While certain cyber attacks focus on specific organisations, the majority target the largest number of Internet users possible. Such attacks are often relatively easy for cyber criminals to undertake and can cause serious harm. The impact of indiscriminate malicious activity online can be significant and carries an estimated global price tag of $6 trillion in 2021.
The World Economic Forum’s Centre for Cyber Security brought together a group of leading Internet Service Providers (ISPs) and multilateral organisations to develop new ways to protect and prevent these attacks from reaching consumers. Following a year of development and testing, four actionable principles were identified as successful in preventing malicious activities from getting ‘down the pipes’ to consumers. These are set out in the report entitled Cyber Crime Prevention: Principles for Internet Service Providers.
BT, Deutsche Telekom, Du Telecom, Europol, Global Cyber Alliance, Internet Society, Korea Telecom, Proximus, Saudi Telecom, Singtel, Telstra and ITU endorsed these principles, protecting up to one billion consumers in 180 countries in the process.
“Cyber security is becoming a public safety issue,” said Amy Jordan (delivery lead, Platform for Shaping the Future of Cyber Security and Digital Trust, World Economic Forum). As more and more devices are connected and physical infrastructure becomes increasingly connected, no one company can do it alone. The community needs to come together, and these principles can accelerate and scale impact.”
Benefits of implementation
In the report, each principle is considered from the perspective of the challenges it’s seeking to address, as well as providing demonstrable evidence from service providers of the benefits of implementation. Further, more technical detail on how each principle could be implemented is also provided in related recommendations.
“This initiative represents a fantastic example of the World Economic Forum’s ability to convene public and private sector stakeholders to share and implement industry Best Practice that helps not only the organisations involved, but the users of the Internet at large,” said Kevin Brown (managing director at BT Security).
“Europol wholeheartedly supports the adoption of these principles by Internet Service Providers worldwide because they have the potential to significantly limit the harm caused by malicious cyber crime actors,” said Catherine de Bolle, executive director of Europol.
“The World Economic Forum’s ISP Principles are a superb collection of actionable measures that providers can use to reduce malicious activity online,” said Joseph Lorenzo Hall, senior vice-president at the Internet Society.
“By adopting these Best Practice principles and working with Governments in a public-private partnership to create a supportive policy framework, we will collectively boost trust in the digital economy and significantly reduce cyber crime,” said Stefaan De Clerck (chairman of the Proximus Board).
“As a nation, and as the digital enabling company, we are exposed to all sorts of attacks, which forced us early on to heavily invest and build world-class cyber capabilities to become fully resilient.” said Nasser Suliaman Al Nasser, CEO of the Saudi Telecom Group. “Guided by these four principles, we encourage other ISPs to leverage them in defining their strategies and gain confidence by joining other global partners.”
Key principles to follow
It’s recommended that ISPs adopt the following key principles:
*protect consumers by default from widespread cyber attacks and act collectively with peers to identify and respond to known threats
*take action to raise awareness and understanding of threats and support consumers in protecting themselves and their networks
*work more closely with manufacturers and vendors of hardware, software and infrastructure to increase minimum levels of security
*take action to shore up the security of routing and signalling to reinforce effective defence against attacks
The World Economic Forum will now use its Platform for Shaping the Future of Cyber Security and Digital Trust to drive adoption of the principles and seek to initiate a dialogue between public- and private-sector stakeholders on how Governments can incentivise uptake and establish clearer policy frameworks and expectations.
By working collaboratively, ISPs will be better placed to protect their customers and defend their own networks than if they work alone.