Cyber Security Tips for Internet Service Providers

Kristen Fiddes

Kristen Fiddes

 | 21 February 2022

Back to All Articles

Cybercrime has vastly changed in the last 20 years, and the way we protect ourselves has had to change too. These days, hackers are using increasingly sophisticated methods to access our data, and this risk is present for both customers and businesses alike. In a jarring report, it was found that malware increased 358% in 2020 and ransomware by 435%. With numbers like that, it’s no surprise that cyberattacks are the fastest growing crime in the US. So, how exactly do we protect ourselves? Customers are likely already taking the best measures they can to protect themselves, including installing antivirus software and using strong passwords, but when it comes to the data they share with businesses, they expect it to be secure.

As an Internet Service Provider, it is vital that your staff follow cybersecurity policies and procedures to best protect against cyberattacks. Even the frontline staff who may think their actions have little to do with security are important to the integrity of your data. Let’s take a look at a few ways you can ensure data protection:

Beware of Phishing

A popular method of gaining access these days is via phishing. Phishing is the act of masquerading oneself in an attempt to dupe a large number of unsuspecting victims into providing access to sensitive information; this can range from emails to pop-ups. Spear phishing is similar to phishing with the main difference being that it is cleverly designed to entice specific individuals to interact with it as it disguises itself as being from an otherwise trusted source. For example, you may receive an email that appears to be from your co-worker asking you to click a link to confirm something on their behalf. A good rule of thumb is if you didn’t initiate the communication, do not provide personal or company information.

Employ Strong Password Protection

Another basic level of protection is to employ strong, complex passwords throughout the company. This should cover everything from a document password to router credentials. And absolutely do not recycle passwords throughout your business; if a cybercriminal deciphers one password, there’s a strong chance they’ll try it again at another door in your system. Strong passwords should consist of at least 10 characters and include numbers, symbols along with a mix of capital and lowercase letters. Another level of complexity is having your password be a mix of these characters as opposed to it spelling out a specific word.

Take a Proactive Approach to DNS Attacks

Over 80% of companies in the telecommunications sector experienced a DNS attack in 2019, and of that count, 40% admitted it took them nearly a full working day to mitigate the attack. While it may be one of the more popular approaches of cyberattacks that Internet Service Providers have to contend with, it does not mean that there aren’t steps that can be taken to better avoid these scenarios from taking place, or at the very least resolving the attacks before they can do much damage. Ensuring that your main DNS server is properly configured and up to date with the latest recommendations from your provider is vital; this also includes ensuring that the installed OS is up-to-date and that the latest security patches are applied. Another proactive approach is to configure access control lists that will allow you to specify which hosts can perform specific DNS tasks, thereby limiting the possibility of external intrusions. Even something as simple as operations personnel monitoring for changes publicly associated with their DNS records and digital certificates can assist in preventing DNS attacks.

Protect Against DDoS Attacks

2020 saw a 20% increase in the number of DDoS attacks, and with the majority of DDoS attacks being directed at Internet Service Providers, it’s important that you’re prepared to combat them, or better yet prevent them from affecting you altogether. An important piece of the puzzle here is deploying real-time DDoS monitoring. For example Netflow (developed by Cisco) can monitor the traffic patterns and capture seven unique attributes which make it much easier for quick identification of the attack characteristics and entry points.

Having robust Access Control Lists (ACLs) and firewall filters will mean that they act as the first line of defense here; if a DDoS attack is directed towards a single customer, deployment of an egress ACL on the customer’s edge router can stop the attack. The struggle with this method is the scalability, as this can become very resource heavy depending on the number of attacks.

Another way to defend against attacks is to use something called black hole scrubbing. This is somewhat similar to a black hole filtering configuration, with the difference being that instead of sending attack traffic to a drop interface, traffic is instead sent out to a different physical interface. A data scrubber would reside on the alternate data path with the intent that it act as a filter to separate the attack traffic from the customer traffic.

Cybersecurity, and in turn the data protection it affords, is not just a sensible approach but a required one. The Federal Communications Commission (FCC) details specific rules regarding how Internet Service Providers protect the privacy of their customers’ personal information. These rules require that ISPs follow current industry best practices, including those that address risk management, and that high level customer authentication methods be used. The advisory committee, Communications Security, Reliability, and Interoperability Council (CSRIC), offers a detailed report with recommendations to mitigate security risks which can be found on their site. A few of their recommendations are items we’ve already touched on, though the full report provides even more in depth steps that can and should be taken.  

Sonar provides you several tools to support your need for security on your platform. From robust password requirement customization using the zxcvbn standard, strict user role management, and an application firewall to secure your instance, Sonar acts as a baseline to secure your data. For more information on how Sonar assists in keeping your data secure, check out our Security & Advantages of Sonar in the Cloud article and for a comparison of security methods read our Cloud Security vs. On-Premise: Which is right for your ISP? article.