There are some very real security threats and issues in play in the VoIP space, particularly as the cloud is playing a more prominent role in VoIP solutions and services. And yet few businesses are prepared to deal with VoIP vulnerabilities or even to fully understand some of the threats they face.
According to PwC, only half of businesses have a security strategy for cloud computing, even as the number of cyberattacks is on the rise. Understanding threats and vulnerabilities is key to combatting potential threats, and this is particularly true when it comes to the unique circumstances of VoIP systems.
One of the main security mandates organizations need to understand is that records data on customers, employees and sensitive internal information are the top targets of cyberattacks. Being able to detect, analyze and respond to threats before business activities and reputation are impacted is a critical component of any security strategy for the VoIP world.
The key methods of attack in the VoIP space include call fraud, in which attackers take over VoIP lines and use them to make unauthorized calls. Through eavesdropping, hackers can also glean sensitive data like employee names, phone numbers and passwords. Malware and viruses are another means to hijack a VoIP phone system and softphones are particularly vulnerable. Once entry is gained, attackers can use organizations’ computer systems to send spam, gain remote access and destroy or “kidnap” valuable information in exchange for ransom.
Denial of service (DoS) involves flooding a network server and consuming all available bandwidth, thereby preventing all VoIP calls. It also gives attackers a window to steal valuable data, which can be costly and devastating. VoIP tampering and call hijacking are additional types of attacks designed to interrupt and intercept VoIP calls.
One of the best ways organizations can protect their VoIP systems and services is by contracting with a service provider that understands the unique vulnerabilities inherent in digitized voice. A good security strategy will include call encryption and authentication to ensure high levels of privacy and protection. Additional means of prevention include the challenge-handshake authentication protocol (CHAP), which handles access requests and may deny access to prevent fraudulent calling.
Anti-virus software is another way to protect softphones and related VoIP software, while deep packet inspection is useful for flagging potentially nefarious packets for closer scrutiny. Session border controllers (SBCs) are an invaluable tool for any network routing VoIP calls, while authorization policies and restrictions can also be helpful for monitoring and controlling all VoIP activity.
Businesses can no longer afford to be reactive when approaching VoIP vulnerabilities and security. By understanding the unique challenges and issues related to VoIP networks and calling, organizations can be proactive in enforcing a security policy tailored specifically to VoIP.