long-term options to deal with these attacks. By making peer selections routing-aware, ISPs can maximize the internet paths' diversity as seen by their connections. It greatly reduces the risk that attackers will be able to intercept them all. They can also use end-to-end encryption which has proven effective against delay attacks.
- DDoS Attacks. Since ISPs function as the Internet gateways, they are actually well-positioned to cut DDoS threats close to the source. ISPs can protect their own infrastructure by launching DDoS protection at the top of the funnel. Such protection could then be offered as a security solution to customers as a managed, paid-for service. There are no losers in this scenario. The ISPs can turn a serious threat into an opportunity. Customers have a simple, affordable DDoS protection solution from their trusted provider.
- Man-in-the-Middle (MitM) Attacks. The hacker is the true man in the middle in this type of attack, inserting itself between the client and server communications. ISPs can intercede by running packet sniffers like Fiddler, HTTP Analyzer, and Wireshark on their network to catch traffic between the client and server.
- Phishing. One of the primary jobs of an ISP is to protect customers from receiving unwanted emails. Through the use of custom blocking, blacklisting, and spam filters, they can greatly cut down the number of unsolicited emails sent to their customers. The measures in place can sometimes place legitimate businesses on blacklists requiring the flagged business to contact that ISP. The systems in place are not perfect. Yet, with the right configuration, a lot of spam and dangerous phishing scams never reach customers.
ISPs are in the right position to make a huge dent in cybersecurity for all of us. What better place to protect businesses and citizens from third-party cyber threats than at the front door? With a hacker attack every 39 seconds, perhaps it's time for ISPs to take a more active role as threats grow faster and more sophisticated. With the ever-growing and shifting landscape of threats, perhaps ISPs will step up their game and offer more aggressive cyberattack response solutions to their customers.