Security in communications systems may never be as sexy a topic as it is in the broader IT world. Toll fraud will never be as interesting as the prospect of hacking into an SUV as it cruises down the highway at 65 mph. But toll fraud remains an expensive problem, and voice security is becoming a more important issue as much of the world cuts the cord and mobile phones become the default way of reaching people. How many voice spam calls do you get in a typical day? And voice scammers are increasingly on the prowl, as consultant Joyce Osenbaugh of BAZ Group describes in a post on No Jitter this week.
Joyce describes how increasingly sophisticated hackers can spoof trusted phone numbers and target vulnerable populations like the elderly, and she follows up with statistics on the continued growth of phone fraud, which she pegs at almost $30 billion lost in 2017. She notes that much of this fraud is targeted at enterprise phone systems, affirming that, “Yes, the bulk of PBX hacking still occurs the old-fashioned way.”
And much of your response will have to follow the old-fashioned ways, like strictly adhering to best practices when it comes to passwords, Joyce writes. However, there are some new tricks in the bag, like a recently-established protocol called SHAKEN/STIR that can be used to thwart robocalling spam, and which Joyce discusses in her post.
All of these issues arise alongside many of the more complex security challenges that emerge when new media, such as video, and new technologies, such as APIs, become an increasingly important part of the communications landscape. That’s why we’ve got a couple of great security sessions on the program at Enterprise Connect Orlando 2019.
Core issues like toll fraud will be a primary focus of a session entitled, “Communications Hacks: Sources and Solutions.” Lee Sutterfield, CEO of SecureLogix, will lead a discussion with representatives from leading manufacturers of Session Border Controllers (SBCs) about the latest trends in “legacy”-type security threats, and how you should be working to guard against them. Whether it’s toll fraud, SIP-based attacks, or social engineering, this is still where the lion’s share of the money is being lost to fraudsters today, and this panel of experts will have the latest thinking about how to fight back.
In addition, in a session called “Best Practices In Securing Unified Communications,” Sorell Slaymaker of Unified IT Systems will look at many of the challenges that are emerging as communications begins to fully exploit the IP networks and software-powered systems to which it’s migrating. Sorell will focus on the technology aspects, but he’ll also discuss the organizational challenges that arise: Too often, enterprise IT security professionals discount the importance of communications security, or simply fail to understand the unique issues at play, as he notes on No Jitter this week (read his post and tune in to hear him in the latest episode of our No Jitter On Air podcast). Likewise, communications people need to continually hone their understanding of the more sophisticated issues around security.
Joyce opens and closes her No Jitter piece with an anecdote that I won’t give away here, but it’s instructive. It’s a reminder that technical sophistication may underpin many of the new attacks, but an individual or an organization’s ability to thwart such attacks ultimately rises or falls on their own awareness and vigilance.
I hope you can join us for Enterprise Connect 2019 in Orlando.