There’s no doubt about it, the job of ISP network abuse staff is challenging and stressful. The team is often so inundated with abuse reports that they can only deal with maybe half of them (or less) on a daily basis and often tend to be actively dealing with a backlog rather than proactively pre-empting possible threats and abuse within your network.
It doesn’t help that network abuse is escalating year-on-year as Akamai’s 2016 State of the Internet Security Report shows. There has been a 125% increase in Distributed Denial of Server (DDoS) attacks, a 26% increase in web application attacks, and 50% of Bot traffic was identified as malicious.
Dealing with the daily frustrations
Every day an ISP’s network abuse team will be faced with a list of common problems that need to be dealt with. The top five include:
1. The unexplained blocked customer IP
It’s the role of the network abuse team to eliminate spam from their network as quickly as possible – striving to reduce the amount of spam coming from customers’ making mistakes on their home computers, as well as securing business customers’ mail servers to prevent abuse.
But even when this is the case, the ISP network abuse team will have to deal with the fact that one of their servers is on an IP blacklist – for no good reason. This could be because an organization didn’t like the “server name” or because some listing on the internet does indicate something. The frustrating aspect is that your network abuse team is doing their best to stay ahead of the game, but despite this, unexplained blocks still occur.
2. The endless stream of never-ending abuse reports
Every time an abuse complaint is registered, it is sent to the abuse@ address and usually populated into the ticketing system queue. The problem with this linear type of ticketing system is that your IP network abuse team might be dealing with minor cases of abuse on ticket 25 when ticket 63 is indicating a major problem is about to occur. A multitude of tickets could all also relate to the same incident, but because the abuse team doesn’t have this visibility, they struggle, dealing with each case individually.
On average, network abuse teams only get through 40% of their daily abuse reports and have to work long days and weekends to stay ahead of the backlog. Added to this, network abuse is escalating massively with a report by McAfee showing that the estimated global annual cost of malicious cyber activity ranges from US $300 billion to US 1 trillion, and by 2019 this figure will increase to US $2,1 trillion.
3. The ever-present threat of increased attacks
Cybercrime is on the increase with a recent Verisign study reporting that the industry most frequently targeted by DDoS attacks is IT Services/CloudSaas and that Q4 in 2015 experienced more DDoS attacks than any quarter since Verisign started reporting in 2014. The FBI also reports “the threat is incredibly serious – and growing. Cyber intrusions are becoming more commonplace, more dangerous, and more sophisticated.”
4. Lack of resources to deal with abuse report volumes
As network abuse continues to escalate at an unprecedented volume, it’s almost impossible for an ISP network abuse team to employ the number of staff needed to deal with the reports. Instead of being empowered to proactively deal with high priority and complex security issues, network abuse teams generally have to rush around putting out fires as they deal with an ever-escalating load of reports. Tight budgets also prevent ISPs from increasing staff numbers on their network abuse teams. This is where companies like Abusix come to the rescue by providing ISPs with the power to identify problems in real-time, making the mitigation process much faster, and removing the load burdening down their teams.
5. Customers who complain instead of taking charge
It’s not the role of the ISP network abuse team to police their customers’ servers, but when a customer experiences a network “problem”, they immediately call their ISP. To prevent this, you need to assist your customers by providing the best security practices and solutions during onboarding and setup, and in that way pre-empt abuse issues before they occur.
Reduce abuse and report volume
Protecting your network from abuse is an ongoing task that requires mental and operational agility. Products like AbuseHQ from Abusix, ensure your network abuse team has the information to rise above the endless tickets, and shut down network abuse at its source – before it even becomes an abuse report.
To find out more about reducing frustration and proactively protecting your network, download this free e-book from Abusix