ISPA improves cyber crime security

The Internet Service Providers’ Association (ISPA has announced it would lead the development of a  voluntary code of practice to improve cyber security for end-users.

Known as the icode, and developed in conjunction with Australia’s Internet Industry Association, the code aims to provide a consistent approach for South African ISPs to help inform, educate and protect their customers on cyber security.

ISPA says SA would become the second country in the world to implement network level protection of vulnerable end users under the icode banner.

According to the organisation, by following the code, ISPs will contribute to reducing the number of compromised computers and enhance the overall security of the South African and international Internet.

ISPA says the increasing threat of zombied computers - computers which have been essentially hijacked and are under the control of criminals or other third parties - presents a real risk to users. Identity theft, fraud, and increases in spam are all possible consequences of compromised computers.

“The problem we now face as an industry, is the sophistication of attacks on end-user computers. Scanning at the network level by ISPs can provide an early warning to users when the user may be completely unaware there’s a problem with their computer,” said ISPA spokesperson Ant Brooks.

The initiative was also welcomed by the banking sector.

“South Africa’s banks are committed to educating consumers about online security, and constantly review security measures to offer South African Internet users as safe an online banking experience as possible,” says Kalyani Pillay, CEO of the South African Banking Risk Information Centre (SABRIC).

“SABRIC welcomes the launch of the icode project, and is encouraged by the commitment of ISPs towards assisting their customers with the security of their computers and their personal information.”

Brooks emphasised that the new code was designed to protect the privacy of end-users.

“The network level scanning that allows ISPs to detect signs of infected machines does not in any way involve looking at what users are themselves doing online. On the contrary, the scheme is designed to reduce the incidence of the single biggest threat to end-user privacy - the presence of malware which can steal personal information and relay it to criminals overseas,” he said.

The code is designed to respond to this challenge by providing a consistent approach for South African ISPs to help inform, educate and protect their customers in relation to cyber security. ISPA believes a uniform national (and international) approach is warranted. The code will deliver a standard set of best practices for ISPs to follow to preserve the integrity of their networks.

The icode is expected to contain four main elements: among them a notification or management system for compromised computers and a standardised information resource for end users.

It will also aim to have a comprehensive resource for ISPs to access the latest threat information and a reporting mechanism in cases of extreme threat back to national security agencies to facilitate a national high level view of attack status.