The COVID-19 pandemic forced many to begin working and learning from home, changing the landscape of how businesses and education systems had to protect their networks. Under disaggregated systems, vulnerabilities for cyberattacks appear.
Gabriel Gumbs, cybersecurity expert and host of the Privacy Please podcast, and Terry Young, Director of Service Provider and 5G Marketing at A10 Networks, joined the Fiber Broadband Association to share best practices for services providers to protect their networks.
“Broadband connectivity is clearly no longer considered a ‘nice to have.’ It’s now considered essential,” Young said before explaining how peoples’ perception of what broadband connectivity means has changed.
“We used to think of broadband as being better entertainment, maybe gaming. But now, what they think is, ‘If I don’t have good broadband connectivity--and safe broadband connectivity--I may not be able to work, I may not be able to get the health services I need and I may not be able to educate my children,’” she said. “So, it has taken on a very personal meaning for most people.”
Young said that shift is important for service providers to recognize, especially those who are starting to build out new networks in rural areas.
“(Service providers) all have an opportunity to help underserved communities not only catch up, but really leap forward--and strong cybersecurity is part of that,” she continued.
As a result of the COVID-19 pandemic, Young explained there has been an increase in malicious activity. Cyber criminals, she said, have taken advantage of what is in the news and used them as weapons.
“From phishing campaigns to text messaging to robocalls--malicious activity of all types--have increased and are elevating the fear of COVID-19,” she said. “What that means for your subscribers and for you to be aware of is that the public awareness of cybersecurity and the risk is much higher than it was a year-and-a-half ago.”
She said providers are getting questions they did not have before, like asking for new services and checking for network safety in addition to network speeds.
“It’s a real shift in expectations that should be kept in consideration,” she said.
Gumbs agreed, adding that population shifts out of big cities and into more rural settings will also have an impact on rural service providers, as they will have to contend with “big city expectations.”
From the cybersecurity perspective, Gumbs noted the importance and prevalence of distributed denial-of-service attacks, or DDoS attacks, in rural areas, traditionally thought of in the form of data exfiltration and ransom attacks at hospitals and the like.
“But one of the things the attackers have been equally doing is leveraging all of the new machines that have come online in these rural areas so that they can then perform those DDoS attacks outwards to others as well,” Gumbs explained. “And that itself has some impact on your subscription lines.”
In fact, the number of vulnerable devices to cyberattacks is growing every day as consumers adopt more IoT devices into their homes. And IoT devices, as Gumbs points out, often do not have the same level of security as more desktop devices and so forth, so they make very good targets for cyber criminals.
Every area of the network where security is low presents an opportunity for a cyber-attack.
“Just from the telecom industry, that’s 39 million data assets--those by and large represent actual people in terms of credit card information, passwords and so forth,” Gumbs said.
“In rural areas where you may not have a lot of people, you still have what the attackers consider whales and big fish targets--and they’re big personal targets,” he continued. “So, equally, going after the head of a municipality or the head of a healthcare system is just as valuable of a target as going after all of the employees.”
To best protect networks both old and new, Gumbs and Young offer the following cybersecurity recommendations:
- Double down on basic cybersecurity hygiene.
- Implement extensive security monitoring and frequent, automated patching across all domains.
- Place security as a higher priority and invest in protection against known threats.
- Continually adapt to a changing threat landscape.
- Recoup security costs through smart security monetization, wherever possible.
- Explore DDoS-Protection-as-a-Service.
- Provide information and options for consumers and businesses.
- Evaluate your role in protecting subscribers.
Hear the full presentation with Terry Young and Gabriel Gumbs on the Fiber for Breakfast podcast .