ISPA bolsters end-user security
SA's Internet industry body has developed a new code designed to protect the privacy of end-users.
The Internet Service Providers' Association (ISPA) recently announced it would lead the development of a new voluntary code of practice to improve cyber security. Known as the icode, and developed in conjunction with Australia's Internet industry association - which pioneered the approach in 2010 - the code will provide a consistent approach for South African ISPs to help inform, educate and protect customers in relation to cyber security.
SA is the second country in the world to implement network-level protection of vulnerable end-users under the icode banner.
By following the code, says ISPA, ISPs will contribute to reducing the number of compromised computers in SA, and enhance the overall security of the South African and international Internet.
“The increasing threat of zombied computers - computers which have essentially been hijacked and are under the control of criminals or other third parties - presents a real risk to users. Identity theft, fraud, and increases in spam are all possible consequences of compromised computers,” says the association.
ISPA spokesperson Ant Brooks says the problem the industry now faces is the sophistication of attacks on end-user computers. By ISPs scanning at network level, says Brooks, an early warning can be given to users, when they may be unaware there is a problem with their computer.
He says an infected computer has far-reaching implications. “An infected computer is not only bad for the end-user, it is also a problem for the integrity of networks themselves, because it increases the amount of spam and other 'bad traffic'. This is why ISPs are telling us they will support the scheme.”
The security code initiative was welcomed by the banking sector, which is intrinsically affected by malware and security breaches.
South African Banking Risk Information Centre (Sabric) CEO Kalyani Pillay says the country's banks constantly review security measures to offer Internet users as safe an online banking experience as possible.
“Sabric welcomes the launch of the icode project, and is encouraged by the commitment of ISPs towards assisting their customers with the security of their computers and their personal information.”
Brooks emphasises the new code was designed primarily to protect the privacy of end-users - not to violate it. “The network-level scanning that allows ISPs to detect signs of infected machines does not in any way involve looking at what users are doing online. On the contrary, the scheme is designed to reduce the incidence of the single biggest threat to end-user privacy, being the presence of malware that can steal personal information and relay it to criminals overseas.”
He says the code is designed to respond to this challenge by providing a consistent approach for South African ISPs to inform, educate and protect their customers. “ISPA believes a uniform national (and international) approach is warranted. The code will deliver a standard set of best practices for ISPs to follow to preserve the integrity of their networks.”
The icode will consist of four main elements: a notification/management system; a standardised information resource; a comprehensive resource for ISPs to access the latest threat information; and a mechanism for reporting back to national security agencies, in cases of extreme threat.