UC Advanced Magazine April 2023 Issue
As Wakankar says, VoIP solutions are a relatively new addition to the communications market when it comes to integrating it into collaboration platforms.
Certainly the ability to make and take calls from a desktop or mobile application offers a much more appealing solution than a deskphone tethered to the wall. However, that flexibility is something Kevin Michelsen, Senior Global Product Manager for Lumen Technologies, and Trevor Francis, CEO of 46 Labs, warned against.
“Since VoIP solutions go over the internet, they open businesses to cybersecurity risks,” said Michelsen. “The major risks with VoIP solutions are DDoS attacks, phishing, robocalling, call tampering, malware, and viruses. These threats all pose significant network, financial, and business disruption risks to enterprises.
“VoIP solutions offer greater flexibility and lower cost than traditional phone lines, they have grown significantly over the past several years. The growth and popularity have made VoIP solutions a target for cybersecurity attacks and scammers seeking profit.”
Francis agreed, adding that the distributed workforce needs to be careful once they have a VoIP phone line. “Many of today’s businesses are global, making VoIP solutions critical to their day-to-day operations,” Francis said. “But with the prevalence of remote
and hybrid workplaces, establishing secure connections can go overlooked.”
“Voice security should be part of any cybersecurity solution. Businesses should search for solutions that are zero trust, keep software solutions up to date, and test them regularly. Businesses also need to discourage the use of VoIP connectivity over public WiFi, encourage the use of complex passwords and train employees to recognise and report compromised devices, suspicious activity, and known or suspected attacks.”
The common theme with cybersecurity warnings out there seems to be that the risks are plenty in theory but never seem to materialise.
Certainly research from the last 12 months would suggest that a portion of businesses, mostly in the SME bracket, underestimate the risks of their business and are under- protected.
Distributed Denial of Service attacks the risks, however theoretical, can end up in a lot of damage to the business, including lost earnings, fines, and a downgrade in reputation. With such a lot at risk, some businesses will be comforted to know that, according to Martin Taylor, Co-Founder & Deputy CEO of Content Guru, the networks and platforms that we rely on have already invested in preventative and detective measures, leaving humans as the biggest problem.
“For the owners and operators of the large-scale communication networks and platforms on which billions of people depend on, the risk of attack is perennial. Consequently intrusion detection systems (IDS) and intrusion prevention systems (IPS) are prevalent through the networks and are continually updated.
“Zoned platform designs, which place strict limitations on the types and quantities of data that can pass between zones, protect the integrity of the services that run on these platforms and safeguard the data of their users from compromise.
“External bodies, as well as the internal teams of each organisation’s Chief Information Security Officer (CISO) run regular penetration tests, examining the efficacy of the IPS, and ensuring that any intruder able to breach a platform’s perimeter will not be able to move about inside, in the unlikely event that an unauthorised user should gain access.
“All of these controls mean that humans emerge as a business’s most vulnerable point. As a result, organisations place particular emphasis on role-based log-ins, limiting the types of activity a user can carry out, whilst monitoring and reporting each user’s every movement.