For ISP network abuse teams, network security is always a top priority and it doesn’t seem like a day goes by without the media reporting about the latest cyber-attack. What’s not reported is the grim picture painted by the cybercrime statistics.
According to Statista, companies in the United States are experiencing an annual loss of more than 525 million US dollars due to cybercrime and the majority of this stems from malicious code and denial of service attacks. Juniper Research supports the growing trend, reporting that cybercrime will be a $2.1 trillion problem by 2019.
US Laws: Battling an overwhelming problem
Despite this epic increase in cybercrime, US laws seem to be battling to keep up with the rapidly escalating level of cyber-attacks launched daily in the United States. In President Obama’s State of the Union address in January 2015, he said that new cybersecurity laws were necessary to address hacking, identity theft, and cyber warfare and that the US is not able to fully protect its citizen’s privacy online, including the private data of children.
The FBI supports this saying that “Cyber intrusions are becoming more commonplace, more dangerous and more sophisticated…our nation’s critical infrastructure, including both private and public sector networks, are targeted by adversaries”.
The reason behind the lack of adequate new laws to protect innocent users is that the legislators just hadn’t anticipated the rapid growth of these types of online attacks. Enforcing laws governing online behavior is also far more difficult than enforcing traditional laws for a number of reasons:
- Anonymity and lack of identity: In 2009 Eugene Kaspersky identified the relative anonymity of the Internet and its users as the main issue enabling cybercrime to exist. Anonymity also encourages certain individuals to engage in illegal behavior.
- Providing evidence: Digital evidence is very intangible and difficult to investigate and prosecute. Consisting of ones and zeros, digital and radio signals is the type of information that doesn’t stand up well in a court of law and can easily be manipulated. Cybercriminals also tend to set up their computers to destroy any evidence if their technology is accessed by anyone other than themselves.
- Jurisdictional problems: The US is a nation of states comprised of different laws and federal governments. The problem is that law enforcement agencies are only authorized to enforce the law within their jurisdiction and cyberattacks can easily be launched from other states. Often the attack doesn’t even originate in the US and while more and more governments are recognizing the need for countries to work together, this is still a long way away from resolution.
Do the laws have any effect?
The Computer Misuse Act has been updated at least 11 times over the past 25 years. On the 3rd of March 2015, amendments were made to create penalties of life imprisonment for unauthorized acts that cause serious damage to welfare or security and 14 years’ imprisonment for acts that cause serious damage to the economy or to the environment. Despite these harsher penalties, a new study by the Ponemon Institute shows that the cost to businesses of cybercrime continues to climb.
Time to empower your ISP’s network abuse team
With US laws battling to keep cybercrime under control, ISPs need to take their own preventative measures. As an ISP you are a prime target for a cyber attack. In a survey done by the Internet Services Providers Association, it was reported that over 90% of ISPs come under some form of attack and 85% of those surveyed said it was the responsibility of ISPs to take a “proactive role in cybersecurity”.
The only way to increase your network security and manage network abuse more effectively is by using products like AbuseHQ from Abusix. AbuseHQ provides real-time notifications whenever possible threats are detected, enabling your network abuse staff to react faster and with more confidence than ever before.