A Cybersecurity Evolution:
The Inclusion of Voice

BEST PRACTICES FOR VOICE SECURITY

Though slow in the uptake, it appears that enterprise-class organizations are finally waking up to the reality that securing the voice channel is a business priority. 

Voice-based attacks are a clear and present danger to operations, networks, employees, and customers.

By recognizing Voice as a critical threat vector, the elements of voice communications become a part of the attack surface.  Cybersecurity Frameworks and Enterprise Risk Management (ERM) programs extend to include Voice, closing a gaping hole which bad actors and cyber criminals have targeted with unprecedented success.

The Value of Voice Best Practices

As organizations work to incorporate Voice into their Cyber and Risk Strategies, Best Practices can help direct, structure and align their efforts.  Ultimately, the goal is an integrated risk management strategy and comprehensive tactics which protect the organization’s assets, people and operations from harm.

Voice Security Best Practices are available, CLICK HERE

Voice Cyberattack Types

Vishing (voice phishing), Spoof Calls, Social Engineering, GenAI Voice Attacks, Voice Spam, Voice Spam Storms, Toll Fraud, Robocalls and Telephone Denial of Service (TDoS) attacks are the most high-profile attacks in use by criminal agents to exploit the voice channel. Each of these voice attack types have a powerful commonality: immediate, real-time, and direct connection between the cybercriminal and a human.

What are the Bad Actors after?

By targeting and attacking the Voice Channel, Cybercriminals have two primary objectives:

  1. To disrupt your organization’s ability and capacity to communicate
  2. To gain real-time access to your organization’s weakest link, your people

With these objectives, the bad actor can compromise internal, external, inbound and outbound communications, disrupt operations, acquire private credentials, steal data, defraud employees, hijack accounts and more. Typically, voice-based attacks are part of a larger, systematic effort to infiltrate the targeted organization.  For the last 24 months, Ransomware attacks have been trending across the globe.

Organizationally, who is Responsible for Voice Security?

A quick online review of articles describing what organizations can do to defend themselves against such attacks reveals some common themes:

  • Stay up to date on latest threat trends;
  • Deliver ongoing employee training;
  • Establish clear policies and procedures for sensitive data handling;
  • Conduct regular audits of network infrastructure for vulnerabilities;
  • Implement a zero-trust policy limiting agent access to internal data;
  • Stay up to date with software security patches;
  • Coordinate with voice service providers;
  • Implement tight caller authentication practices;
  • Add threat-detection technology to the telecom infrastructure.

These are all examples of WHAT needs to be done to fully protect the organization against voice-based cyberattacks. What’s not clear, however, is WHO is ultimately responsible for the coordination and implementation. Which means there are plenty of cracks in the enterprise voice security shield for cybercriminals to slither through.

Insights from 2022 / 2023 Voice Threat Defense Surveys

In 2022 and 2023, Mutare interviewed approximately 300 telecom industry experts attending the RSA, Cisco Live and CCW (Contact Center Week) conferences to evaluate their level of threat awareness as well as their organizations’ defense strategies for voice-based attacks. 85% of respondents agreed that it’s time to elevate voice as a true threat vector.

However, when asked Who is responsible for Voice Security / Voice Threat Defense within their organizations, responses were divided between an IT Security Team, a dedicated Network Team, an internal Security Business Unit, a UC/Collaboration Voice Team, or Outsourced Service Providers.

Particularly revealing was the number of respondents who admitted they simply did not know who in their organization manages voice security. Even among those attending the international RSA conference which is billed as “The premier showcase for emerging cybersecurity policy, thought leadership, and innovation,” one in five fell into the “Do Not Know” category for their own organizations.  

The fact is, while communication through voice is fundamental to any successful business operation, protecting the integrity of the voice channel is uniquely challenging. This is particularly true for large organizations, where the voice channel may support a number of units with divergent voice requirements, including internal exchanges, UC communication platforms, a remote workforce and/or a contact center.

It’s no wonder there is confusion around what makes a cohesive policy of protection for the voice channel and who, in the end, is in charge.

Best Practices: Market Leadership

As a preeminent provider of voice network security solutions, Mutare recognizes that, to truly serve our customers, we must not only deliver cutting edge technology, but also useful information and guidance based on our 30+ years in enterprise voice solutions development.

To that end, we have formulated a comprehensive document of voice cybersecurity Best Practices specifically focused on the business units most invested in voice channel protection – Cybersecurity, Information Technology, and the Contact Center.

By understanding and adopting a coordinated strategy based on our evidence-based research and commitment to advancing reasonable, obtainable measures to protect enterprise voice, organizations will be well-prepared to defend their people, processes, data, infrastructure, customers and partners from the ever-evolving landscape of voice-based threats.  

Download Voice Best Practices

Click Here to download Foundational Best Practices for Voice Cybersecurity 2024.

Would you like to know more? Attend Live Discussion…

You are also invited to join us for a quick, 30-minute webinar on March 21, 1:00 PM ET, where we will discuss themes of cybersecurity for the enterprise voice channel in greater detail.

WEBINAR TITLE

 A Cybersecurity Dilemma:  Who’s Responsible for Protecting Voice?

 

WEBINAR DESCRIPTION

One of the fastest growing cybersecurity threat vectors is Voice, but organizations have been incredibly slow to react, leaving a gap in the Attack Surface.

In this webinar we will discuss the evolution of Voice as a threat vector and why Voice remains the most under protected communication channel.

We will briefly review some of the highest profile cyberattack types, including Vishing, Social Engineering, Phishing, Spoof Calls and Robocalls

Finally, we will conclude with a presentation of Foundational Best Practices for Voice Cybersecurity for 3 key business units:  Cybersecurity, Information Technology and the Contact Center.

 

WEBINAR DATE & TIME

March 21, 1:00 PM ET

REGISTER for the Webinar