In the current months, COVID-19 has presented us with a number of rather unusual challenges and changes, and the most common one being employees being requested to work remotely where possible. How does this impact us and businesses in general? The protection of our employees working remotely is quintessential to the protection of our data, our systems and our business. But have the correct measures been put in place to ensure the protection of both your employees and your business?
The role of ISP’s
An ISP or Internet Service Provider, as further defined by TechTarget (https://searchwindevelopment.techtarget.com/definition/ISP), continue to be questioned about their role in cybersecurity. What role should Internet service providers (ISPs) take in cybersecurity, should they proactively protect their customers with upstream security controls and filters or are customers responsible for their own security?
But it has been deemed acceptable that ISPs can offer optional security services, but ultimately should leave it to their customers to decide whether to protect themselves or not. The one thing all ISPs should ensure though is that they block IP address spoofing (https://www.darkreading.com/endpoint/what-role-should-isps-play-in-cybersecurity/a/d-id/1328716). But for the rest of it, it is up to the owner to ensure they take the necessary precautions because ISP’s are a soft target for cybercriminals and an easy route in for an attack, on either a home or work device.
What makes ISP’s an easy-route in?
- ISP’s run huge infrastructures, with thousands of interconnected devices providing connectivity, routing and other requirements. Each of these devices could be vulnerable, at any given time, to a myriad of attack vectors. These are often attacked, and unmonitored, and therefore the attacks are not seen and successful at a large scale.
- ISP’s are targets as they see all traffic, as the connectivity traffic flows through their equipment, and the related internet-peer exchanges to serve connections and requests. So it is recommended that all traffic should be encrypted to prevent any data exposure.
- ISP’s use BGP (Border Gateway Protocol) to route internet traffic to different peers and addresses. BGP leaks and hijacking takes place EVERYDAY because the BGP protocol wasn’t built with longevity or with long-term security in mind. For example, BGP works by advertising addresses or routes that say “Address XYZ lives on my network” resulting in ISP’s taking those adverts and routing traffic for that address to that BGP segment. Which means that an attacker can state that google.com (for example) lives in Russia, build a web server to act as, or relay traffic to google.com and record all interaction between the ISP’s clients which believe that google.com lives there. This can include highly sensitive data such as usernames and passwords. The latest BGP releases can include BGP security to prevent this, however ISP’s need to specifically implement it and many ISP’s have sadly not done so yet.
Cloudfare states (https://blog.cloudflare.com/is-bgp-safe-yet-rpki-routing-security-initiative/): “The Internet is too vital to allow this known problem to continue any longer. It’s time that networks prevent leaks and hijacks from having any impact. It’s time to make BGP safe. No more excuses.”
But the rest is on you
So what is the required protection you need to keep your employees and ISP’s from being a soft target? Start by first understanding the current threat landscape, scope your vulnerabilities and threats thereof and then invest in a Cyber Security partner to cover all avenues of potential breaches through the combined efforts of key Information Security principles and the deployment of a rapid detection and response plan.
As most cybersecurity firms base their defenses on the assumption that all attacks will occur from an endpoint or human vulnerability, ACDS’s Intercept product knows that sophisticated cybercriminals can enter your network through other avenues linked directly to your perimeter or different network components, skipping endpoints altogether. Intercept covers all aspects of your endpoint, perimeter and network through a variety of tools to detect and defeat any unauthorized entry with speed and accuracy, to not only detect but protect.
With the combination of a solid detection and response plan and a professional team of engineers and analysts who have gone through a rigorous programme to analyze, understand and recognize patterns presented by cybercriminals, you will be equipped to be less of a target for an attack than your closest competitor. Rather making it the responsibility of ACDS with their extensive knowledge and understanding of cyber-crime and the determination to intercept a cyber-attack before it takes place or it is too late.
ACDS offers full-service Information & Cybersecurity solutions that identifies, analyzes and detects a variety of cyber threats while helping you to better respond and recover from any unwanted intrusions in your business with real-time results. Our cybersecurity resilience services cover all avenues of potential breaches through the combined efforts of key Information & Cybersecurity principles and the deployment of ACDS’ rapid detection and response system.
www.acds.io
info@acds.email
+27 87 073 9370