For over 1½ years, the world has been grappling with the Covid-19 pandemic. Although it is uncertain when the pandemic will end, one thing is for sure: many things will not go back to the way they once were. Remote work will be among those major changes. Recognising this, several companies — including United Overseas Bank and Siemens Singapore — have committed to offering flexible work options even beyond the pandemic. But as employees enjoy working from the comfort of their own homes, this trend poses cybersecurity risks for businesses.

According to the 2021 Global Security Insights Report by software company VMware, an alarming 82% of Singapore companies faced increased cyberattacks as more employees worked remotely during the pandemic. Remote work has expanded the attack surface from the rather secure corporate networks to employees’ less secure home networks. This means cybercriminals can swoop in and obtain sensitive company data from home networks, without having to penetrate layers of enterprise-grade security in an office setting.

Credit rating agency Fitch Ratings observed a similar pattern. “The recent proliferation of ransomware attacks underscores how cyber risk is cutting across sectors and becoming a growing global security and financial threat,” it said in a May 17 article.

Fitch adds that “the volume, size and sophistication of ransomware attacks are expected to increase, as the risk of criminal prosecution remains low and profit incentives remain high”. It notes that ransomware attacks have increased by some 485% in 2020 globally, according to Bitdefender, accounting for nearly one-quarter of all cyber incidents, with total global costs estimated at US$20 billion ($26.9 billion).

The good news is that 51% of the Singapore companies VMware surveyed have updated their security technology to strengthen their cybersecurity posture. However, the term “cybersecurity” is a broad term with several types of solutions parked under its umbrella. Many may not know the difference between an antispyware, anti-virus and anti-malware solution. Moreover, most companies and users would want to use their devices and apps with minimal fuss instead of having to worry about cyber threats.

So, should Internet service providers (ISPs) — the companies providing individuals and enterprises with Internet access — do something to help prevent cyberattacks, since they have a global view of the network? Who should bear the responsibility of securing Internet activities?

mute
First line of defence

According to the CEO of broadband provider ViewQwest, Vignesa Moorthy, the responsibility should not only fall on the user, but also ISPs. Having built this “highway of the Internet”, ISPs should be partially responsible for protecting it.

In April, ViewQwest became the first ISP in Southeast Asia to extend its enterprise cybersecurity offerings to SMEs as well as home users. Its SecureNet solution was launched amid increasing work-from-home measures in Singapore. Available for home broadband users, SecureNet scans the broadband Internet connection and blocks threats at the network level.

Since the solution terminates malicious connections and detects inadvertent malware on its way to the user, it gives the user the peace of mind and eliminates the need to install any software on any devices.

The way Moorthy sees it, “we’ve built the network, and customers are using it. All of us are using it. And we have been turning a blind eye to what is happening on this network”. Giving an analogy to illustrate his point, Moorthy explains: “If I own a restaurant, would I allow somebody with a knife running around? He hasn’t hurt any of my customers, but he’s running around. Would I allow that? Am I responsible for stopping that person?”

He thinks he should be responsible for stopping a dangerous person in his establishment. Similarly, Moorthy believes that ISPs are partially accountable to providing a safer network environment for users — both in enterprises and at home.

The SecureNet solution, which was launched by ViewQwest in partnership with cybersecurity solutions provider Palo Alto Networks, claims to be able to stop about 95% of incoming threats without compromising network performance. It features three main threat prevention measures, mainly antivirus, anti-spyware and vulnerability protection.

“There is a growing trend where ISPs have taken ownership in tackling cyber threats by creating and offering broadbands with built-in security,” notes Moorthy.

Telcos doing their part

To that end, the local telco big boys are also playing their part in the fight against cyber threats.

The chief technology officer of StarHub, Chong Siew Loong, tells The Edge Singapore: “As an ISP, we constantly monitor our network infrastructure, ensuring they are sufficiently protected and resistant to security threats so as to foil would-be hijacks.” The telco also takes proactive steps to enhance its cybersecurity posture.

“We regularly share educational messages with our customers, to raise awareness of Internet threats,” says Chong, who notes that there should be a certain amount of knowledge on the importance of cybersecurity on the user’s end. He believes that online safety takes a combined effort from consumers, corporations and the government.

