Justin Hart, CTO, cloud & edge business unit at Ribbon Communications, discusses why it’s important to analyze the new voice threat landscape and establish the right security analytics measures in place. Here, he lends insights on how enterprises can ensure seamless communication between employees, customers, and partners while keeping their organization safe.
The way enterprises work today is dramatically different than less than a year ago. Since early 2020, the global pandemic has caused a seismic shift in the number of employees working from home because so many economies around the world were forced to shut down to contain the initial wave of the COVID-19 pandemic. Having the ability to shift to a work from home model overnight is one of the main reasons the global economy has been able, for the most part, to weather the storm caused by the pandemic. For many organizations across various industries, this meant moving operations such as contact centers that were traditionally centrally located to remote working.Â
This massive shift in employees working from home has also created an opportunity for those with malicious intent. Bad actors are constantly looking for ways to cause havoc, either for monetary gain or to disrupt services.Â
And, with the exponential growth of IP-based real-time communications (RTC) in such a short period, the opportunity has caught the attention of many of these bad actors. They design their attacks to bring down enterprise communications infrastructure through various means such as telephony denial-of-service (TDOS) and distributed denial of service (DDoS) attacks, voice phishing, registration floods, malicious endpoints, fraud, IP password attacks, and many more.
They are also exploiting communications network vulnerabilities by eavesdropping on private conversations and gaining access to users’ telephony accounts via registration hijacking so they can wreak havoc or do reconnaissance in the entire corporate network.
Learn More: Securing Boardroom Communications: Do’s and Don’ts for the ‘New Normal’
Also, increasing the threat vector is the mobile-first world in which we live. Mobile applications can lead to a “wild, wild west†approach for IT departments and throw mobile device management and bring your own device (BYOD) into a scary new realm, triggering massive security and compliance issues. The rise of collaboration platforms, from WebEx to Zoom, which allowed teams to continue to collaborate during the pandemic, has also led to increased security vulnerabilities.
IT and security operations professionals are constantly trying to stay ahead of cybercriminals by investing in protecting interactions, data, and corporate reputations with advanced cybersecurity solutions. One of the areas often ignored is RTC, especially voice, even as voice is growing (from live human voice to natural language processing voices as part of modern virtual assistants to voice-command-based technologies).Â
Besides, now that many employees are working remotely, they can access company communications infrastructure via remote access. This allows them to tap resources they may have previously only been able to do in a premise-based location with local networking controlling that access. Remote access also means a surge of uncontrolled endpoints, including virtual private networks (VPNs), which is subject to credential stuffing, password spraying, patch problems (which have been linked to 27% of all breaches), and new malware threats (89% of which have been linked to COVID) – according to Carbon Black.
Learn More: 4 Key Elements of a Secure Video Conferencing Infrastructure
Media coverage of high-profile corporate cyberattacks has shown that no organization is immune, including some of the world’s largest and most respected companies like Microsoft and Amazon, both of which suffered cloud server takeovers of their AWS and Azure platforms.Â
The surge in IP-based networks has also served to highlight the dangers of unprotected IP networks. For example, a Fortune 100 multinational food manufacturing company was hit by a “Dial Through Fraud†case with:
- High volume of calls to high rate international/premium rate numbers
- More than $200K per month in additional communications chargesÂ
- An investigation that revealed the incoming SIP Trunk was seeing the same Calling Party Number dialing again and again
So, what can enterprises do to combat situations like these and protect their voice communications infrastructure without breaking the bank?Â
The example cited above was resolved with RTC analytics, including real-time detection of the problem, on-demand mitigation to optimize fraud protection, and interactive dashboards with heatmaps to identify Calling Party numbers dialing out to unusual (and expensive) destinations. Â
Learn More: Solving the Data Disconnect Call Centers Face
We are increasingly seeing that forward-thinking enterprises who recognize the grave threats that cybercriminals pose to their voice infrastructure are investing in cost-effective solutions that provide increased visibility in determining whether calls are from legitimate sources.Â
These solutions leverage the latest in analytics capabilities that use behavioral modeling and machine learning techniques to produce advanced reputation scoring and call validation treatment for every call, including how a call should be handled, such as sent normally to the called party or redirected to prevent a nuisance or fraud call from reaching the called party.Â
Enterprises should also consider investing in solutions that can ingest real-time and non-real-time data from third-party applications or databases to increase the accuracy of the identity assurance modeling and dynamically adapt to evolving threat landscapes while delivering actionable prescriptive mitigation.Â
We are in a brave new world, one in which you cannot manage what you cannot measure, including in the world of voice, contact center, and cloud collaboration. RTC solutions are saving the economy, making it possible for people to work from home to keep businesses, essential systems, and entire economies going.Â
By understanding the new voice threat landscape and putting the right security analytics measures in place, we contribute to the come-back while also preparing for future threats with intelligence built-in.
Did you enjoy reading this article? Let us know your thoughts on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you.