My latest posting on NoJitter is now available:
- PilotHouse Vendor Rating
- Contact Center and Customer Engagement
- Cloud and Data Center
- Cost Models and Total Cost of Ownership
- Enterprise Trusted Advisor
- IT Innovation, Transformation, and Enterprise Technology
- Mobile and Network Services
- Security, Risk Management, and Compliance Research Initiatives
- Unified Communications and Collaboration
At last week’s Enghouse Interactive Analyst Event, I had a chance to get up close and personal with some of their contact center products.
Incoming CISOs like to joke that the first item they’re issued when they begin the new job is a T-shirt with a target on it.
Cisco IP Phone Vulnerability Casts New Light on VOIP Security
Researchers at Columbia University unveiled a security flaw in Cisco IP phone firmware that makes them easily vulnerable to remote eavesdropping, allowing hackers to turn on speakerphones and disable phone lights to secretly listen in on, and/or record conversations. Only direct access to one phone is necessary for a hacker to potentially compromise all phones in an enterprise telephony system.
While Cisco has since offered a patch, it’s likely that the vast majority of Cisco IP phones remain vulnerable as security is typically not a high priority for those managing VOIP systems. Just 39% of companies cite “security” as their primary reason for deploying session border controllers at the interface of their telephony environment with SIP trunking service providers. Far less actively test or monitor their IPT environments for threats and attacks or deploy application specific firewalls to protect against VOIP threats.
ETA Bottom Line: Incorporate active security monitoring and proactive threat protection into your IPT architecture. Stay on top of vulnerability announcements and apply appropriate patches.