While your telephony solution may not immediately spring to mind when you think about security risks, you could inadvertently be giving hackers the keys to the kingdom.
Modern voice-over-IP (VoIP) telephony solutions run on the same kinds of networks that your computing systems do. Unfortunately, says Euphoria Telecom chief technology officer Nic Laschinger, they are seldom secured as tightly as your computer systems and this makes them vulnerable.
“It’s important to realise that if someone can get to your telephony system, they can get to your IT systems. A lot of people define their security at the perimeter. For example, they deploy a firewall to keep people out. Once someone is inside, however, it’s relatively easy for them to get anywhere else, including to your operational IT systems and data,” Laschinger says. “People tend to ignore security on telephony systems as they don’t recognise them as full-fledged computer systems. This can be a costly omission.”
Operational technology, like telephony systems and the systems running factories, power plants and such, are increasingly being recognised as weak areas by attackers.
According to the Fortinet 2022 State of Operational Technology and Cybersecurity Report, 93% of organisations surveyed had an intrusion in the past year, and 61% of those intrusions impacted OT systems. Worse, says Fortinet, it took hours to restore service in 90% of those cases.
Weakness in VoIP systems and network or device compromises are increasing resulting in losses for businesses globally. The 2021 CFCA Global Telecommunications Fraud Loss Survey highlighted that IP PBX hacking resulted in US$1.82-billion worth of fraud that year. Spoofing, the most common telephony fraud method, cost businesses some $2.63-billion.
In addition to standard security measures like implementing IPSec (which secures data traffic across networks) and secure authentication, your cloud telephony provider should be implementing additional features and functions that help keep your telephone system secure. Below, Laschinger outlines some…