The new breed of internet service provider: frontline of cyber security

2014 was a year to remember, fraught with a whirlwind of hacks and breaches into several industry sectors, of which the corporations were not the only victims. Consumers who bank and shop online over the internet were also targets of attacks which threatened their identities and financial well being. Small businesses that depend on the internet for operational efficiencies, purchasing supplies and outsourcing services online were also put at risk.

The scale is staggering: in 2014, cybercriminals compromised more than a billion data records in more than 1,500 breaches and the cost of dealing with these breaches is escalating. In 2014, the average cost to a company of a data breach, was $3.5 million, which was up 15% from the previous year.

As businesses continue to leverage the internet – offering ever-more compelling reasons to purchase products and services online – internet users, both consumer and commercial, will demand more protection to do so.

>See also: The 2015 cyber security roadmap

As such, the frontline in the cyber security battle is shifting. The way we access and consume apps through connected services at home, on the go and at work is changing how security will need to be provided to internet users. In this new era, a competitive differentiator for ISPs will not be bandwidth or speed, but security.

Evidence that ISPs can differentiate was recently demonstrated by EU providers that responded to the government’s directive to improve the online security of customers and limit the rise in cyber attacks, which included taking proactive action to protect families from harm.

More importantly, in 2013 the prime minister made the significant step of ordering the blocking of online pornography sites by default. ISPs responded by offering this protection as an added value to their existing services and now look to expand these programs with security for which new revenues will be generated.

Whilst many are working to offer security as a core part of their services, there is still more that can be done, and ISPs are well positioned to assume a new role in the protection of personal and business data.

Commercial advantages

As broadband has become ubiquitous across geographies, more market opportunities are opening up for ISPs. This is because broadband is now central not only to the internal operations of organisations but also to the plethora of new services they are delivering to customers, such as mobile apps and real time marketing, all of which require additional bandwidth.

A large retailer, for example, may want to deliver in-store services to customers via Wi-Fi, for which they need additional bandwidth. Rather than routing this over an expensive MPLS network, typically used for their mission critical services, they are taking advantage of the relatively inexpensive and reliable broadband networks.

These networks will be used by infected devices brought by patrons and exploited by cybercriminals for their anonymity. It is critical to defend these networks to avoid bandwidth depletion, which impacts the effectiveness of the stores' marketing programmes and puts their brands at risk.

Security operations for any business are complex, requiring investments in technology, highly trained personnel, constant vigilance and quick response. Small to mid-sized companies, and some enterprises, cannot afford the capital and operational investments in equipment or staff, and therefore look to outsource these functions – thus providing a demand for managed security services.

ISPs have the broad reach and skill sets to provide for these new business requirements, paving the way for them to forge more opportunities in the commercial space and deliver differentiated data centre services in which security is pivotal.

>See also: Is 2015 the year cyber security shows its human side?

The technology is now available for ISPs to deliver managed security solutions on the scale required for their users. Cloud solutions that have been traditionally used for enterprises can now be scaled to work for millions of devices. ISPs are seizing this opportunity to deliver a variety of managed services to business users, in addition to providing broadband connectivity. As more applications are delivered online, security services represent a significant commercial opportunity.

As ISPs own the network, they have a strategic advantage in delivering these services. Malware-infected devices need to communicate over their networks, which gives the ISP an opportunity to discover these communications through behaviour analysis and identify infected subscribers. Furthermore, with the subscriber’s permission, deeper analysis can be performed to identify specific devices and offer remediation solutions.

As their network capabilities evolve to support cloud architectures, ISPs are recognising that it is a small step to add managed services to their portfolio. Big players such as Time Warner, Comcast and Telefonica have already entered the commercial managed services market.

IP overload

The growth in the cloud and the significant changes that are happening in the residential space are also driving changes in the role that the ISPs play in protecting the home internet user. Over the next five years, there is a significant opportunity for ISPs to take market share from the traditional AV security vendors and establish themselves as trusted advisers for their customers.

This is a natural progression given not only the changing threat landscape, but also the sheer volume of devices and data that users will demand to be protected. The expansion, driven by the increasing adoption of smart devices such as TVs, appliances, security systems, environmental controls and wearables (the Internet of Things), will make it impossible for the average user to manage the security of all these devices. Any many of these connected appliances are built on platforms that are vulnerable to attacks.

Even if they could, can we realistically expect users to keep track of the security updates needed across all these devices to ensure they are protected?

The bottom line is, all of these devices require connection to the internet via a service provider, placing them in a unique strategic and competitive position.

>See also: Cyber security guide to the 10 most disruptive enterprise technologies

Step forward, then, the new breed of ISP, which can offer a diverse range of services and become a trusted protector against the growing cyber threat. Protection will shift over time from protecting the device using traditional tools like antivirus to protecting network connections. These new frontiers can increase the lifetime value of the customer to the ISP, provide new revenue streams and impact customer loyalty.

Several ISPs have already started. Providers such as Comcast, Centurylink and Time Warner Cable have been providing security notification and remediation services to their customers, along with education to avoid future risks.

Modest investments, and new business models will be required to enter the market, but with so much of our lives dependent on a secure service, early surveys taken by service providers indicate a customers are willing to pay a premium for services that deliver more value, ensure the integrity of data, and help protect finances, homes and families. 

If speed is fast becoming a commodity, security will be a new battleground for ISPs in winning the hearts and loyalty of their customers.


Sourced from Jay Opperman, Damballa

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...