Prevention is better than cure – responding to cyber attacks only after they have occurred
Only 23 percent of organisations are capable of responding effectively to cyber attacks, with 77 percent having no capacity to respond to critical incidents and often do not purchase support services until after an incident has occurred.
This is according to a report from the annual Global Threat Intelligence Report (GTIR) conducted by NTT Com Security, an NTT Group company analysing global threat trends since 2013.
The 2016 report pulls together information from 24 security operations centres, seven R&D centers, 3.5 trillion logs, 6.2 billion attacks and nearly 8,000 security clients across six continents.
The report also found 17 percent of incident response activities in 2015 came in the form of spear phishing. In many cases, these attacks targeted executives and finance personnel, attempting to trick them into paying fraudulent invoices.
Of all the market sectors analysed, however, the retail sector experienced the most attacks per client; 2.7 times the number of attacks as finance. This was followed by the hospitality, leisure and entertainment sectors, then insurance, government and manufacturing.
Industry wide (apart from in the education sector), there was an 18 percent rise in detected malware.
On a positive note, 2015 saw a drop in detections of denial of service (DoS) and distributed denial of service (DDoS) activities. This was due, not only to there being fewer attacks, but also due to implementation of improved mitigation tools. However, the prevalence of victim’s paying to avoid or stop DDoS attacks increased.
With nearly 21 percent of the vulnerabilities detected in client networks found to be more than three years old and some vulnerabilities dating back as far as 1999, the report clearly highlights the need for organisations to take cyber security threats more seriously.
Telephony fraud is a serious threat
As a reputable telecoms company, we take every precaution possible to support our customers against fraud. Having been highlighting the threat of telephony fraud (sometimes known as phreaking) for many years now, we take the threat very seriously, providing fraud protection packages, for our clients, as well as advise for protecting telephone systems against attack.
Telephony fraud is often taken less seriously than the threat of cyber attack. However, it costs UK businesses billions in lost revenue every year, leaving them with extortionately high telephone bills they are often unable to pay.
The fraudsters hijack the PBX by breaking the PIN code on the voicemail, using access codes and on-line password cracking technology. This enables them to infiltrate a system, configuring it for their own use. Once access has been gained the hackers are able to make outbound calls to anywhere in the world, the cost of which falls to the owner of the phone line connected to the system from where the call has originated from.
VoIP phones are vulnerable to cyber attacks
In much the same way, your VoIP phone could leave you vulnerable to hackers, particularly if you are still using the default password.
When setting up the device and installing VoIP hardware it’s easy to use the default password and then forget about it once the phone is up and running. Then all it takes to compromise the security of the phone is for the user to visit a website with the attacker’s exploit code embedded in it.
This allows the hacker to dial in and connect to the phone without the user suspecting a thing. They can listen in to conversations, as well as make calls (for example to premium rate lines) transfer calls or even upload new firmware.
A strong password is the most important thing you can do to safeguard the security of your VoIP phone.
Office Phone Shop provides business telecoms solutions to companies in over 100 countries worldwide and works closely with clients to prevent telecommunications fraud. Our advice to everyone is to remain vigilant at all times and to take the necessary steps to protect your organisation against fraud.
For more information about potential fraud scams, please read our advice about ‘vishing’ and fraudulent phone calls from 070 and 076 numbers.