Edition: International | Greek
MENU

Home » Analyses

4 things ISPs can do to reduce the impact of cybercrime

The role of internet service providers (ISP) in protecting critical national infrastructure cannot be ignored

By: EBR - Posted: Thursday, January 23, 2020

Every day, an average of 8,497 stc customers’ machines are actively infected by malware and an average of 13,000,000 requests for access to risky domains are initiated.
Every day, an average of 8,497 stc customers’ machines are actively infected by malware and an average of 13,000,000 requests for access to risky domains are initiated.

by Amy Jordan and Arwa Alhamad* 

-ISPs are in a unique position on the frontline of cybercrime.
-A group of telecom companies has developed a set of principles for ISPs.
-These set out how ISPs can reduce the global impact of cybercrime.
-The role of internet service providers (ISP) in protecting critical national infrastructure cannot be ignored. As Saudi Telecom Company (stc) Group’s CEO Nasser

Sulaiman Al Nasser stated during a recent cybersecurity conference: “Cyber-risk is a business issue. It is not the responsibility of one department. The safest businesses are the ones where everyone is aware, knowledgeable and vigilant.”

Every day, an average of 8,497 stc customers’ machines are actively infected by malware and an average of 13,000,000 requests for access to risky domains are initiated. All ISPs play a unique role in global online ecosystems - and in their privileged position as carriers of internet traffic, often have the ability to stop criminal behaviour at the source. They can also work with their customers and their significant supply chains in order to drive the adoption of good practice.

A group of global telecoms companies has been working with the World Economic Forum on an initiative which seeks to address cybercrime at its root and to protect consumers from high-volume online threats. Stc is delighted to have had the opportunity to collaborate on this initiative and in the development of the Principles for Internet Service Providers, which is being launched at this year’s World Economic Forum Annual Meeting in Davos.

The principles we have developed seek to address some of the most indiscriminate high-volume crimes, such as phishing e-mails, distributed denial of service (DDoS) attacks and the distribution of malware across unsuspecting users’ devices. The impact of these attacks is potentially significant. Phishing, smishing and social engineering attacks are now experienced by 85% of organizations, while stc Group comes under DDoS attack on average 70 times a day.

The principles set out four key ways in which telecoms operators can have an impact on reducing the impact of global cybercrime:

1) ISPs can make an impact by protecting their customers by default from known attacks and by collaborating with peers. This means that when ISPs see their networks being used to perpetrate criminal activity, they should act decisively to prevent the consequences from reaching their customers. The working group that developed the principles also recognized the importance of collaboration in defending against attacks. Sharing information about known threats can help stop criminals in their tracks and interrupt attempted attacks more swiftly.

2) ISPs have a role in raising awareness and improving understanding of how to respond to attacks, both across their customer bases and more broadly. Participants in the initiative highlighted many ways in which their companies and other bodies help to raise awareness and build skills. For its part, stc offers various measures to help customers protect themselves from online threats, from live monitoring centres to e-mail security tools.

3) ISPs have a role to play in driving good behaviours through their supply chains - in particular with vendors who provide hardware to consumers, which can often be an easy route through which to conduct an attack. Telecommunications infrastructure must also be shored up in order to avoid being compromised. Stc, like the other operators involved in this work, has a robust supply-chain management process to ensure each third-party supplier goes through strict security-related scrutiny, adheres to their cybersecurity requirements and undergoes cybersecurity audits.

4) The principles also identify more technical ways in which ISPs can help to prevent attacks that seek to undermine the very nature of internet protocols and the routing of online traffic. For this purpose, stc has adopted machine-learning methods to allow the real-time detection and prevention of fraudulent attempts against customers; the potential losses from fraud carried out on services provided by telecom and ISPs have been valued at $32.7 billion annually.

Through the development of these principles we aim to raise awareness of the important active role that ISPs play in making life harder for cybercriminals and in securing global online ecosystems. We hope these principles will serve to generate a dialogue between service providers and governments on how the principles can be adopted in a transparent and consistent way around the world.

Currently the incentives for ISPs to act are not always aligned with financial and regulatory drivers. Ultimately, we seek to generate a debate at the most senior levels around how ISPs can activate their privileged positions to make a real difference to online security and to make life harder for cybercriminals and reducing the benefits of malicious perpetration.

At the upcoming Global Cybersecurity Forum, hosted by the Kingdom of Saudi Arabia’s National Cybersecurity Authority, and under the patronage of the Custodian of the Two Holy Mosques King Salman Bin Abdulaziz Al Saud, stc will explore some of these issues in greater detail and initiate a dialogue between providers and governments on how to secure a transparent and open internet, to protect the world from a range of easily preventable online threats.

The Global Cybersecurity Forum, which will take place in February 2020 as Saudi Arabia assumes the G20 presidency, will bring together a range of government officials, C-suite executives, international organizations and other key stakeholders drawn from expert communities and academia. Together, they will seek to highlight and elevate dialogue, actions and initiatives to create a global cybersecurity roadmap that aims to build a secure, resilient and prosperous cyber world for all.

*Lead, Cybersecurity Delivery, World Economic Forum and Cybersecurity Enablement Director, Saudi Telecom Company
**first published in: www.weforum.org

READ ALSO

EU Actually

‘Success of European project is measured by delivering on political ambitions not by the size of the budget’

N. Peter KramerBy: N. Peter Kramer

At the end of this week, 20 and 21 February, the 27 EU leaders are invited by their president, Charles Michel, for an EU Council summit in Brussels, to discuss the EU’s next long-term budget

View 04/2019 2019 Digital edition

Magazine

Current Issue

04/2019 2019

View past issues
Subscribe
Advertise
Digital edition

Europe

Commission calls for coordination before any border measures for coronavirus

Commission calls for coordination before any border measures for coronavirus

Any border restriction related to coronavirus in the EU should be based on a thorough risk assessment and scientific advice, two European Commissioners said on Monday (24 February), highlighting that it must be a proportional response and above all, one that is coordinated among different member states

Business

Getting people with disabilities into work requires data

Getting people with disabilities into work requires data

People with disabilities – estimated to be about 15% of the world population – constitute a largely untapped pool of talent in the labour market. And they face a high risk of being marginalized further as the world of work undergoes rapid transformations, including technological developments, climate change and demographic shifts

MARKET INDICES

Powered by Investing.com
All contents © Copyright EMG Strategic Consulting Ltd. 1997-2020. All Rights Reserved   |   Home Page  |   Disclaimer  |   Website by Theratron