Cybersecurity Awareness Month may be coming to an end, but the cable industry continues to work each day to keep our networks and customers safe. As the nation’s leading provider of broadband, the cable industry has been at the forefront of developing and implementing best practices for identifying and addressing cybersecurity risks. Today’s cyber threats have evolved and advanced significantly. Threats now range from the theft of sensitive personal information, to the extortion of money through phishing scams and ransomware, to cloud-based multi-gigabit distributed denial of service (DDoS) attacks. These cyberattacks put individuals, devices, and networks at risk.
Addressing cybersecurity necessitates innovation. For the cable industry, that has meant a focus on a series of pressing issues.
Malware
Malicious software, or malware, prevents a user from using their intended device or service. Malware includes spyware, viruses, and much more. One of the primary cybersecurity measures taken to counteract malware is the use of antivirus and malware detection programs. Internet Service Providers (ISPs) provide anti-virus protection for free to customers. In addition, they provide more advanced protection services to safeguard users’ personal information and support small businesses and other companies that need to take additional cybersecurity measures. Consumer awareness and education, like that provided by NCTA’s Family and Media (FAM) initiative, also play a driving role in keeping consumers safe from malware.
Botnets
As malware has evolved, additional features have been added that allow attacks to go beyond an isolated instance of attack, for instance on a single computer, to multiple instances of cyberattacks working together. These networks of malware-infected devices are referred to as botnets (robot + network) and botnet attacks are on the rise. Today, botnets are used to send spam or launch attacks at greater scale and with larger impact, often disrupting business as usual. ISPs detect botnets by monitoring networks for communications with known botnet “command and control centers.” ISPs then take action to block communication to these centers and notify infected end-users so that they can take the necessary actions to remedy the issue.
Supply Chain
Increasingly, supply chain threats represent one of the most significant vulnerabilities in cybersecurity, presenting significant new risks to government and industry. These threats can include network or computer hardware that is delivered with malware already installed, or other weaknesses where software applications are prone to cyberattacks. Sophisticated cybercriminals exploit these vulnerabilities in the supply chain as a beachhead from which they can gain access to sensitive and proprietary information further along the chain. To combat this threat, NCTA and its member companies are actively participating in the Department of Homeland Security’s Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force. The Task Force works to identify and develop consensus strategies that enhance ICT Supply Chain security.
Internet of Things
The constant connectivity and data sharing among internet-connected-devices, or the Internet of Things (IoT,) creates new opportunities for service and information to be compromised. Some of these devices, especially those built without the proper security, can also serve as an entry point for larger cyberattacks. The cable industry takes an approach to IoT that addresses both mitigation and security. ISPs have invested heavily in measures that reduce the risks with insecure IOT devices, with a primary focus on protecting networks from DDoS and other botnet attacks. The industry is also working to create robust technical standards to achieve necessary levels of security to prevent against cyberthreats.
The internet continues to play a major role in the lives of consumers and the success of businesses. Simultaneously, the cable industry remains committed to cybersecurity and to finding new, innovative ways to prevent cybercrime as it continues to evolve.