VoIP Security Isn't Taken Seriously Enough

When we think about cyber security, most of us usually imagine stolen credit card data, confidential business files lifted from laptops, database breaches or photos grabbed from a celebrity’s phone. Few of us of consider the security of our phones.

There’s good reason for this oversight, of course; until recently, telephone calls were relatively hard to hijack. In the days of analogue phones, there were limited opportunities for security breaches without the insertion of a physical device somewhere along the network.

Times have changed, however, and VoIP represents an easier target because like the rest of our lives it is digital and therefore prone to cyber crime.

A study of U.K. businesses by the consultancy, Nettitude, found that VoIP servers represented 67 percent of all recorded security breaches. This is in contrast with SQL servers, which accounted for only 4 percent.

The attacks on VoIP can range from eavesdropping of sensitive communications to misrepresenting identity, authority, rights and content. If you think your phone calls are safe, think again.

There are security options for VoIP; session border controllers can help protect VoIP connections from cyber crime. Far too often such SBCs are installed and then forgotten, however. This, like virus software that is never updated, is a hollow protection.

What’s needed first and foremost is more awareness of the problem, then more products and services that protect against VoIP hijacking and intrusion. Because of VoIP relationship to older calling technology, users bring a false sense of security that VoIP cannot or will not be attacked by cyber criminals. But this is just not the case, as the Nettitude study highlights.

Since VoIP security is not taken seriously enough, this also means that the industry is not delivering enough products and services to protect VoIP connections. The market follows consumer demand, and awareness of the problem is so low that there isn’t the push needed for the kind of robust security response that is warranted.

VoIP security is a ticking time bomb. Businesses would be wise to pay attention and not wait until the damage has been done. This is not an indictment against VoIP, but it is a warning to those who think any digital technology is safe, VoIP or otherwise.