What Resellers Need to Know About Cloud UC’s Security Vulnerabilities

March 24th 2016

“Businesses continue to migrate their unified communications applications to the cloud, citing flexibility as the key reason,” says Diane Myers, Infonetics Research principal analyst for VoIP, UC and IMS. “Cloud solutions are inherently more flexible than premises-based solutions, offering businesses the ability to scale users up and down, centralize management, and deploy new features and applications quickly.”

But this flexibility, along with the CapEx and OpEx savings inherent in any hosted solution, come with a caveat: UC is easier for hackers to attack when it’s in the cloud than when it’s on premise.

Security Experts: Prison Phone System Data Breach Puts VoIP Security Into Spotlight

March 24th 2016

Security experts said the reports Wednesday of a major data breach at Securus Technologies, which provides a significant amount of phone services to prisons nationwide, raises privacy concerns and calls into question security around VoIP systems. The data breach, which was first reported by The Intercept, compromised 70 million records across 37 states. The records include phone records as well as 14,000 phone recordings of likely confidential attorney-client conversations, the report said.The report said the records extend from December 2011 to spring of 2014.Add News Story here

March 24th 2016

IBM and Ponemon Institute are pleased to release the 2015 Cost of Data Breach Study: Global Analysis. According to our research, the average total cost of a data breach for the 350 companies participating in this research increased from 3.52 to $3.79 million2. The average cost paid for each lost or stolen record containing sensitive and confidential information increased from $145 in 2014 to $154 in this year’s study. In the past, senior executives and boards of directors may have been complacent about the risks posed by data breaches and cyber attacks. However, there is a growing concern about the potential damage to reputation, class action lawsuits and costly downtime that is motivating executives to pay greater attention to the security practices of their organizations.

Who's listening? VoIP systems vulnerable to hacking

December 18, 2015

Businesses need to ensure they have the appropriate security measures in place to avoid being targeted by cyber criminals hacking into their systems. That’s the word from MyBusinessVoice, who says VoIP systems are no exception, and businesses to seriously thinking the security they have in place.

“While VoIP is a more efficient way to communicate and more cost effective, it is after all using the same network as your email and other internet devices,” MyBusinessVoice says. “No doubt you have experienced spam and cyber-attacks in these areas.”

October 16, 2015

Long Term Evolution (LTE) mobile networks are currently deployed through the world. These LTE mobile networks make use of full packet switching and the IP protocol, unlike previous iterations of the mobile network. This change from circuit switching to packet switching allows new attacks not previously possible. Some implementations of LTE networks and mobile applications are currently vulnerable to several issues which may result in loss of privacy, incorrect billing, and data spoofing.

July 9, 2015

As more consumers and organizations continue to migrate from their landline to IP telephony, hackers are targeting this platform because of the sheer number of gateways that could be exploited. With VoIP, the security threat not only includes the same problems data networks face, but also issues that are specific to IP telephony. Unlike TDM phones and PBXs which had very few security issues because they are hard-wired, VoIP caller server gateways and IP phones are software based, which makes it much easier to access. Therefore protecting the infrastructure with a layered security approach is better to mitigate VoIP attacks.

June 23, 2015

Last week's cyberattack on federal government websites is raising concerns about the government's plan to switch many of its landlines over to Voice over Internet Protocol (VoIP) phones.

June 10, 2015

Voice over IP (VoIP) infrastructure has become more susceptible to cyber attacks in recent years due to the proliferation of both its use and the tools that can be used for malicious purposes. During the first quarter of 2015, our security researchers have observed a large amount of VoIP attacks worldwide; however, the majority were against UK servers.

June 8, 2015

I write about VoIP security from time to time, and it’s a prime topic for this column in a few different ways. While VoIP security is of particular relevance to TMC’s (News - Alert) audience, it’s really a small branch of the data security tree, which encompasses many strands of traffic that IT must manage over their network.

