Cybersecurity Comes to Enterprise CommunicationsCybersecurity Comes to Enterprise Communications
Voice-focused attacks remain a major issue as CX grows in importance.
February 2, 2024
Communications technology has long grappled with a set of security challenges specific to voice as a channel. SecureLogix, one of the leading vendors in this space over the past couple of decades, lists some of the major ones:
Caller ID spoofing and impersonation attacks
Telephony denial of service (TDoS)
Toll fraud and toll-free traffic pumping
Robocalls, spam, and harassing callers
Telephony may be fading away, and voice calling may even be poised to decline in the contact center, but for now, voice is still an important channel, and so voice-focused attacks remain a major issue as CX grows in importance. These threats pose a risk in themselves—bringing a network down with TDoS, costing the enterprise money via toll fraud, or rendering its outbound communications almost useless because robocalls have made so many people loathe to answer their phones. But in addition, attacks like Caller ID spoofing can be the gateway to vishing, or voice phishing, a social engineering attack that gets an agent to give information or access to a fraudster, opening the enterprise up to a potentially catastrophic security breach.
But beyond voice-specific attacks, I believe there’s a growing awareness in enterprise communications circles of a need to inculcate general cybersecurity best practices and awareness into the communications world. The models and concepts of cybersecurity need to be a core part of the enterprise communications team’s mandate.
No Jitter recently carried a useful, succinct rundown on the core elements of a cybersecurity strategy, by consultant Scott Murphy of Data Perceptions, Inc., writing on behalf of the Society of Communications Technology Consultants (SCTC). Murphy states that, “Understanding the applications and tools used by the business will be more important than ever in managing cyber risks,” a statement that certainly applies to the communications organization and the way it serves its business users. Murphy outlines five key elements of this cybersecurity framework:
An Educated Human Firewall – Security policies, awareness training, and testing
Unified Device Management – Policy-driven onboarding, offboarding and everything in-between
Advanced Identity and Authentication Management – AI-powered zero trust enforcement
A Perimeter-less Network – always behind the security edge
Advanced Endpoint Protection – AI-powered extended detection and response
None of these elements is specific to communications systems, yet each must be present within the collaboration estate.
I’m delighted that Scott Murphy will be moderating a session at Enterprise Connect 2024 called, Why Communications/CX Tech Needs a Multi-Layered Approach to Security. He’ll be joined by security expert Stephen Semmelroth of AVANT Communications, who will discuss the multi-layered security model and how it applies in communications. The session is part of our expanded Security & Compliance track, which looks at the latest risks both in terms of security breaches as well as compliance risks in areas such as privacy and discovery. These issues are particularly important with the current generation of collaboration systems—especially as those systems use AI to deliver more of their functionality. Finally, the track will continue to follow E911 as enterprises struggle to comply with regulations and laws.
So if you’re a security-minded IT professional—and who isn’t these days—I hope you can join us in Orlando for Enterprise Connect 2024, March 25 – 28 at the Gaylord Palms hotel. In addition to this great security content, you’ll have a chance to dive deep on trends and the latest developments in AI, CX, meetings/video, and much more. Best of all, we’ve got dozens of your enterprise peers on the program as speakers—it’ll be a great chance to learn from and network with those who are going through the same challenges you face. See you next month!
