Cybercrime and network abuse are on the rise. A recent Verisign study reports that Q4 2015 experienced more DDoS attacks than any quarter in recorded history. 2016 was also the year cybercrime jumped from 4th to 2nd place amongst the most-reported types of economic crimes, with nearly a third of reported losses in excess of $100 million.
Service providers are fighting network abuse and cybercrime on a daily basis, with thousands of reports landing on their abuse desk. Unfortunately, many abuse desks are struggling to keep up for a variety of reasons. Here are the top eight:
See also: The Four Different Types Of Abuse Desk Reporters
1. The hidden weak link
Security is only as strong as the weakest link, but this link can often be hidden and not immediately obvious. If your encryption key is based on a password, it can be very easy for a hacker to break it down and get in. One Time PINs (OTPs) are relatively secure, but the problem arises with how they are communicated to users. These methods of communication are often vulnerable and easily intercepted – leaving your subscriber and with them your environment open to an attack.
2. Insufficient security
87% of firms still spend the majority of their budget on their firewalls, but this isn’t enough considering the advanced tools today’s hackers have at their disposal. Application-level attacks such as SQL injection can get behind firewalls and cause significant damage. To address this type of network abuse, you need data solutions that directly target today’s real-time threats.
3. Lack of resources
As network abuse continues to escalate at an unprecedented rate, it’s almost impossible for a service provider’s network abuse team to employ the number of staff needed to deal with the sheer number of reports. Instead of empowering the network abuse team to proactively deal with high priority and complex security issues, they have to rush around putting out fires.
4. The unaware customer
It’s not the role of the service provider abuse team to police their customers’ servers. Unfortunately, end-users often aren’t knowledgeable enough – or bothered enough – to do it themselves. This year’s global economic crime survey showed that many organizations simply leave the first response to their internal IT teams, which are often ineffective. The survey showed that only 37% of respondents have a plan in place to deal with an abuse incident or security breach when it happens; 30% had no plan in place at all, and nearly 50% didn’t think a plan was necessary.
5. Lack of usability
Many security options are unusable because they generate too many logs and false positives, which block authorized traffic. They also haven’t kept pace with threat evolution and are essentially useless against today’s rapidly changing network abuse. Threats morph and change on a daily basis. If security tools don’t have learning systems that update in real-time, they leave dark corners open for hackers to exploit. On top of that as a Service Provider, you get paid to provide unrestricted access to the internet to your subscribers. Even if there are restrictive ways you can’t easily use them.
6. Lack of proactive management
Many companies don’t take advantage of internal and external network management tools that enhance security and prevent abuse. Instead, they react to network abuse as it happens. Their approach is often too compliance-based, not risk-based, with a focus on infrastructure rather than data, which is where today’s network vulnerabilities lie.
7. Lack of aggregation
To effectively deal with network abuse, abuse teams need to integrate and aggregate all their intelligence to make informed decisions. An abuse desk can receive more than 5,000 reports of the same issues from different reporters, and the aggregation of these is crucial. If they are not aggregated, the team will have to deal with each report individually. This is often a waste of time, as they might discover that only 100 compromised customers were responsible for the 5,000 abuse reports.
8. Lack of detection
Hackers are constantly revising their techniques and many are working with the support of various governments and terrorist organizations. These hackers can launch subtle attacks that last for extended periods of time and cause significant damage in loss of revenue. They are also leveraging the Internet of Things (IoT) or smart devices which are escalating at an unforeseen rate. By 2020 Gartner predicts there will be 21 billion IoT devices – and they’re being used by hackers to conduct DDoS attacks. As the sophistication of the abuse increases and the infrastructure on which it can be conducted grows, abuse teams need equally sophisticated tools and resources to stay one step ahead.
See also: Network Providers: How Abuse Handling Fits Into Your Security Concept
Overcome The Struggle Of Handling Network Abuse
Protecting networks from abuse is an on-going task for even the most vigilant abuse desk team. To help teams gain clarity and take faster action, AbuseHQ from Abusix integrates into existing infrastructures to provide the insight necessary to identify and shut down network abuse at its source. To find out more about how AbuseHQ can help abuse desks perform at their best, get in touch with a network abuse specialist today.