Over the last few years, Internet service providers (ISPs) have invested heavily in ramping up and fortifying their security infrastructures.
Despite the sophisticated security infrastructure that ISPs have put in place, the sheer number of attacks has left smaller ISPs vulnerable to network failure, while addressing individual attacks.
A closer examination of cybersecurity-related internet power outages shows that tough judgment call errors were often behind the outages.
ISPs have been very proactive in their role in cyber security through sophisticated network protection protocols, improved customer support, and working with authorities to help identify and prevent potential threats.
However, human error remains one of the factors that prevent the effective management of cyber attacks without causing major disruptions. According to a survey by IBM, human error is the main cause of 95% of cyber security breaches.
Gustavas Davidavicius, abuse prevention team lead at IPXO, reiterates this view by noting the DDoS attack on Vocus NZ, the third-largest internet service provider in New Zealand, that occurred a few months back and knocked many interned users offline.
“The pressures of having to make swift decisions can have a significant impact when managing security breaches. In this case, it seems that a few unfortunate decisions led to filtering out tons of legitimate traffic for all, leaving users without an Internet connection,” he explains.
He also emphasises, that, in general, cyber resilience and reliability of internet resources need to be improved.
“Cyber resilience has always been one of the top priorities, however, there is no single best solution that could address all the issues. As with all internet-related activities, the best way to protect yourself varies based on use cases and scope,” he says.
“Hopefully, over time all ISPs will be properly shielded and make DDoS’ing no longer feasible or profitable in any way. However, to achieve this, a lot more of the current IPv4 address pool will have to be dedicated for this purpose.”
Davidavicius believes every service provider looking to expand will need additional IP addresses to sustain more users or to simply add new locations. Having access to a bigger pool of IPv4s will enable to grow as a company, accumulate more resources and, consequently, become more resilient against the aforementioned cyber threats.
“This will also fuel healthy competition, lowering entry barriers for new companies in turn providing more options for consumers to choose from.”