The Communications Fraud Control Association (CFCA) has announced the results of its Global Telecom Fraud Survey, reporting an 18% decrease in communication fraud since 2013. CFCA attributes this increase in collaboration and coordination among carriers in identifying and stopping fraudulent activity following the 2013 report, but Angela German, Director of Marketing of VoipSec calls for the CFCA to substantiate this statement, and questions the conclusions of the report.
Comparing the 2013 and 2015 reports is not the easiest task because of variations in the questions and styles of reporting. The 2015 report shows IP PBX hacking (described as VoIP hacking in the 2013 report) move to the second most costly fraud method behind PBX hacking, which has in turn moved to the top spot. However, this year’s report has split Subscription Fraud into two different forms (application and identity), which, when combined back together, adds up to $6.08bn. Therefore, when accurately compared, the report in fact reveals an increase from the $5.22bn found in 2013. Rather than painting an inaccurately rosy picture, therefore, the trend actually indicates that the need for companies to take action and secure their telecom systems is greater than ever.
The report also asks participants ‘what percentage of your company’s revenue base do you think is fraud?’ The use of ‘think’ when it comes to fraud is concerning because any company in the current security climate should have taken considerable action to identify any breaches, and should therefore also have a clear picture of the associated financials. This highlights the fact that actually, the report assumes companies don’t know how and when hacking is occurring.
In the case of many IP PBX (VoIP) hacks in big companies, the fraud is taking place on a small enough but consistent scale meaning it’s likely to fall under the radar. VoIP is still a hugely compelling technology with benefits of reduced costs and business efficiency, but the report highlights that both companies and the CFCA are failing to properly consider the risk of not deploying associated security.
What the report actually reveals is that far too many companies are either not fully aware of the financial risks or assume that the security available is too complex or costly. In fact, cloud based technology can provide companies with an essential first tier of voice security through simple download and install virtual SBC. Ensuring this action is taken will enable companies to genuinely identify and stop fraudulent activity that the CFCA has proven is still prevalent.
[su_box title=”Angela German, Director of Marketing at VoipSec” style=”noise” box_color=”#336588″]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.