May 18, 2015

In my last post, I wrote about a current success story from a particular vendor, as it was a great example of how to work with a customer experiencing VoIP security problems and to implement an effective solution. Generally, I try to stay vendor-neutral, so I’m going to continue this topic along those lines. There are several realities related to VoIP security that don’t get attention, and SMBs in particular need to understand them. More importantly, however, they need to respond proactively, and that likely requires a change in thinking.

May 14, 2015

In my last post, I framed the VoIP security analysis around two misperceptions that allow this to become a serious issue. As a technology, VoIP is inherently not secure – it was created before broadband at a time when the hacking threats we see today did not exist. Furthermore, VoIP was outside the mainstream back then and very much built in the Internet spirit of openness and sharing. The creators were really only thinking about how VoIP would be used for good purposes rather than serving as a vehicle for cyber attackers.

May 14, 2015

In my last post, I framed the VoIP security analysis around two misperceptions that allow this to become a serious issue. As a technology, VoIP is inherently not secure – it was created before broadband at a time when the hacking threats we see today did not exist. Furthermore, VoIP was outside the mainstream back then and very much built in the Internet spirit of openness and sharing. The creators were really only thinking about how VoIP would be used for good purposes rather than serving as a vehicle for cyber attackers.

May 11, 2015

Network security should always be a concern with any type of communications, especially when using Session Initiation Protocol (SIP). There are special security considerations associated with SIP trunking you should be aware of to maintain safe communications, including the threat of a brute force attack or Denial of Service (DoS) attack. Here’s what you need to know to reduce the odds of your communications becoming compromised.

April 29, 2015

More organizations are choosing to implement VoIP telephony in the enterprise for its cost savings. However, securing the technology comes with its own price tag. This secure VoIP tutorial is a compilation of resources that review VoIP security best practices, protocols and standards, LAN security, vulnerabilities, troubleshooting, threats and more.

January 23, 2014

VoIP-related threats are evolving faster than you're able to handle, and until you understand the nature of these threats, you won't know what's truly at risk.

For many of you, VoIP is old hat, and when it comes to innovations in communications, you're focusing on other things these days. Even UC may feel very 2013, and now you're more granular, becoming immersed in things like WebRTC, desktop video, BYOD and Big Data--along with anything that produces a tangible ROI for collaboration.

April 15, 2015

The PCI Security Standards Council has published a new version of its data security standard that calls for ending the use of the outdated Secure Sockets Layer encryption protocol that can put payment data at risk.

March 11, 2015

The scale of recent payment-data breaches makes it clear that many organizations’ security measures aren’t slowing attackers down. In this year’s PCI Compliance Report, we take a critical look at whether the problem is a result of current security standards or the way compliance is being approached, and what organizations can do to better manage the risk.

August 10, 2014

Once considered an alternative telephony solution, VoIP (Voice over Internet Protocol) is now a mainstream technology used by an increasing number of businesses due to its superior features and competitive pricing.

However, with VoIP technology comes a far bigger price for your business to pay should your phone solution remain vulnerable to potential security risks from clever Internet hackers.

July 16, 2014

A $56 million deployment of Voice over Internet Protocol (VoIP) telecom networks across the Department of Energy that was designed to enhance efficiency while reducing costs has created potential redundancy and cybersecurity issues, according to an internal report.

“While this technology potentially provides many benefits, it also presents additional security risks. The most serious threat to VoIP systems is an attack that results in massive increases in network traffic that can render a system inoperable,” according to the report, released late last month.

July 9, 2014

Adoption of VoIP networks has increased in leaps and bounds over the last few years. Today, many individuals and businesses use VoIP extensively for making voice calls. Along with this widespread use of VoIP, however, come some security issues. It is possible for hackers to access VoIP networks to eavesdrop on calls, change caller IDs, disrupt phone calls, or even send unwanted messages through the network.

June 10, 2014

Security is a messy topic, and is a lot like insurance. Nobody likes to talk about it, but if you ignore it for too long there will be pain. There are many angles to explore, and I began this series in my last post by focusing on Blackshades, a malicious cyber-threat that’s very much in the news lately. Your VoIP phone system won’t likely be the point of entry for Blackshades, but you need to be thinking along these lines, and that why I’m talking about threats like this.

Should You Worry About Blackshades with VoIP?

June 10, 2014

No matter how big your business or how deep your IT expertise, network security needs to be one of your tops concerns when considering VoIP. Not only are data security breaches happening more frequently, but they tend to happen quickly and on a larger and larger scale. Take your pick – Wikileaks, NSA, Heartbleed or the credit card fraud that just brought down Target – all of them are now part of the new landscape being shaped by IP networks and Internet-based technologies.

March 6, 2014

A majority of organizations assume that their networks have already been compromised or will be compromised, according to a survey of 948 IT security pros by the SANS Institute on behalf of Guidance Software.

More than two-thirds of respondents said they are collecting data from endpoints, but only 16 percent find more than half of their threats through active discovery or hunting. Close to half of respondents said that improved visibility into sensitive information would be extremely useful.

March 6, 2014

Substituting one technology for another is a common practice in enterprise environments today. Advancements, new capabilities and better functionality make updates and upgrades a common phenomenon. One change that continues to draw attention is the replacement of the analog landline with voice over Internet Protocol (VoIP).Add News Story here

March 4, 2014

Toll fraud and phone hacking are by no means a new threat for enterprises, but Voice over IP access lines closely tied to the enterprise network are providing a bigger, more attractive target for hackers.

Service providers are moving their legacy plain old telephone systeminfrastructure into retirement as enterprises lean toward IP-based phone services. But as voice traffic transitions from traveling via copper lines to Internet-based packets, new vulnerabilities are emerging. 

February 11, 2014

Organizations are consistently failing to implement the Payment Card Industry Data Security Standard, which provides guidelines to secure credit and debit card information, according to the Verizon 2014 PCI Compliance Report.

A majority of organizations that accept credit and debit cards fail to maintain PCI security standards. The report is based on findings from hundreds of PCI DSS assessments conducted by Verizon's team of PCI assessors from 2011 through 2013.

February 6, 2014

The massive data breach at Target last month may have resulted partly from the retailer's failure to properly segregate systems handling sensitive payment card data from the rest of its network.

Security blogger Brian Krebs, who was the first to report on the Target breach, yesterday reported that hackers broke into the retailer's network using login credentials stolen from a heating, ventilation and air conditioning company that does work for Target at a number of locations.

February 4, 2014

Hackers disclosed more than 20,000 of Bell Canada’s small-business customer usernames and passwords last weekend, the latest reminder that users and companies alike need to start taking data protection more seriously.

An examination of how the data breach likely happened shows the risk users face when companies they share their information with don’t take crucial steps to safeguard it.

February 4, 2014

Retailers should take a multi-layered approach to credit and debit card security, recommends Troy Leach, chief technology officer with the Payment Card Industry, or PCI, Security Standards Council.

January 30, 2014

We don’t usually worry about having our telephones hacked. But we should.

With the rise of voice-over-IP, we’ve entered a brave new world of voice communication that is easier, cheaper and more integrated with other communication systems. All this is good. But, one of the costs of VoIP is increased security risks since, unlike the telephone network of old, VoIP is digital and therefore subject to the same kind of hacking that challenges other computer-related services.

January 23, 2014

Fewer than half of IT managers polled by email security provider DataMotion are confident that their company could pass a security compliance audit.  

This compares with 65 percent of non-IT employees who are confident their firm could pass a compliance audit, suggesting that there is a perception gap when it comes to security, according to the survey of 400 IT and business decision makers by DataMotion.

June 13, 2013

According to a new study by the Ponemon Institute and Symantec, in 2012, a data breach cost a U.S. enterprise an average $5.4 million per incident.

Human error and systemic problems accounted for two-thirds of data breaches last year. For example, prior Symantec research found that 62 percent of employees think it is acceptable to transfer corporate data outside the company and the majority never the delete the data, leaving the company vulnerable to data leaks.