Let’s face it: nobody in any industry likes to talk about revenue loss. This is true about retailers who don’t reveal losses due to people taking five-finger discounts (aka shoplifting) or the numerous scams that have led to the defrauding of government agencies as well as commercial establishments. Unfortunately, in the communications industry, fraud is almost as old as the telephone network itself. Even the late Steve Jobs was a call hacker when he was young and impressionable.
At ITEXPO Anaheim I had the privilege of moderating an illuminating panel with the title from above. We discussed the fact that despite the best efforts of carriers to lock down their networks, fraud remains a huge problem.
As the panelists—Colin Ayer, CTO, SwitchRay, Jim Dalton, CEO, TransNexus, Micah Singer, CEO, VoIPLogic, and Brad Chapin, Director Strategic Alliances, SONUS— explained, toll fraud remains a huge, multi-billion dollar annual problem. Worse, if your organization is victimized, your service provider will expect payment since they are not liable for bad guys compromising your IP PBX network and quickly running up the bill. I won’t scare you with the panelists’ stories on just how fast expenses grow when even one line has been hacked.
Further, as a result of mobility and the implementation of VoIP, the vectors of vulnerability to threats like malware and social attacks are increasing and no enterprise, regardless of size, is immune.
There is also the additional problem that the bad guys are not solely pumping traffic and getting a piece of the pie downstream. Criminals seek to capture as much information as possible regarding company employees’ personal information, which is just as valuable as company information. That personal info, as we all know from recent data breaches, is extremely valuable. Sophisticated attackers now can monetize that information as well. In short, it is not a pretty picture.
Without creating too much of a doomsday scenario, there is good news. It comes in the form of a few observations where the panelists were in stringent agreement.
First: if you are a carrier, you must take extraordinary measures and employ best practices to lockdown your network, especially in a world where competitors’ services are a click away and negative reviews can tarnish a reputation. In fact, as an aside, there was a suggestion that as part of the emerging cyber insurance industry that toll fraud be covered. Think of this as putting a limit as with personal credit cards on our exposure as customers when bad things happen.
Second: Session Border Controllers (SBCs), as part of their incredible versatility for providing SIP services, are actually being sold first as the means for protecting to a great extent toll fraud. In fact, even if a service provider is offering SBC SIP services, enterprises might be wise to put one on their network edge.
Third: (and this may be the most important as no system is fail-safe and bad guys can cause both havoc and panic) real-time monitoring for anomalous calling activity should be a must. If you can see and be alerted to incongruous activities they can be quickly addressed, thereby avoiding those hundreds of thousands of dollars in calls you are liable for, you can greatly diminish your exposure and hopefully the bad guys will move on to easier targets.
Finally, there are solutions and best practices information available in the market to help mitigate risks, and visiting the websites of the panelists is a good place to get educated. This really is a case where an ounce of prevention is worth a pound of cure. There is no need for billing shock, and taking action before your company is victimized is just smart business.