How Cyber Thieves Thrive in the Cover of Chaos

SERIES (PART 3): Understanding and Applying the FAIR™ model as an Enterprise Cyber Risk Management Strategy


In this series, Understanding and Applying the FAIR™ model as an Enterprise Cyber Risk Management Strategy, we have discussed the nature of risk, and the human element of nuisance calls coming through the voice network. In our efforts to help contextualize the nuances of the risk present to enterprises everywhere, we broke unwanted calls into two main categories – nuisance and nefarious.

While the former carries with it the weight of productivity loss and idle frustration, the later carries a much more direct threat to companies’ ability to function at all. In this installment, we will take a closer look at these real-time threats to the voice network and discuss how current events are rife with the things that all thieves wait for: opportunity.

The Changing Face of Threats

Some news stories of late have me thinking about Robin Hood, the legendary, green-robed folk hero who robbed from the rich to give to the poor. They really don’t make criminals like that anymore. I will explain later why I choose to juxtapose the tale of Robin Hood against the real focus of these posts, which is to talk about the inherent threats that ride into business organizations through their phone networks. I know that lacks the romantic flashiness of a swashbuckling outlaw with an honorable calling, but bear with me.

The fact is, convincing business security managers that the humble phone is now the most effective tool for cybercrime is not always easy. That’s because today’s digital-savvy perpetrators are sly, invisible, their identities hidden behind spoofed caller IDs, randomized auto dialers and untraceable overseas carriers. We know from regular FBI warnings that they’re increasingly hitting their marks, but let’s face it, organizations are loath to admit that they’ve been duped by a scammer. Usually it’s only when the event results in significant systems disruption, widespread customer information exposure or clear regulatory breach that an enterprise victim may be forced into public acknowledgement. So, for every high-profile incident that makes the news, it is reasonable to assume there are many more that are quietly managed but are no less harmful.

And it’s getting worse. That’s because the new breed of cybercriminals are focused opportunists who, over the past two years, have deftly exploited the economic, political, institutional, and social upheavals of a global pandemic to mask their activities.


Raising Stakes

To better illustrate, I will reference the experience of one of our Voice Traffic Filter prospects – a large, global financial services organization. Over the past two years, as the pandemic injected a high level of volatility into the stock market and sent millions of workers into their homes, it likewise spawned an unprecedented spike in downloads of an online trading app called – yes  – Robinhood! Anyway, as an alternative to large brokerage houses, Robinhood’s fee-free approach and simple user interface strongly appealed to a growing legion of first-time millennial investors. Those 13 million users, now working from home, with time on their hands, with access to stimulus money, and bonded through social media communities, turned into a motivated, coordinated trading block  that could inflate or destroy the value of an otherwise unremarkable stock with a Tweet. This activity created an unpredictable market disruption that eventually compelled Robinhood to put the brakes on certain trades, citing regulatory protections. The move also protected traditional investment organizations from what was amounting to catastrophic losses.

As with pretty much everything pandemic-related these days, anti-establishment sentiments fueled by social media site interactions created a David and Goliath backlash, pitting the “little guy” retail investors against established Wall Street behemoths. And what better way is there for an individual to voice their anger and frustrations than through a phone call?  That’s where the malicious players now took their cue. Our prospect, along with other large brokerage firms, soon found themselves on the receiving end, not just of seemingly misguided trading app users, but also those looking to take advantage of the chaos to attack, scam, extort, and in other ways threaten the company’s employees, its operations, and its legitimate customer interactions.


Shutting the Door

Having learned of Mutare’s voice traffic “firewall” application, our prospect agreed to see if it truly could make a difference in their voice network defense. Through a five-week Proof of Concept Voice Traffic Filter trial, we processed close to 160,000 call records and determined that more than 6,000 of those calls were clearly unwanted spam or robocalls.  That would amount to more than 63,000 unwanted calls over a year’s period. Blocking those alone would provide much relief from unnecessary call disruption. However, and more importantly, according to our research from our customer base and accepted industry data, we’ve determined that 45% of those unwanted calls were, in all likelihood, from nefarious sources.

Within our prospect’s calling data was also evidence of unusual spikes in calls from spoofed numbers (referred to as spam storms). These events are often used to provide cover for reconnaissance and other undetected, targeted vishing (voice phishing) schemes intended to find the employee “weak links” and then extract protected information from them. Using our pattern recognition and spoof detection technology, we were able to confirm that the spikes noticed by this company were, indeed, suspicious and, likely, malicious in intent.

So now we have a pretty good idea of this organization’s risk exposure. What are the chances that an attempted breach would succeed, and then what are the potential consequences? Here we apply the process laid out through the FAIR modeling system. As a refresh, FAIR (for Factor Analysis of Information Risk) is the accepted international standard for measuring information security and operational risk. It is designed to help business leaders and security risk managers arrive at a reasonable conclusion regarding their level of risk and projected costs surrounding specific information management activities – in this case, unwanted voice traffic.

Using the lens of the FAIR model, we can see a marked increase in both Threat Event Frequency – The frequency, within a given timeframe, that threat agents are expected to act in a manner that could result in loss – as well as Threat Capability – A measure of how capable threat agents are to compromise your systems and the level of force they are able to apply. As both increase, the client’s Resistance Strength – A measure of how difficult it is for a threat actor to inflict harm (a.k.a. difficulty) – becomes even more important.

We know that professional criminals using social engineering techniques are surprisingly capable of convincing employees, even from some of the most sophisticated organizations, to divulge otherwise protected information in order to gain access to internal systems and data –  think  Twitter, CNA, multiple hospital systems and  –  yes again – even Robinhood! We also know that the average cost of a data breach in the U.S. is $8.19 million. In Healthcare, that might entail a HIPAA violation with an average cost of 9.42 million per breach. Knowing the cybercriminals’ propensity for exploiting disruptive events and our client’s uptick in negative traffic during just such an event, it is reasonable to conclude that they were at significant risk per the FAIR model. The potential for significant fines, a loss in competitive advantage and the possibility of reputation damage made their decision a quick one.

Yes, they are now a Mutare Voice Traffic Filter customer.

That’s just one of many examples. We believe there will always be those bad actors waiting to gain entry into cash and data-rich organizations through the cracks that form around political, economic, social and emotional upheaval. Unlike our Robin Hood friend, they are pure opportunists driven by self-interest who, like most thieves, will be drawn to the easy targets and repelled by those that make their lives harder.

If you’re ready to be the organization that’s too hard to crack, check Here to learn more about our Voice Traffic Filter’s Multiple Levels of Defense strategy.

Janet O'Brien

Senior Writer

About the Author

Janet O’Brien joined the Mutare family in 2007 following 25+ years as a career writer, editor, photographer, and marketing specialist for an array of public and private organizations throughout the Chicago area. She has a passion for helping organizations tell their stories and has found in Mutare’s brilliant technology, caring people, and devoted fans, a virtual anthology of inspiration. Read more at, or feel free to share your own stories on LinkedIn.