When you think about cybersecurity, what comes to mind? Chances are, you or your IT experts are thinking of computers, routers, servers, and network switches. But there’s another important risk management consideration that is often overlooked or addressed as an afterthought in an otherwise comprehensive cybersecurity plan: your organization’s telecommunications infrastructure and vendors.
Over the past few years, the world has seen a dramatic increase in ransomware attacks and hackers stealing personal/corporate data, among other things. This year in the US alone, at least 93 hosted VoIP providers and organizations hosting their VoIP services on their private networks have been targeted in the Communications, Banking, Finance, and Insurance sectors. The figure for the same period worldwide is reported at 1200 cases-- the actual figures for both domestic and international cases are likely much higher.
In 2020, major VoIP/Telecom providers failed to address security and configuration issues, thereby exposing themselves to hackers. For instance, Broadvoice (a national US-based provider) failed to configure their network properly and exposed 350 million customer records. The article linked here contains another example: Asterisk (the most widely-used VoIP software and the core of many hosted VoIP providers’ software systems) is often preferred over more secure software options for its easy integration with other systems, despite its being riddled with security holes that can and have been exploited.
Increasingly, hackers have been targeting VoIP phone systems with specific vulnerabilities. Few IT and C-level decision makers may have had the opportunity to consider cybersecurity as it pertains to their telecommunications systems, but below is a short list of what a skilled hacker can accomplish:
Hold the entire phone system hostage.
Install mining software for cryptocurrencies, crippling the organization’s servers.
Sell your system for free phone calls, primarily for international calls.
Use your phone system to relay robocalls.
Listen on calls.
Download call recordings and call records.
Use the phone system as an entry point to the rest of your internal network.
What does this mean from a business perspective?
The above examples may yield results ranging from hackers gaining sensitive data in the form of financial information and accessing recorded calls, to taking full control of your phone system--resulting in your organization’s inability to communicate with clients. If your system is hacked and used to make hundreds of thousands of international calls and robocalls, large monthly charges, fees, and possibly federal fines await. Lastly, if hackers are seeking access to the rest of your network, all of your data, files, and computers are potential targets.
The result of all of these is an expensive (financially and reputationally) and time-consuming process.
The best medicine, so to speak, is prevention. Contact your Cybersecurity provider to review your organization’s VoIP systems and the protections that you have in place. A good plan is multifaceted, and should address all areas of risk. VoIP Doctors works closely with your IT and Cybersecurity experts, whether they are in-house, trusted vendors, or some combination of the two. Providing VoIP consulting services and hosted VoIP services in a secure environment is our entire business.
Our co-founder and Chief Technology Officer, Michael A. Barson, brings 17 years of VoIP Telecommunications expertise to VoIP Doctors clients and partners every day. The VoIP Doctors platform guards against security threats and service interruptions to keep your business moving forward.
Contact us for a VoIP Telecom consultation via email at care@voipdoctors.com to begin the conversation.
With warm wishes for your continued wellbeing,
Mike & Hala
VoIP Doctors
Testing