A new survey of British Internet Service Providers (ISPs) has revealed the extent of the cyber-attacks they face and given a fascinating insight into how they are defending themselves and their users against an ever-growing threat.
British ISPs under the cosh
The survey, which was carried out by the trade association for ISPs, the Internet Service Providers Association (ISPA), found that 88% of respondents reported that they were targeted by regular cyber-attacks, with around half of those claiming these occurred on a daily basis.
That doesn’t mean that they these attacks are successful, but it does highlight the scale of the issue ISPs have to contend with. Under such an incessant barrage of attacks, it is only a matter of time before one or two are successful.
It was, therefore, encouraging that 94% of respondents said they expected to increase spending and investment in cyber-security over the next three years. But it was a little more concerning that less than two-thirds (just 61%) rated cybersecurity as being either a high or very high priority.
The UK’s National Cyber Security Centre (NCSC) has recently published its Active Cyber Defence (ACD) strategy. The NCSC claims that over the past two years, this strategy has helped them defend the UK Government from as many as ten significant cyber-attacks every week.
The ISPA survey found that 86% of respondents were planning on implementing this strategy at their own ISP, which is also encouraging.
Who is responsible for combatting cyber-attacks?
There was an interesting split of opinions when it comes to taking responsibility for tackling cyber-attacks.
The issue of communications within the ISP and cyber-security industry is still clearly a big problem, even though it is now widely acknowledged that sharing experience of attacks is crucial in helping whole sectors secure themselves.
Around half of respondents admitted their ISP didn’t currently do this, while 40% said that better communication between different ISPs was needed. This should be basic stuff and it will be worrying to users that ISPs still don’t seem to be practising what they preach.
There was also a clear desire for greater leadership and regulation from the Government too.
As Andrew Glover, the Chair of IPSA noted in the survey, “the government should streamline the number of organizations involved in the cybersecurity landscape to minimize confusion.”
He added that “This needs to be underpinned by clear minimum standards on cybersecurity, set by government, and improved online cybercrime reporting processes.” Respondents also said that greater coordination within law enforcement was needed when cybercrimes were reported.
There have been big improvements in the way the UK Government is facing up to the challenge of cyber-crime in recent years, but there are undoubtedly still improvements to be made.
One recent positive step forward has been the publication of a new code of practice for designers and manufacturers of Internet of Things (IoT) devices.
The IoT has long been seen as vulnerable to cyber-attacks and a code of practice which requires security to be a consideration from the very start of the product design phase is long overdue.
However, it is clear from this survey, that ISPs would like to see similarly clear regulation being issued across other policy areas as well.
All of these responses will help ISPs to keep themselves safe from hackers and this is important to protect the data of their users. But, one area that was omitted from the survey altogether is how individual internet users should be protecting themselves online too.
Just over three-quarters of respondents did note that their ISP offered some form of cyber-security to their users. But the quality of this service and the level of take-up by users is not made clear and there were no other questions about how those in the ISP sector would recommend users to protect themselves online.
The simplest and most effective way they can do this is by using a VPN. When you are connected to a quality VPN provider like ExpressVPN or IPVanish, all of your internet data is encrypted and so kept safe from hackers and other prying eyes.
A VPN also helps to obfuscate your online identity which enables users to enjoy genuine online privacy too.
A VPN is not a panacea to all cyber-attacks. But most attacks on individuals are carried out by low-level hackers who will quickly look elsewhere if they encounter encrypted data.
VPNs are vital tools in the cyber-security arsenal of individual internet users these days. The ISPA survey has illustrated the level of threat there is out there these days. It is therefore little wonder that more and more people are taking the right steps to keep themselves safe.