Cybercrime prevention for Internet service providers
Roger Gomm comments on the World Economic Forum’s (WEF) new report, Cybercrime Prevention principles for internet service providers, published this January.
‘Cyberspace’ is the term used to describe the electronic medium of digital networks used to store, modify and communicate information. It includes the Internet but also other information systems that support businesses, infrastructure and services. Image: Kirill Makarov/123rf
Lying at the heart of modern society, cyberspace affects our personal lives, businesses and our essential services. A secure online environment is of paramount importance to individuals, businesses and governments. The ability to conduct online transactions securely is central to the delivery of public and commercial services and communications.
Cyber security affects both the public and the private sectors and spans a broad range of issues related to national security, whether through terrorism, crime or state and industrial espionage. E-crime, or cybercrime relating to theft, hacking or denial of service to vital systems has become a fact of life. Industrial cyber espionage, where one company makes active attacks on another through cyberspace in order to acquire high value information is also a very real risk.
Scale of the Threat
According to the report, the most common threats facing internet service providers (ISPs) and their customers are:
Social engineering fraud – this refers to the use of communications technology, generally email, to manipulate user behaviour and disclose confidential information, often for financial gain. According to the 2019 Verizon Data Breach Report, 33 per cent of data breaches in 2018 included social attacks and 32 per cent involved phishing. Phishing and social engineering attacks are now experienced by 85 per cent of organisations. The FBI estimated a loss of over one billion dollars as a result of Business Email Compromise (BEC) fraud by US businesses and individuals in 2018
The distribution and deployment of malware for various purposes, in particular to support the operation of botnets – Accenture analysis of nearly 1000 cyberattacks highlighted malware as the most frequent attack overall and, in many countries, the most expensive to resolve. One banking botnet was used to steal more than €36 million from 30,000 customers over a 90-day period. British Telecom (BT) blocks over 100 million attempted malware communications every month in order to keep its customers safe
The deployment of various techniques to undermine naming and routing protocols, largely for the purpose of conducting Denial of Service (DoS) attacks – DDos attacks can represent up to 25 per cent of a country’s total internet traffic when they are occurring. Research indicates that web-based attacks and DoS attacks are the main contributing factors to revenue loss. The average cost of downtime associated with DoS attacks in 2018 was $221,836.80 per attack
Since it was established in March 2018, the WEF Platform for Shaping the Future of Cybersecurity and Digital Trust has focused on building a platform to facilitate the development of a community of public and private sector leaders dedicated to identifying the challenges that the unprecedented evolution of technology is posing, sharing insights, building the required capabilities and shaping the global processes needed to ensure security and trust in the digital space.
The Forum is working to highlight and promote measures and policies pioneered in specific organisations or countries that have proven able to generate impact in mitigating cybersecurity risks. One community can have a systemic impact on the global landscape – that is organisations that provide and manage the networks across which communications take place. These organisations can address some of the most common cyber threats at their source to protect their consumers. Many cyberattacks occur by exploiting relatively simple weaknesses but can increasingly be detected and mitigated before they reach potential victims.
The WEF has developed this set of best practice principles for ISPs and other organisations involved in supporting or providing online communications. The aim is to make it substantially more difficult for criminals who operate online to benefit from unlawful gains at the expense of innocent members of the public.
The report proposes four key principles for implementation by ISPs to address malicious activities being carried out online which will affect a high number of consumers. Each principle is considered from the perspective of the challenges it seeks to address and proposes demonstrable evidence from service providers on the benefits of implementation.
It is recommended that ISPs adopt the following key principles:
protect consumers by default from widespread cyberattacks and act collectively with peers to identify and respond to known threats;
take action to raise awareness and understanding of threats and support consumers in protecting themselves and their networks;
work more closely with manufacturers and vendors of hardware, software and infrastructure to increase minimum levels of security; and
take action to shore up the security of routing and signalling to reinforce effective defence against attacks.
The intention is not to provide technical guidance on protecting networks or critical infrastructure from external risks – these are dealt with in numerous other fora and guidance. The ISPs that have collaborated on this set of principles, which focus on the more strategic actions, believe that they should be able to take these actions for the purpose of protecting consumers from common online crimes, thereby helping to ‘clean up’ the Internet on the whole.
The report proposes areas for further work such as considering how governments and the public sector might do more to establish appropriate policy frameworks that would provide the best incentives to ISPs to act securely. Key areas of focus for a second phase of work will include defining roles and responsibilities for securing online ecosystems while ensuring that lines of accountability are clear; ensuring that actions taken are transparent and uphold principles relating to maintaining an open internet; and work to define frameworks which incentivise adoption of best practice in a harmonised manner.
The best-practice principles are intentionally set at a high level to allow them to be easily understood by a senior, non-technical audience.
Further details on implementation are provided in the recommendations under each principle.
The full report can be viewed here
Roger Gomm, 12/02/2020