From the SIP Trunking Experts

Home
January 28, 2015

What's Worse Than Being Hacked? Not Knowing It


By Eric Lebowitz
Digital Content Editor

Share
Tweet

2014 will forever be known as “the year of the hack.” And while many of the highest-profile intrusions were point-of-sale attacks on retailers or email hacks of corporations, VoIP and SIP security remain a major concern for organizations across the globe.


As a business, being compromised is bad enough; not being able to detect a hack is even worse. But many organizations still find themselves in the dark for long periods of time after they are breached. In fact, it takes businesses on average six months to become aware that they’ve been hacked. During that time, untold damage can be done to an organization’s brand reputation (if its communications go down and it is unreachable to customers) and bottom line. The chaos that can ensue after a hack—and how to avoid it—was the topic of a panel session entitled, “Being Hacked is Bad Enough: Not Knowing it is Even Worse,” on the afternoon of Wednesday, January 28 at ITEXPO Miami.

During the session, Rich Garboski, CEO and Founder of the global technology consulting firm eTechHelp, and Steven Johnson (News - Alert), President of Ingate Systems, presented a case study involving an organization that suffered a major case of toll fraud in 2010. The pair explained that the intrusion was not detected until the organization received a $60,000 phone bill; at that point, the company contacted eTechHelp for the first time.

“We typically receive phone calls when the companies are already in big trouble,” Garboski said with a chuckle.

eTechHelp was able to resolve the situation and protect the organization from suffering further instances of fraud by making several changes to the company’s security infrastructure, including installing a session border controller (SBC)—a device or software solution that controls signaling and media streams for IP telephony—from Ingate. After these security solutions were deployed, the system ran trouble-free until 2014, when the PBX (News - Alert) fell under a flood of attacks that brought the PBX to a grinding halt. At that point, the previously installed SBC was a few models behind, so Garboski upgraded it, and the problem was resolved immediately.

“I’ve heard people asking in some sessions here at ITEXPO, ‘Do I really need an SBC?” Garboski said during the presentation. “I look at it like American Express (News - Alert)—don’t leave home without out it.”

Johnson added that despite the fact that toll fraud has been around for a number of years, many businesses are still unprepared to detect and prevent it. Considering the damage a VoIP or SIP hack can do, that approach doesn’t make a lot of sense.

“The moral of the story is pretty simple,” Garboski said. “You need an SBC.”




Edited by Stefania Viscusi
Home