As we recently saw with the Colonial Pipeline cyberattack, ransomware continues to grow as a threat to service providers, including broadband providers, and taking down services for a ransom is always in the news. As major companies pay ransoms to regain control of their networks more quickly, cybercriminals are encouraged to continue to attack. As such, security must not be an afterthought for ISPs.
Executives often assume their companies have proper backups to be able to recover quickly from an intrusion. But even with clean backups, restoring the network from last night’s backup often means an all-day outage, possibly much longer. Add to that, any work performed since the backup – payments, customer changes, maybe even a payroll – must be duplicated to return to normal. And if you find out you don’t have a good backup, you must obtain cryptocurrency to buy the key and hope the key works. Ransomware attacks, especially those where a ransom is paid, can have long-lasting effects even after the cyberattack is over.
Good backups are essential, but these are just one small piece of the security puzzle. More significant is to avoid becoming a victim. But as we see time and again in our network audits, ISP core networks are much less secure than management imagines. Here are a few takeaways from recent service provider network audits we’ve done:
- End-of-life equipment is still widely used even though it’s no longer receiving security patches. Vulnerabilities in this equipment, even those directly related to security such as firewalls and session border controllers, are being taken advantage of to disrupt or breach the network.
- Core routing and switching elements, as well as ISP servers, often are not behind firewalls nor have proper access control. Attempted breaches happen continuously but are not being monitored or addressed.
- Unneeded default protocols and features haven’t been disabled. What’s worse, often no one in the organization is aware of these potential vulnerabilities.
- DDoS mitigation is missing or inadequate. DDoS ransomware attacks are on the rise. Unlike restoring from a backup, DDoS mitigation can take days or even weeks to implement.
Well planned out, comprehensive security policies, especially for key infrastructure, are a must. And all employees must have a security-first mindset to recognize threats and protect the company’s network and data.
For more information on how to safeguard your company from these growing cyberattacks, including auditing your network’s current vulnerabilities, contact Dennis Wisdom at 806-866-9900.