The astounding frequency of highly publicized cybercrimes can lead one to wonder whether the early internet pioneers foresaw the problems that could arise from global connectivity. Certainly, there were some who envisioned the internet as a utopian community populated by idealists who were only interested in academic pursuits and the betterment of societies around the world. However, there were also those who had a view of the internet that was a bit more cynical. They argued for strict government control and well-defined regulations. Some nations, especially those with established totalitarian governments, did enact many laws governing the acceptable use of the internet, including the sites that their citizens could access. Most nations, however, paid little attention to the new form of communication until the mid-1990s. The theft of an estimated $10 million from Citibank by Vladimir Levin, Max Butler’s hacking spree that netted him approximately $86 million, the theft of NASA software by a 15-year-old hacker in 1999, and the infamous Melissa virus released in 1999 made it patently obvious that cybersecurity was failing to keep pace with the hackers. If anyone had any doubts that the bad guys were winning, they were dispelled during the first 15 years of the new millennium. The public began hearing about data breaches at Polo Ralph Lauren, DSW, TJX, and Sony Pictures. People learned about worms from Stuxnet, Trojan viruses from Zeus, and ransomware from LulzSec, CryptoWall, and LockerPin.
With attacks increasing, damages totaling billions of dollars annually, and no business or government agency completely safe from attack, it can be hard for many people to understand why more has not been done to keep the internet secure. It is not that companies and governments have not tried. Globally, the cybersecurity industry has grown from less than $138 billion in 2017 to more than $167 billion in 2019, according to Statista.com, and is expected to exceed $248 billion by 2023. One critical problem lies in the use of the Border Gateway Protocol adopted in the early days of the internet to route traffic and allow autonomous systems to communicate with each other. Unfortunately, security was not an important part of BGP; it was meant to be a temporary solution during the explosive growth of the internet in the 1980s. Fixing the problems with BGP at this late date would be a lot like trying to change a flat tire while a car is barreling down the interstate at 70 mph.
Historically, ISPs have had little incentive to address the issue of BGP hijacking attacks. After all, the typical ISP is founded to make a profit. Although ISPs could be more active in the war against cybercrime, cybersecurity can be expensive, especially with the scarcity of experienced, highly qualified personnel. Furthermore, securing one or two small ISPs would have little impact on such a widespread problem. These are the types of arguments that many ISPs have used in the past to justify their inactivity.
Things are beginning to change, however. One of the drivers is the increasing use of cryptocurrencies. These transactions are especially vulnerable to BGP hijacking attacks, and this could lead ISPs to rethink their priorities. Another change on the horizon for ISPs during the 2020s is the growth of initiatives to enhance sharing and cooperation between ISPs. One such initiative was announced by the World Economic Forum in January 2020. ISPs pledging their support for the initiative include Korea Telecom, Proximus, Saudi Telecom, BT, and Deutsche Telekom. Noticeably absent are some of the biggest ISPs in the United States. Although it remains to be seen how such initiatives will work out, it does appear that ISPs will be playing an ever-increasing role in the ongoing battle against cybercrime.
Abusix is committed to helping make cyberspace safer for everyone. We offer a variety of solutions for ISPs seeking to enhance their cybersecurity. Contact us today to learn more by sending an email to [email protected], or submitting the contact form below.