More than 90% of ISPs in the UK face some form of major cybersecurity attack every month—and as a result, more than three quarters of them plan to spend more on security solutions.
According to a survey from the ISP Association, 92% are subject to cyberattacks on a daily (31%), weekly (23%) or monthly (38%) basis.
ISPs believe that they play a proactive role however, through network protection, customer support and by working with authorities to help mitigate threats. A full 92% offer free tools and assistance for customers, and 100% either have reported or would report breaches, and more than two-thirds share information with industry colleagues.
Responsibility for cybersecurity lies with the top layer of management for 93% of ISP respondents. And, more than three quarters said it had become an even more important priority in the last five years. Cybersecurity is good for business too, with 75% saying they had been asked about cybersecurity by potential customers.
That said, the respondents also said that they would like an ecosystem-based response to cyber-threats, including better law enforcement training, and the coordination of a government-backed awareness campaign (64%) rather than new regulations (18%). Government and law enforcement should also improve how they deal with reports and the coordination of cybersecurity, respondents said: While a large number of public bodies are in contact with ISPs, a third receive little or no contact.
“Cybersecurity is critical, and this survey shows how it has become an even bigger issue for ISPs,” said ISPA chair James Blessing. “The survey also reveals that industry believes government and law enforcement need to raise their game in tackling cybercrime, and need to have a clear plan on how they will be tackling offenders and raising awareness among users.”
ISPs are also concerned that intrusive powers in the Investigatory Powers Bill (aka the ‘Snooper’s Charter’) will compromise security. A vast majority, 91%, are concerned about government surveillance measures impacting on network security.
The survey also showed that law enforcement should prioritize better training (83%) and coordination with industry (83%), as well as increase funding (58%) and prosecutions (50%), and most agreed that there is inconsistency with how law enforcement deals with ISP incident reporting. Of the 83% of respondents who reported cybercrime to the police, only 20% felt reports were consistently followed up and 30% said reports received no response at all.
When asked how cybercrime could be better handled, ISPs said the police needed more funding and better training, better threat information sharing and a new education and public information campaign for end users.
In response to the survey, ISPA has made a few recommendations: Government focus should be on education, awareness and work collaboration with industry rather than resorting to legislation; government must consider the damage surveillance legislation can have on network security, such as the intrusive hacking powers within the Investigatory Powers Bill; law enforcement should prioritize better training of officers and coordination of cybersecurity; there needs to be more consistency when an ISP reports a case to law enforcement so that all reports are followed up and investigated to bring criminals to justice; and authorities must do more to reach out to the full breadth of the ISP industry, engaging them in information sharing work and consultation.
Photo © LeoWolfert