The COVID-19 pandemic has imposed new challenges on everyone, and Internet service providers are trying to hold everything together. There's greater reliance on the Internet, more telework, and more bits being pumped through. To go with it, there are more threats and scams than ever.
While ISPs try to help everyone else to work remotely, their administrators need to do the same themselves whenever possible. How does an ISP face this double challenge while maintaining high security standards?
An epidemic of cybercrime
When people are down, there's a certain kind of being who sees that as an opportunity to jump on them. The FBI reports that cybercrime has quadrupled since the pandemic started. Thousands of new domains with coronavirus-related names have appeared in March and April 2020. The large majority of them are at least highly suspicious. When people are frightened and are trying to adjust to new work situations, they're especially vulnerable.
Many scams have emerged, promising tests, treatment, and equipment which range from useless to dangerous or non-existent. Email is a favorite way to deliver scam pitches. While some scams target people needing help, others go after people who want to help. Fraudulent charities and malware-loaded "educational" sites account for many of the new domains.
Businesses are dealing with broken supply chains. They may have to resort to suppliers that are less well-established and have poor cybersecurity. Their sites are often vulnerable if not already compromised.
Malware which is already known is being repackaged to take advantage of coronavirus fears. With the changes in business infrastructure, it may succeed now where it didn't the first time.
Risks from telework
A survey by the Cyber Threat Coalition says that more than half of the businesses responding have found that working from home has increased security risks. This won't surprise anyone who's worked in computer security. People's personal phones and computers usually aren't as well-protected as ones that a business maintains. The average employee doesn't know much about keeping a system secure and isn't protected by an enterprise-quality firewall.
Telework often means using mobile devices, which can be lost or stolen. Home Internet connections may use insecure channels, such as unencrypted Wi-Fi. Restricting access to on-site IP addresses is no longer an option.
Employees can't go to the computer expert in the next cubicle for advice. If they see a dubious email message, they have to rely on their own judgment.
Businesses and their off-site employees generally don't use the same ISP. That adds a link to the communication chain, creating another point of vulnerability. Telework is necessary, but it increases security risks in many ways.
The role of the ISP
Internet service providers need to keep up with increasing customer demands in these times. They have to deal with a reduced on-site presence, but they can't relax their security standards. If anything, they need to improve them. Using the best security tools lets administrators do the best job.
Maintaining an acceptable level of service as demand grows could require adding servers, switches, and routers. Administrators will have a bigger load to manage and, in many cases, they'll have to do it remotely.
Administrator security is an important part of the picture. A compromised admin account is a disaster. If the network previously relied on letting just local hardware run admin accounts, it will need a new solution. A trustworthy VPN and strong authentication are vital. Remote administrative login should always require multi-factor authentication.
Admin accounts should be used only for administrative functions. Using the same account for email, Web access, and system management introduces serious security risks.
Is the ISP using the best security tools available? It should have network monitoring, application firewalls, and other modern protection systems to keep its growing infrastructure safe. The more security can be automated, the less likely the admins are to miss anything important.
Dealing with new customers
ISPs love new customers, but it's important to make sure they're legitimate. A customer who launches a spam campaign or a malware site can quickly get the provider, with all its other customers, blacklisted. It's necessary to respect the customer's privacy, but there are ways to catch rogue customers. Scanning hosted public websites for suspicious responses and redirects will catch new rogue sites as well as infected ones belonging to legitimate customers. Excessive SMTP traffic is another sign to watch for.
Scanning reputable blacklists is a valuable technique. If a hosted website has been blacklisted, usually something is seriously wrong, whether it's the customer's fault or not. An ISP that cares about its reputation needs to quickly investigate any blacklisted sites that it hosts. It's never pleasant to suspend or terminate customers, but it's better to do that than to allow abuse.
Protecting all customers
An ISP needs to maintain a well-secured environment for all its customers. With so many new kinds of fraud and phishing, top-quality spam filtering is important. The software infrastructure needs to be kept up to date with the latest versions and patches. If a CMS is part of the hosting package, it should be the latest version and use the latest database manager, PHP language support, and all the rest.
It can make sense to offer customers optional security services at extra cost, but the price shouldn't scare them away. These services benefit the ISP as much as the customer. For instance, adding HTTPS support to a website should be easy, and it could be worth it to offer single-domain DV certificates for free.
Handling the burden in difficult times
We'd like to think that everyone is pulling together to get us through these times, but enough people are taking advantage of the hardships to make the ISP's cybersecurity job harder than ever. With less of an on-site administrative presence, service providers need to use the best tools available to them. Firewalls, filters, monitors, and software updates should be the best ones available. Customers want confidence that telework won't lead to malware and data breaches. Administrators need to make the best use of their time. A well-secured ISP infrastructure helps everyone to succeed.