Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Best practices for securing voice networks

By Roger Northrop
call-center-freepik1170x658v8.jpg
April 19, 2022

Cybersecurity attacks have become so commonplace today that we are rarely surprised by widespread breaches. We have grown accustomed to reading daily headlines about bold hacks that hobble popular online platforms, hold large organizations hostage, or steal vast troves of valuable customer data and intellectual property.


This problem is so prevalent that board-level attention for security is now the norm, with a growing emphasis on safeguards for auditing and compliance. As a result, enterprise security has become a top priority for organizational resources. The average company dedicates 11% of its information security and risk management budget to protect data networks, according to the Gartner 2021 CIO Agenda Survey.  


While many IT teams have focused their security efforts on protecting data networks for email and other applications, most have overlooked criminal intrusions through the unprotected pathways of their enterprise voice networks, or phone systems.


The enterprise network is the primary conduit for hackers and ransomware gangs, but for many organizations, half of the network remains unguarded. This is because when IT and security teams talk about networks, they usually mean the data network — but every network combines a data network and a voice network. 


The Voice Network Creates a Gaping Hole for Enterprise Security

People who pick up the phone can become a biological router that bridges the information gap from voice networks over to data networks without even knowing it. For example, call center personnel typically have access to up to 15 separate information systems. Most customer service reps can log into systems for email, sales, human resources, digital imaging, and more.


Voice phishing phone calls and voice messages, also known as vishing attacks, can be a highly effective technique to trick unwitting employees in the call center and elsewhere. In this way, attackers can convince their targets to provide access to data networks, or even send the calls up the org chart to target influential financial leaders or C-level executives.


How Bad Actors Can Attack Your Voice Network

Consider a real-world case in which our security engineers assisted a clinical organization when a hacker’s phone call got through to a nurse. The nurse innocently gave the hacker immediate online access to take over her screen and all the systems she had logged into. Even worse, forensic analysis and data breach notifications were made extremely difficult because the nurse’s access was fully authorized.


From all this, we see how the voice network can serve as a nexus point for nuisance calls that reduce productivity, or even worse, for nefarious calls, leading to disastrous consequences. In fact, the hacking ecosystem has produced a new position for this strategy known as an initial access broker, or IAB. These IABs are attackers who specialize in breaching companies and then selling the access points to ransomware gangs. 


The overarching goal is to gain the trust of people inside an organization to gain illicit access to private information, contacts, credentials, and more. If an IAB interacts with the same employee by phone over time to gain that person’s trust, the attacker may eventually gain access to the adjacent data network.


Best Practices for Securing the Voice Network

We know that cybersecurity incidents and data breaches are continuously evolving and increasing. For this reason, most data networks today are protected by broad intrusion detection systems (IDS) and intrusion prevention systems (IPS). These software layers constantly monitor data networks to identify potential incidents, stop them, and report any threats to security administrators.


However, voice networks have no such IDS or IPS systems in place. Nor do they have security protections to control the fallible humans who represent the ultimate endpoints of the voice network. Protecting the voice network requires security teams to implement a multilayered architecture or mesh security strategy while better preparing the staff to recognize potential threats on their phones.


Addressing this problem starts by gaining visibility into all the underlying vulnerabilities. A comprehensive voice traffic assessment provides a good starting point to handle the types and volumes of calls running over a voice network. 


Security teams can then take steps to build in necessary security protections and hold staff trainings to promote greater awareness about the threats to voice networks from simple phone calls or text messages. Unfortunately, voice network security presents a serious threat that usually does not get adequate attention until too late. Taking preventative steps now can help offset this growing concern.

KEYWORDS: cyber security data breaches risk management Vishing voice fraud

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Roger Northrop is Chief Technology Officer at Mutare.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Locked data

    Best practices for effectively securing sensitive data

    See More
  • multicolor pyramid on red orange background

    The threat landscape and best practices for securing the edge

    See More
  • Inside of water disposal pipe

    Best practices for securing critical and public infrastructure

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing