Voice traffic interception remains a serious threat in a South African corporate world awash with Voice over Internet Protocol (VoIP) systems.
According to Anton Potgieter of PBX-over-GSM provider NoPBX: “Every October, we are reminded to use more complex passwords and to be on the lookout for more sophisticated phishing attempts that could lead to some very expensive ransomware demands.”
What the predictable malware, ransomware and DDOS-related hints and tips, however well-meaning, don’t acknowledge is that hacks don’t have to be elaborate for cybercriminals to effectively fleece their targets. All that is needed is a predictably rickety VoIP system.
With VoIP calling long ago overtaking the traditional way business phone calls are made and received in South Africa, it’s a wonder more column centimetres aren’t devoted each Cybersecurity Awareness Month to just how straightforward it is to tap into IP-based voice traffic.
Breaking into the audio stream data packets that travel across the internet to make up VoIP traffic is straightforward for any cyberattacker worthy of their errant reputation. “Once this traffic interception is achieved, the cybercriminal can use easily obtained software to convert those packets into phone conversations,” explains Potgieter.
Because hackers can gain access to VoIP calls so easily and listen in as employees discuss all manner of sensitive business information, South African corporates should consider one of two approaches. The first is to regularly communicate to employees the importance of never discussing sensitive company details like staff information, financial details, account numbers, passwords and more over the company VoIP system.
“Identity theft and VoIP service theft, for example, are easily done once hackers have intercepted voice traffic and listened in for personal information,” Potgieter says.
A more practical approach towards ensuring impenetrable cybersecurity over company PBX systems is to make the switch from IP-based to GSM-based switchboard systems.
NoPBX, the locally-developed, hosted mobile PBX (mPBX) solution connects switchboard calls over pure GSM voice, instead of using voice-over-data. Without needing to install an app, the NoPBX system is inherently secure for all users.