Why VoIP encryption must be factored into the wider cyber security debate

null

In a relatively short space of time, the focus on cyber security has grown from an ‘optional extra’ among businesses – something they could either take or leave, without putting too much thought into the wider consequences – to an absolute necessity. From the NHS ‘WannaCry’ attack to the TalkTalk data breach, we seem to read headlines about cyber attack-related incidents all the time, and as a result we are more aware than ever of why staying protected is so necessary.

The consequences of not doing so can be crippling. Indeed, cyber crime is set to cost businesses around $6 trillion globally by 2021. Another startling statistic found that nearly half of UK businesses suffered a cyber attack in the last 12 months, “according to a new government survey of more than 2,000 organisations”.    

Despite the incredible scale of these attacks, the vast majority of them look the same. Whether it’s a DDoS attack, a phishing scam or a vulnerability in an IT infrastructure, businesses spend huge amounts of time preparing themselves for a very small range of different attacks. 

What many organisations seem to fail to consider, however, is how telecoms factors in to their overarching cyber-security strategy. 

No matter the size or sector, telephony is an integral part of any business. It is essential to effective communications and can be used for all manner of different reasons, whether it’s an informal chat or a confidential discussion. But it is now just as susceptible to being hacked as anything else. This is why it’s so vital that all business telecoms infrastructures are sufficiently encrypted.

The journey towards encryption 

Encryption hasn’t always been necessary among telecoms communications. For many years now businesses have been relying on ISDN for their telephony services – a traditional method that allows both voice and data services to be delivered simultaneously over digital lines - but this is being phased out for more modern alternatives. However, despite being seen as outdated by many, ISDN remains an incredibly secure telephony method, with very little opportunity to be exploited by hackers. 

This hasn’t stopped the major telephony companies from deciding to move away from ISDN. BT, for example, is planning to switch off ISDN entirely by 2025, with all businesses being moved onto an IP-based network instead. This means that, slowly but surely, ISDN will become entirely obsolete, while engineers will have to re-train on alternative technologies. 

The problem is, while an IP-based alternative might be a sensible choice in today’s landscape, IP-based telephony, or voice over IP (VoIP), comes with heightened risks around security. 

The problem with IP 

IP is an incredible method of communication and transportation. It’s quick, it’s simple and it allows businesses to operate via a unified IT infrastructure. However, in much the same way as other IP-based communications including email, VoIP can be exploited by hackers for their own gain. 

Part of this lies in our own innate comfort and familiarity with IP-based communications. When we send an email to a work colleague or chat to a family member using a VoIP service like Skype, the vast majority of us are thinking solely about what it is we are saying, or what it is we are listening to or reading. We rarely think about how this information is being transmitted to the other party, and how easy it might be for someone to intercept these communications. 

The truth is, every communication made over IP – including voice - is nothing more than a data packet. These packets could be small or large, and they could contain publicly available information or highly sensitive information. But one thing is certain: all packets are valuable to hackers. Therefore, all packets need to be protected with the same level of detail and attention as businesses invest into wider security-related issues. 

It’s also worth considering the intentions of these hackers. Of course, the primary motive behind most cyber attacks is financial gain, with confidential information and data being sold on the dark web or elsewhere. But this is not always the case. Some might be looking to inflict maximum damage on a business for a certain reason, while others might simply choose to embarrass an organisation just because they can. 

The importance of data security is heightened further through the recent enforcement of the General Data Protection Regulation (GDPR). This has forced businesses to think more seriously than ever about how they are protecting any personally identifiable data they have on file. Its arrival also means there’s no better time for businesses to adopt a self-policing policy that allows them to deal far more effectively with any data-related issues, before they become too large to handle. 

So, how can businesses swerve these IP-related issues and ensure all their future VoIP efforts are safe, secure and future-proofed? 

Taking advantage of encryption

Encryption is without a doubt the best solution to maintaining operational efficiency through IP-based telephony. This makes it much more difficult for hackers and other opportunists to get hold of the data packets that are being transported across the IP network. This is particularly important as an influx of businesses try to achieve compliance with various regulations including the GDPR and the Payment Card Industry Data Security Standard. 

Encryption can protect against so much more than data breaches, too. Depending on the level of the encryption itself, organisations can also use it to protect themselves against toll fraud, an emerging telephony-based cyber attack by which hackers gain access to a phone system and use it to call premium rate numbers in order to rack up huge phone bills. With proper encryption, the phone systems can be hidden from view of the hackers, making it far more challenging for them to carry out any toll fraud activity. 

Conclusion

As businesses move away from the ISDN technology they have previously depended on for so long, and embrace the new world of IP-based telephony, there are numerous benefits that can be enjoyed. But there is also a hidden danger in the threat to data security, and this is something that all businesses must be acutely aware of. 

However, by embracing encryption, organisations can operate with the same level of reassurance that they enjoyed in the ISDN days. Through awareness, education and action, we can all take the right steps to avoid being unknowingly caught out by hackers looking for new avenues to attack.  

Nick Claxson, Founder and Managing Director of Comtec 

Image Credit: Everything Possible / Shutterstock