Archive

Enterprise communications: the new target for cybercriminals by Andreas Seum

Security continues to give enterprises a headache across their networks. New security threats emerge weekly and enterprise corporate infrastructures  are under attack as never before. According to Symantec’s annual State of Enterprise Security report, 29 percent of enterprises saw an increase in attacks over the 12 months .
 
Enterprise communications, including voice, is looking increasingly vulnerable. A recent report from ViperLab found that in just one year, attacks from hackers targeting enterprise unified communications (UC) servers increased by 50 percent. What’s more, a full 25 percent of all hacking attacks in the open Internet were against voice and UC.

Many of these attacks are attempts to commit toll fraud, says ViperLab. This is where a hacker takes control of an enterprise VoIP server to place long distance calls or premium rate service calls.One company told ComputerWorld magazine how they were hit with a $100,000 phone bill after being the victim of just such an attack.

These attacks hark back to the pre-Internet telephony crime called phreaking, where hackers would attempt to compromise enterprise PBXs in order to commit similar crimes. They are more widespread than you might think. Security magazine quotes an FBI report that says that a major international toll fraud ring hit 2,200 US enterprises with total estimated losses of a staggering $55 million.

Stopping attacks

So how do you prevent yourself from becoming a victim? The key is not to think of security as a series of discrete elements in your IT infrastructure. Security must lie at the core of your operations and be an integrated part of your IT and voice networks.
In the past, applications were developed in silos, with a modular approach that led to integration and security problems when applied across systems. But today’s enterprises need information to flow seamlessly across a variety of systems and applications to increase productivity. This requires a multi-layer approach to security to minimize the security risks.

Because security is only as strong as the weakest link in the chain, it is vital that fundamental security principles are incorporated throughout the lifecycle of each product, solution and service. These need to comply with internationally recognized standards, such as ISO 27000, BS 25999, IT Service Management (ITIL) and the National Institute for Standards & Technology (NIST).

This is the approach that Siemens Enterprise Communications takes to security. We believe that “security must be built-in, rather than bolted on”. Our security focus begins at the moment a product, service or solution is conceptualized and continues through to implementation by our customers, and beyond. Each of our offerings integrates a robust set of security technologies, processes and features to ensure compliance with our clients’ internal requirements.

During the design phase of each of our solutions, we perform a comprehensive theoretical threat and risk analysis to assess real-world issues such as password management, as well as penetration tests during the testing phase to uncover and correct vulnerabilities. We have an extensive security portfolio that secures a range of different products and services, including devices and clients, contact center, UC applications and converged platforms.