Evil Corp Hack Shows Critical Need for CSPs to Offer SECaaS

Updated on

The US government has signaled just how dire the national cyberhacking situation is by offering a record cybercriminal bounty on the leader of the infamous Russian hacker group, Evil Corp. Over the past decade, Evil Corp has stolen more than $100 million from unsuspecting online banking users with email phishing campaigns and the most widespread malware ever, Dridex, which specifically targets online banking credentials. With nearly all of an individual’s sensitive personal information available online today, it’s no wonder Americans are more worried about cybercrime than violent crimes (including terrorism, murder or sexual assault. Phishing attacks more than any other cybercrime have been responsible for a whopping $12.6 billion in losses since 2013, targeting private citizens, enterprises and anyone in between. Unfortunately, communication service providers (CSPs) bear the brunt of these attacks in that they are accountable to the direct and indirect victims of these attacks – their consumers and financial institutions.

Get The Full Ray Dalio Series in PDF

Get the entire 10-part series on Ray Dalio in PDF. Save it to your desktop, read it on your tablet, or email to your colleagues

Q4 2019 hedge fund letters, conferences and more

That said, service providers are also poised to mount the best defense against hackers by providing innovative network intelligence and security solutions for consumers and small businesses, not unlike those that targeted by Evil Corp.

Small Businesses Are Big Phishing Targets

While cyber-awareness is growing, most small businesses lack the security skills to protect themselves and are, as a consequence, easy prey for both targeted and automated mass cyber-attacks.

2019 saw 76 percent of U.S. companies experience a cyberattack with the most common, cited by 57 percent of companies, as social engineering and phishing attacks, according to a Ponemon Institute survey. These scams target internet users with realistic-looking emails that download malicious software once the user clicks a link or attachment in the email.

Small businesses also recognize that the use of mobile devices in their business widens the threat landscape, but that is the price they are willing to pay for convenience and efficiency.

Mobile Banking Means Heists Have Gone Digital

Over three-quarters of Americans used a mobile device the last time they checked their account balance. Since 89 percent of online banking in the US is now done via mobile, it is more important than ever for CSPs to ensure consumers’ mobile security from nefarious cybercriminals like Evil Corp.

While most banking apps have built-in security features such as two-factor authentication (2FA), the best defense starts on your mobile network, not just on your phone. While mobile endpoint security apps are just fine for stopping most cyber threats on the device, network-based cybersecurity can catch cyber attacks in the network, long before they effect your device. That extra level of security can only be provided by a CSP.

Also, with an expanding wireless network and the transition to 5G, mobile users need a better way to protect themselves from an increasing list of security threats and they are looking to mobile operators to provide this protection via their network.

5G danger?

The transition to 5G presents many challenges for CSPs to ensure mobile network security. Perhaps the toughest being the deployment of security protocols and solutions that keep pace with 5G and effectively protect the multitude of 5G applications that promise to change nearly every aspect of lifestyles and workstyles. We will especially see issues when it comes to managing financial exchanges.

This is because 5G’s technical landscape creates greater cyber vulnerability due to an anticipated exponential increase in connected IoT devices and the transition from a centralized, hardware-based network to that of a software-defined virtual network. While this framework is attractive to operators for lowering cost and increasing agility, this shift creates a landscape that weakens cyber hygiene by dispersing activity to various elements throughout, and at the edge of, the network. The elements of a software-based network allow new entry points for cybercriminals to take advantage, leaving end-users more at risk than ever before. The huge increase in connected, vulnerable IoT devices further expands the threat landscape.

Cybersecurity Threats Are Creating Opportunities for CSPs

In the face of increasing vulnerabilities, service providers are in a perfect position to offer security-as-a-service (SECaaS) solutions to their consumer and small business subscribers. The success of this model is starting to be proven as service providers adopt network-based solutions for cybersecurity as a service. Network-based inline security delivers a real advantage for providing mobile and device security services in the age of 5G and mobile reliance. It’s like stopping the bad guys at the entrance to the city instead of in your home.

CSPs can protect end-user and IoT devices simultaneously, in the mobile network and in a home or business network with network-based security solutions that require no installation or upgrading from the subscriber. Service providers can help small businesses protect themselves through the implementation of the anti-malware, anti-spam mail security, internet usage visibility, and Web content filtering to prevent employee exposure to illegal or inappropriate content that can otherwise cause damage to mobile devices and business data.

How CSPs can protect

Service providers are already successfully deploying network-based security services with up to 50 percent customer adoption rates and incremental revenue of €1-4 per subscriber per month. For example, Telefonica’s SMB cybersecurity solution has prevented more than 80,000 possible security threats in its first two months of deployment in 2019. Of those, more than 89 percent of blocks occurred when users tried to access risky domains or Websites, as a result of ‘phishing’.

It’s not only consumers and small businesses who benefit from low-cost, easy to implement network-based cybersecurity solutions. Network-based cybersecurity solutions increase ARPU, improve customer loyalty and provide an important brand differentiator for CSPs in an era when concern about cybercrime is on the rise. If there is a bright spot in the jungle of cyber crime, it’s that there is finally a category of solutions that is a win for all parties concerned – except the cyber criminals.

Leave a Comment