Although complete security for both broadband and mobile networks is virtually impossible, StarHub has deployed advanced security appliances, like firewalls and security gateways, to maintain what it calls a “defence-in-depth” strategy that is based on 3rd Generation Partnership Project (3GPP) standards.

“To secure our network and protect our customers’ interests, we use a defence- in-depth approach with multiple security layers to identify and mitigate any malicious activity on our network. This includes the use of our ‘StarHub Internet Clean Pipe’ service to minimise the impact of potential DDoS (distributed denial-of-service) attacks,” says Chong.

As much as StarHub plays its part to keep its customers safe, it also ensures privacy by not monitoring individual users’ Internet traffic. “What we do is to manage traffic flow across our infrastructure to deliver the best Internet access service to the majority of our customers, ensuring fair use of network resources to enhance overall end-user experience,” explains Chong.

Singapore Telecommunications (Singtel) also has a similar structure when it comes to managing and securing its networks. Its focus is mainly on the enterprise segment, where its key product, the Singtel Managed DDoS Protection Service, empowers enterprises to take a more proactive approach to cyber defence with comprehensive protection for assets such as the customers’ corporate network, web services and data centres.

Singtel sees user education — for both home and enterprise users — as essential to complete the last mile in the cybersecurity journey. As such, the telco offers Cybersecurity Awareness Education, which features up-to-date educational courses. Lim Seng Kong, managing director of Singtel Enterprise Business, Group Enterprise, says: “Cybersecurity vulnerabilities can stem from a broad range of sources like telco networks, enterprise IT infrastructure, and devices like mobile phones. As service providers or users, we all have a part to play to protect our assets by putting in place the right security measures while also staying vigilant against potential threats.”

Singtel also provides endpoint security solutions for mobile enterprises through Singtel Shield. The cloud security solution enables businesses to protect their corporate applications and secure their data and devices against cyber threats, as well as filter Internet access to reduce risk exposure.

What experts say

Experts tell The Edge Singapore that ISPs providing cybersecurity solutions at the network level is a good first line of defence for consumers. However, such solutions must not be the only form of protection users should have.

Assistant Professor Zhang Tianwei from Nanyang Technological University’s School of Computer Science and Engineering agrees that network solutions will be more convenient for end-users, as the security process is transparent to them.

Zhang believes that the responsibility to ensure a well-rounded security lies with both the ISP and the user. But he thinks ISPs should take on “more responsibility” as they have more control in terms of managing the network infrastructure and regulating the network traffic. Additionally, ISPs are in a better position to protect users since they have more knowledge of the traffic on their network.

However, as ISPs do not actively monitor the Internet content consumed by end-users, there is still a risk, especially if no dedicated endpoint security application is installed in the device. Zhang says it is difficult to monitor what goes on in the device, which is as important as monitoring the incoming and outgoing traffic.

Benjamin Ang, deputy head of the Center of Excellence for National Security at the S Rajaratnam School of International Studies (RSIS), says this is because the actions that malware takes can seem very similar to legitimate software. “Malware doesn’t have a tag saying ‘Hi, I’m malware’... It does things like downloading data, which all our apps and browsers [do]. But when a malware downloads a payload, it can do damage.”

ISPs such as ViewQwest, StarHub and Singtel are also aware of this phenomenon, and are therefore encouraging users to keep their connected devices secure with some sort of endpoint protection.

However, these “last-mile solutions” may cause data privacy concerns. After all, ISPs will have to process users’ data to provide this level of security. Nonetheless, Zhang says this is essential for breach detection and mitigation. He highlights that having more information will enable ISPs to be “more confident in detecting and mitigating any security incidents and attacks”.

Moving forward, Zhang believes ISPs will have to focus more on cybersecurity as part of their strategy not only to keep users safe, but also as a selling point to attract more customers. “Now, we consider [factors] like performance and efficiency. [But] we should also consider security, which is an important factor in today’s networked environment.”

On the other hand, RSIS’ Ang thinks that securing mobile data networks and public networks should be a shared responsibility, especially as workers will be more mobile after the pandemic. “One day, we will be able to travel again. One day, I’ll be able to sit in Starbucks and use my laptop again,” says Ang.

When that happens, businesses will have to look at securing these public networks, and as Zhang says, the ISP that will be able to include security as a selling point will benefit.