Sections of the comms sector continue to reduce VoIP security threat levels to ‘moderate’ and sit on their hands in the face of belligerent cyber attacks.
That’s according to Ollie Clutterbuck, Head of Product Architecture at 9 Group, who says any withdrawal from the severity of the issue is an urgent industry challenge.
The communications industry in general has perhaps never before failed so much to act on a matter of importance as critical as VoIP security, according to Clutterbuck, who too often sees resellers and ITSPs fail to make the security grade.
It is far too easy now for a malicious user to obtain software that takes all the complexity out of attacking peoples’ systems. It is clear that the frequency and sophistication of attacks is increasing. You have to accept that at some point you are going to get attacked but it’s up to you, your customers and your service provider to make sure you have done as much as possible to mitigate this attack.
Clutterbuck noted that the same failures are repeated over and over again – poorly secured phone systems, weak voicemail security and user error.
The good news is that these are easy to fix. Use strong passwords when securing phone systems and don’t use the same password on all systems; restrict access for phone system management to known IP addresses; lock down SIP access to only your ITSP (this isn’t always possible with remote workers so consider none standard ports and if possible a session boarder controller); use strong PIN access for voicemail; if possible don’t allow external access; don’t allow users to dial out from voicemail; don’t let users share passwords and where possible do not give users any SIP credentials. You also need to make sure your ITSP is protecting your customers’ security from within their own network.
In terms of VoIP security, the integration of mobile devices will be a key shift over the next five years, believes Clutterbuck.
We will see business telephony switch from the desktop phone to softphones and mobile clients, where VoIP is heavily integrated with the native dialler. This puts security very much in the hands of the user. Another interesting development is the use of machine learning to create AI for mining through large quantities of data. And we are seeing the emergence of IoT and its integration with telephony, whether it be location detection to change a user’s availability, or motion sensors that text the user when someone enters their house, which needs to have security at its core when these systems are designed.
Security versus usability has always been the trade off. With increased security comes a worsening user experience, so our job is to keep that balance, protect customers and provide a rich and engaging user experience at a time when integration is becoming key and still emerging as a requirement. Yes people are doing CRM integration, but I’m talking about integrating with your car, or your home, integrating with Facebook or WhatsApp. The way we communicate is evolving and we need to be looking to the future and how we can get a user’s communication system to integrate seamlessly with their everyday life – effortlessly and securely.
Check out the full article here on Comms Dealer.
