14 DAY TRIAL // According to a recently released study conducted by RedShift Research at the request of telecoms supplier Denovo, businesses turn a blind eye to telecom related security issues. Most companies believe that this type of fraud will not impact them in a significant manner and prefer to focus their attention on other security issues, such as data loss.
"About ten years ago, companies would have had a voice manager and an IT manager, now voice comes in as a function of IT. What happens is that the IT manager often doesn't fully understand the workings of the phone system so it gets ignored. We found that 16 percent of businesses with more than a 1,000 users had been hit for losses of more than ?50,000," says Chris Richardson, portfolio manager at Damovo UK as cited by NetworkLand.
The survey, which included a total of 250 organizations, has shown that, since about 40% of the surveyed companies have been on the receiving end of telecom fraud, this security issue is not an isolated problem. One company for example managed to lose ?50,000 to this form of illegal activity. Companies with 400 to 600 employees are even more vulnerable, the percentage of such organizations that could fall victim to telecom fraud being of 53%.
There are two types of external attacks that a person with malicious intent can carry out on an organization's phone networks: DISA (direct inward system access) and voice mail fraud. "But there can also be internal attacks. We came across one case where one employee in an organization was using an analogue port to rack up a 1,000 hours of dial-up to Pipex," says Richardson.
The current situation in modern businesses is that a great deal of care is given to protecting the LAN (local area network) and ensuring that the employees do not visit certain web pages, while the issue of telecom security is pretty much ignored. Denovo will address this situation by releasing "a device that monitors in-bound and out-bound traffic. The user can set rules, for example if the cost of a port goes above a certain amount, and if any rules are being broken, then it issues an alert."
This security issue will grow as VoIP is going to be implemented in more and more organizations.