Most security teams and IT leaders are laser-focused on protecting their data networks for web and email. Yet all too often, they tend to downplay parallel threats to their voice networks from scammers and robocallers, which can lead to costly data breaches and reduce employee productivity.
In recent years, criminals have broadened their attack strategies by taking advantage of the widespread adoption of VOIP phone calls. Internet telephony systems are increasingly being used to launch various attack strategies to access private data and hold enterprises hostage.
For instance, ransomware attacks have increased through the vector of personal mobile phones that are used for business purposes. The bad guys have figured out how to send ransomware from mobile devices through corporate Wi-Fi systems to strike data networks.
We are also seeing new telephony denial-of-service attacks that block incoming and/or outgoing calls to disrupt businesses. Other serious problems that can affect the voice network include nefarious types of data theft, intellectual property theft, and identity theft.
Another emerging issue that is troubling involves the widespread adoption of enterprise collaboration platforms. The pandemic has upended office routines forever due to the trend of working from home and the resulting need to unite remote workers. To help bring employees together, most organizations have adopted platforms such as Microsoft Teams, Google Meet, Cisco WebEx, Zoom, and others.
These new collaboration tools have revolutionized how hybrid workforces come together and interact across a range of digital channels including chat, video, document sharing, video conferencing, and voice calls. While this shift has greatly increased employee productivity, it has also introduced unintended threats to the security of voice networks that support the various collaboration platforms. This problem is magnified by the many different types of collaboration apps now in use for both internal and external communications.
For example, a company that relies on Microsoft Teams for its internal video conferencing may have the system completely protected, but that sense of security disappears whenever an employee makes or receives an external call. The threat surface to the company’s voice network expands each time someone holds a meeting on a customer’s external Zoom line, or when they receive direct business calls on their personal cellphones.
Case study: global pharma firm caught off-guard
In one recent case, a global pharmaceutical company with 48,000 employees and annual revenue of $56.2 billion was pilot testing the integration of voice functionality into their existing Microsoft Teams collaboration hub when they uncovered a significant problem. As the testing was rolled out, users were quickly overwhelmed by a blitz of unwanted phone calls in the form of robocalls and spam calls.
Prior to installing Teams, incoming phone calls rang on their standard desk phones and unwanted calls were sent to voicemail, making them a non-issue. But with Teams, every incoming call simultaneously rang on each user’s connected devices – all of them at once, not just on the phone: The unwanted call beast had risen!
The test users were unable to control the chaos as each incoming call rang their laptop and desktop computers, tablets, desk phones, and cell phones. It quickly became clear that the Teams rollout was unintentionally hurting staff productivity and communications. In addition, the collaboration platform had expanded the threat surface of the company’s voice network and introduced unintended new security vulnerabilities.
By deploying a smart voice traffic filter, the drugmaker was able to optimize its investment in the Microsoft Teams collaboration platform while removing unwanted inbound traffic from nuisance callers and dangerous nefarious callers. That ended the frustration of robocalls ringing on multiple devices at the same time, which improved the end user experience and increased employee job satisfaction.
A comprehensive assessment of the pharma company’s call traffic over the course of one month showed that 13.7% of inbound calls were coming from spammers and robocallers. In other words, by receiving 1.4 million inbound calls annually, the company was being subjected to some 191,800 unwanted calls each year.
By blocking so many unwanted calls from ever hitting the voice network, the pharma company was able to resolve its Teams issue. As a result of the fix, the firm calculated a 239% return on its Teams investment and annual cost savings of $407,000 due to increased productivity.
The pharmaceutical industry is not alone in facing this unexpected new concern during the pandemic. An analysis of data extrapolated from all vertical industries reveals that 8.7% of all calls to large organizations are unwanted, meaning that such voice traffic either comes from nuisance calls or nefarious calls.
Businesses of all kinds can increase productivity and enhance innovation by improving collaboration and teamwork. But as business processes become more open and collaborative among different organizations, security teams will need to focus greater attention on how to protect their voice networks against these added layers of complexity and vulnerability.
