Wednesday, February 5, 2014

VoIP Security and Cybersecurity in the Spotlight - are you Listening Now?

Well, that's certainly been the story for me lately, and it's as good a time as any to post about it.

Starting with this week, I was interviewed by both the Globe and Mail, and the Toronto Star about a cyber attack that hit Bell Canada a few days ago. More specifically, the attack hit one of their third party partners, and the hackers posted the usernames and passwords of over 20,000 business customers on the Web, along with credit card numbers of business customers.

This may seem like small potatoes compared to the recent breaches among the likes of Target and Neiman Marcus, but it all comes from the same swamp, and until we - you and me - get smarter about how we protect our personal information online, this activity is going to keep escalating.

Working with third parties is a fact of business life these days, and as a sidebar, it's good to know that the unnamed partner was based in Ottawa - and not some faraway country you've never heard of. With the Sochi Olympics about to kick off - in a faraway city you had never heard of before they got (I mean bought) the games, concerns about surveillance - and that's saying it nicely - have never been higher.

Not to mention closer to home, where the Canadian government is trying to assure us that the metadata they're monitoring NSA-style on our mobile devices is not spying. Makes you just want to walk away from anything related to the Internet. I'm almost there, and looking at the copper wiring still stapled around the perimeter of my apartment, y'know, I could just about do it - all I need now is a rotary phone....

Anyhow, back to the news - for the record, I was quoted here in the Globe on Monday, and here in the Star yesterday.

Now, let's take things down a notch from cybersecurity to VoIP security. If you don't associate VoIP with security, then you need to think again. Not only is VoIP highly vulnerable to threats for telephony-based security like toll fraud, but it's often the weak link in the overall IT security perimeter. This makes it an attractive point of entry for hackers going after much bigger game, and that's when this becomes a cybersecurity threat.

You may save a ton of money on telephony with VoIP, but if you're not careful, you'll be exposing all your corporate data to a community with very sophisticated tools - along with some that are free or OTS - and they know how to use them. As Bell Canada found out, once the breach has been detected, the damage has already been done. Like anything else, when a competitive advantage can be established, you win more than you lose, and in this arena, the hackers have the edge.

On that note, I'll continue the theme of being newsworthy with a profile that ran yesterday in IT World Canada. I recently authored a White Paper on VoIP security for an Ottawa-based company called VoIPshield, and the publication ran a nice backgrounder on them, along with some context for why VoIP security is an issue. The article also interviewed their CEO, Rob Gowans, and he added some color to Howard Solomon's analysis.

Regarding my White Paper, it's getting a lot of readership, and you can learn more it about from my earlier post when it was published in December. If you want a condensed read about what your really need to know, I can steer you to a couple of articles; this writeup from FierceITSecurity, and my own article about the topic which ran about two weeks ago in No Jitter.

I'm not a technical expert in this area, but I see enough in my research to know these threats are real and they're with us now. With all the above items bubbling up around the same time, I thought it was high time to pull them together and help get the word out.

Are you listening now?

No comments: