Disrupters Aren’t Just Competitors: Security in a Hyper-connected World
Disruption is happening all around us in the incredibly fast-moving world of real time communications, whether the movement to telco cloud, to full NFV environments, to software defined networking inside enterprises, to the embedding of voice and video messaging into business applications, to AI, IoT, biometrics and more.
Even as we change the channels, connecting and communicating in so many creative ways, we know from collaborating on massive projects with the world’s largest Communications Service Providers (CSPs) that whether we are transforming their infrastructure or building sophisticated multimedia messaging as part of their applications offerings – the biggest disrupter of all is likely to be challenges presented by cybercrime.
It’s inevitable if you simply do the math. The more connected we are, as people and as people interacting with things and systems, the more opportunities there are for invasions of our privacy, identity and assets.
The expansion of the “attack surface” is growing as fast as the number of endpoints, clouds, mobile apps, web apps, and the APIs that glue a lot of software together.
And while a ton of emphasis and media coverage has been devoted to massive breaches of data bases connected over what enterprises thought were secure data networks, less attention has been paid to one of the fastest growing areas of vulnerability – attacks on voice and video applications.
VoIP services aren't immune to data theft. In 2015, one major breach compromised 70 million records across 37 states in the US and went largely unreported. The breach affected 14,000 phone recordings including confidential attorney-client conversations.
The Communications Fraud Control Association says international revenue sharing fraud (one of the most prevalent types of telecom fraud) costs global service providers nearly $11 billion annually.
Considering that voice sessions are continuing to increase as more and more conversations are made easier with over-the-top messaging platforms, and more and more conference calls, including those where enterprises are discussing confidential strategies, transactions and deals, the value of extracting information by listening in is growing in parallel.
So are “pivot attacks” where voice or video systems are used to tunnel into databases or to initiate a malware or ransomware attack.
Think about contact centers, where live agents are taking credit card and other personal information over the phone. Cybercrime is a multi-trillion-dollar global industry on its own, not because cyber criminals are stupid or underfunded. They are increasingly sophisticated and make their own capture nearly impossible as they understand how to make their own communications deeply dark.
Think about healthcare records, which have been protected through privacy regulations like HIPAA in the US, and similar laws globally. Making healthcare more available and far less expensive through telemedicine applications has enormous value, but when voice, video and messaging between physicians and patients can be hacked because the security software hasn’t been built into the real time communications platforms and networks, yet, unlocking that value will be challenging.
Think about trading, and negotiating of the exchange of equities, derivatives, bonds, currencies, commodities and more, and the movement to blockchain systems, which are starting to displace traditional currencies with cryptocurrency. Talk about disruptive! Who are the new “Barbarians at the Gates” when our global financial exchanges are having to adapt to innovation in real time, to reduce their operational costs, to improve quality and transparency and to comply with tighter regulations, including the upcoming GDPR going live in the EU next month?
Voice, video and messaging security today and forever will require building security into applications, not just relying on traditional encryption and firewalls. Given that enterprises are driving everything forward digitally, information and communications is part of everything we do, and just as networking can no longer be an afterthought, enterprises are moving from cloud and mobile first strategies to “security first.”
The world is moving rapidly towards new security paradigms, including “Authenticate first, connect second” (rather than the other way around). But this and other approaches cannot slow down performance, cannot increase cost, must comply with much stricter privacy laws, which vary from region to region and country to country, and must be built to last.
New services that are continuously being launched must be secured within the context of our new architectures, and strong enough to withstand not only attacks, but massive fines that will be levied against any enterprise or enterprise partner who does not comply and experiences a privacy breach.
In the case of GDPR, the highest-level parent company can be fined 4% of their total annual revenue. So, for example, a technology giant could acquire a small IoT company and sell a smart product that is controlled by Alexa voice activation, but for whatever technical reason makes it possible for a cybercriminal to steal private information. The technology giant’s risk – in the billions – for the fine alone, not to mention reputationally.
There is no quality voice, video or other messaging service in the future without security as part of its DNA, and as part of its ability to co-exist with applications.
Enterprises and service providers can disrupt AND be disrupted unless they put security first inside of everything they offer.