Corporations have been tasked with managing new exposure risks caused by the increased prevalence of remote work, especially since cyber crime now readily targets home networks as a method of data theft for larger companies.
While businesses have placed more focus on protecting their assets for the expanding work from home reality, Internet Service Providers (ISP) are also susceptible to being part of this broken chain.
This is a chance for ISPs to consider the series of benefits associated with taking more responsibility for the security of their customers and actively incorporating security as part of their product development strategy.
Extend ISP asset protection
CISOs of ISPs typically focus on securing corporate assets such as datacenters, endpoints, and DMZs and don’t consider the home network part of their responsibility.
However, this is a potentially dangerous oversight as home routers pose their own share of vulnerabilities that could negatively impact the ISP. For example, home routers store “corporate secrets” such as client certificates, and they are publicly accessible built on top of complex open-source stacks with multiple dependencies.
Even a vanilla version of OpenWRT firmware includes more than 100 different open-source packages. A single vulnerability in one package can be exploited by a remote attack and cause data leakage, damaging brand reputation like what happened in the DNS Hijacking attack on a Brazilian ISP or the Orange’s WiFi Passwords Leak.
ISP’s role in home network security
Additionally, research indicates that consumers and businesses choose vendors who take cybersecurity seriously. In fact, Experian found that 74% of consumers prioritize security as most important for their online experience as reported in their Global Identity and Fraud Report.
In order for CISOs to consider their customers’ home routers as part of their overall ISP posture, they would need to take an active role in the product development lifecycle and collaborate with router teams. This means ensuring a comprehensive security strategy and involvement at each phase of development.
As mentioned, many companies have been challenged in their ability to support the rise of remote work over the last 12 months, and even more so ensure security is intact and that sensitive corporate data is not exposed.
For ISPs, adapting a secure development lifecycle is also an opportunity to look beyond just the router and protect the entire home network, as well as take a critical role in transforming the remote digital workspace. Consider the additional benefits such as brand differentiation and new revenue potential.
Growth potential in SMB security
Another growth opportunity for ISPs is to strengthen their security in the SMB segment to respond to market demands.
According to Connectwise’s report, The state of SMB cybersecurity in 2020, not only do 73% of SMBs say they will invest more in cybersecurity in the next 12 months but 91% of them state they would move to a new managed security provider (MSP) for the right cyber solution. The report states that 68% of SMBs perceive the “right” solution as MSPs’ ability to properly respond to security incidents and 58% of them prioritize MSPs who can effectively minimize damage.
The fact that SMBs lack security expertise in-house yet have allocated a budget to ramp up security puts ISPs in a good position to seize the opportunity.
Other reasons include:
- Customer relationships are already established
- ISP equipment is already at the customer site
- Offers ISPs’ sales force a new selling opportunity