The business telephone system, commonly referred to as a private branch exchange (PBX), predates the invention of the Internet, Ethernet and the personal computer. As such, legacy PBXs were always deployed on dedicated infrastructure. The call-control manager was a standalone hardware server or appliance serving as the bridge between the PSTN and hardwired extensions. Most PBXs functioned completely isolated from the rest of the business applications and infrastructure and were supported by dedicated telecommunications staff—either in-house or vendor-supplied technicians. Threats to these legacy PBXs consisted primarily of toll-fraud attempts that exploit poorly-configured systems to make expensive long-distance or international phone calls.
The creation of Voice over Internet Protocol (VoIP) brought with it a wealth of benefits. By leveraging VoIP, the phone system can leverage the same IP-network that PCs and business applications use. This not only reduces infrastructure costs, but also links multiple business locations across the wide area network (WAN) to bring employees “on net” and eliminate the expense of internal communications. PSTN access also became VoIP-enabled, allowing session initiation protocol (SIP) trunk providers to deliver dial tone service to businesses without the need for dedicated PSTN lines or circuits.
VoIP has ultimately enabled most of what many people take for granted, such as: video conferencing with customers across the Internet; home working for employees and call center agents; and mobile apps that make business extensions and calling features accessible on smartphones.
Businesses have come to rely on VoIP-based, highly-connected communications and collaboration solutions to accelerate decision making, connect key stakeholders from across the globe, streamline workflows and improve the customers’ experiences.
Now more than ever, reliable business communications are mission-critical for any organization, which makes them an elevated target for cyber attacks. By gaining access to a business’s communications tools, hackers can not only disrupt an organization’s communications or rack up expensive phone charges similar to legacy PBXs, but also potentially eavesdrop on a company’s meetings to glean proprietary information, collect call records that can identify customer information, or disrupt the work of employees.
Business decision makers are increasingly driven to improve the customer experience and satisfaction, as well as create operational efficiencies within their organizations. Considering the disruptive nature that cyber attacks can have on the customer and employee experience, it is no surprise that security and reliability are top priorities when it comes to purchasing decisions.
This research study calls to light several of the most common security threats that can impact both on-premises and cloud-based unified communications and collaboration tools, some steps customers can take to mitigate these threats, and a set of best practices for both businesses and their vendor/provider partners should adopt.