A regulatory framework developed to combat illegal robocalls and caller ID spoofing in voice communications and aims to restore trust in caller ID information and protect consumers from fraudulent and unwanted calls.

Why – siprotect

Q: Digital Operational Resilience Act (DORA)

DORA aims to ensure that all participants in the financial system have the necessary safeguards in place to mitigate cyber-attacks and other risks. The legislation will require firms to ensure that they can withstand all types of ICT-related disruptions and threats.

Q: 2020 EU Cybersecurity Strategy

Aims to bolster the EU's collective resilience against cyber threats through enhanced cooperation, increased investment, and development of cybersecurity capabilities and frameworks

Why?

The surge in Voice and Video over Internet Protocol technology has introduced many problems and vulnerabilities that underscore the critical necessity for robust VoIP security. Organisations are often confronted with cyber threats like Distributed Denial of Service (DDoS) attacks aimed at disrupting communication services, and eavesdropping, where malicious actors intercept and listen to confidential conversations.

Communications services can also be susceptible to fraud, such as call hijacking and theft of services, which not only jeopardises security but can also result in substantial financial losses. Issues like caller ID spoofing and spam calls further plague VoIP communications, potentially damaging organisation reputations and eroding customer trust. Inadequate security could lead to non-compliance with data protection regulations, thereby inviting legal consequences and fines.

Given that communication is pivotal to business operations, these problems, if left unaddressed, can significantly impact organizational functionality, customer relations, and overall business viability, thus highlighting the imperative of implementing rigorous VoIP security measures. Stay Connected. Stay Protected.

siprotect provides user and provider real time communications security services. Our systems monitor, alert, report and mitigate against the threats outlined above and will help protect businesses and government departments against the financial loss, reputational damage, operational chaos and compliance failures associated with these communications systems attacks.

The Growth of Attacks

VoIP Adoption

As VoIP technology becomes more widely adopted, it naturally becomes a more attractive target for attackers. The reasoning is simple: the more users a technology has, the greater the potential payoff for successful attacks. As businesses and individuals increasingly switch to VoIP for its cost efficiency and flexibility compared to traditional telephony, the number of potential targets for attackers grows. This growing user base can include entities with varying levels of security awareness and preparedness, thereby increasing the overall risk.

Relaxed Security

VoIP systems, like any other networked technology, require robust security measures. However, security in VoIP is often an afterthought. Many organizations might not fully understand the vulnerabilities or might not invest sufficiently in securing their VoIP infrastructure. This could be due to a lack of awareness, underestimating the risks, or budget constraints. Common security shortcomings include inadequate firewall protection, lack of encryption, poor access controls, and failure to regularly update and patch systems. Such weaknesses make VoIP systems easier targets for attackers.

Toll Fraud

This is a specific type of attack where criminals gain unauthorised access to a system to make long-distance calls at the expense of the system's owner. The attackers might sell access to the system to others or use it to make expensive international calls. This form of fraud can be costly to businesses and is attractive to criminals because it can be relatively easy to execute, especially on poorly secured systems. Toll fraud not only results in financial losses but can also lead to decreased trust.

Eavesdropping

VoIP calls, like other forms of digital communication, can be intercepted and listened to if not properly secured. This is particularly concerning for businesses and individuals who share sensitive information over VoIP calls. Without strong encryption, calls can be intercepted by attackers, leading to a breach of confidentiality. This type of attack is attractive to cybercriminals engaged in corporate espionage or those looking to steal personal information for identity theft or other fraudulent activities.

The Risks

Understanding the Security Risks

Traditional IT professionals might not be fully versed in the nuances of VoIP technology, especially if they come from a background focused on standard data networking and systems. VoIP is a specialized field that combines elements of telecommunications and data networking. If IT providers lack understanding in VoIP-specific protocols, technologies (like SIP, RTP), and the unique security challenges they pose, they might fail to implement adequate security measures, leaving systems vulnerable to attacks.

Self-service Administration

VoIP administrators and operators may primarily focus on the functionality and performance of communication systems, often overlooking security aspects. This gap in security-centric thinking and training can lead to oversight in configuring security settings, monitoring for unusual activity, and implementing proactive defense measures. Regular security training and awareness programs are crucial for these administrators to understand and mitigate the risks associated with VoIP technologies.

Firewalls not build for VoIP

Traditional firewalls are not always equipped to effectively inspect and manage VoIP traffic. VoIP protocols like SIP (Session Initiation Protocol) can dynamically allocate network ports, making it challenging for standard firewalls to track and inspect VoIP packet streams. This necessitates specialised VoIP-aware firewalls or security systems that can understand and manage VoIP protocols, ensuring that malicious packets are detected and legitimate communication is not inadvertently blocked.

Toll Fraud Protection

Toll fraud, where attackers gain unauthorized access to a VoIP system to make expensive calls (often international), can lead to significant financial losses. While some carriers and service providers offer fraud detection and prevention services, they may not be comprehensive or proactive enough to effectively prevent toll fraud in real-time. This lack of robust, immediate toll fraud protection can leave businesses vulnerable to substantial financial and reputational damage.

Cybersecurity Strategies, Standards and Compliance

The National Cyber Security Strategy 2019-2024 (Ireland)

Aims to bolster digital infrastructure and protect against cyber threats, establishing mandatory security standards and incident reporting protocols for critical sectors.

Cyber Resilience Act

Digital Operational Resilience Act (DORA)

2020 EU Cybersecurity Strategy

2020 EU Security Union Strategy

"When it comes to cybersecurity, Europe is only as strong as its weakest link: be it a vulnerable Member State, or an unsafe product along the supply chain. Computers, phones, household appliances, virtual assistance devices, cars, toys… each and every one of these hundreds of million connected products is a potential entry point for a cyberattack. And yet, today most of the hardware and software products are not subject to any cyber security obligations. By introducing cybersecurity by design, the Cyber Resilience Act will help protect Europe's economy and our collective security.” Thierry Breton, Commissioner for the Internal Market

NIS / NIS 2 Directive

Applicable to medium and large entities from sectors that are critical for the economy and society, including providers of public electronic communications services, digital services, waste water and waste management, manufacturing of critical products, postal and courier services and public administration, both at central and regional level. It also covers more broadly the healthcare sector

STIR / SHAKEN

Get in touch

Interested in finding out more about how siprotect can protect your business? Reach out and have one of our protection specialists guide you through the process.

Get in touch!