The number of high profile data loss incidents have forced many public and private sector organisations to drastically alter their traditional security measures.
Increasingly, the common approach has been to encrypt every memory stick, disc and laptop in an effort to avoid confidential information from falling into the wrong hands. Indeed, the consequences of a business or government department losing an unencrypted laptop could be devastating for the organisation’s reputation, and crush public trust now and in the future.
The data loss wake-up call, which occurred over the last two years, was long overdue. For years, departments had been popping critical, unprotected information in the post and leaving laptops on trains without the slightest awareness of the serious repercussions that may ensue.
The chink in the security armour
It is perhaps a cruel irony that the huge rise in physical data security measures has inadvertently triggered a new line of attack for criminals: phone correspondence. With traditional identity theft channels now closing, fraudsters are increasingly targeting unprotected voice conversations to obtain confidential insider information, passwords and PIN codes without detection.
Voice correspondence is almost always uncharted territory for business security armour under the false assumption that phone hacking is a highly sophisticated and expensive means of attack.
The days of phone fraud involving thousands of pounds of equipment and an extensive army of technology experts are long gone. Only in December it was revealed that a computer engineer had broken the algorithm used to encrypt the majority of the world’s digital mobile phone calls online, and published his method, in a bid to expose weaknesses in the security of global wireless systems.
This revelation sent shockwaves through the business community, and rightly so. Clearly the 21-year-old G.S.M. algorithm, a code developed back in 1988, and still used to protect the privacy of 80 per cent of mobile calls worldwide, has passed its “use-by” date and is now insufficient to protect users from outside attacks.
Experts like Karsten Nohl, a German researcher and security specialist, have provided yet another harsh warning for organisations with lacklustre security measures, when demonstrating how easy it was to eavesdrop on GSM-based phone calls, including those used by AT&T and T-Mobile subscribers in the US.
An everyday threat
But when assessing the threat posed by phone fraudsters and criminals, we need look no further than the regular examples of celebrity phone eavesdropping that is becoming commonplace. Even high profile national newspapers like the News of the World have become embroiled in the scandal, resulting in one of their reporters being jailed for listening in on calls between members of the royal family.
Liberal Democrat Lembit Opik recently went public saying he was concerned his phone calls were being intercepted and PR guru Max Clifford settled a hacking dispute out of court for a six-figure sum. And who can forget the case of Tiger Woods, who found himself in hot water after several voicemail and text messages fell in the lap of numerous national newspapers and celebrity magazines.
A cause for concern
These celebrity incidents are serious enough, but business leaders and public sector chiefs now need to readdress their approach to voice and message security, to protect themselves against this growing threat. Increasingly, phone fraudsters are being hired or trained by rival businesses, getting insider information and critical data without ever being suspected.
But it doesn’t have to be this way, tailored and unbreakable encrypted phones exist that can keep fraudsters out in the cold. These solutions provide end-to-end security, preventing criminals from illegally listening into conference calls, board-level correspondence and financial reports over the phone.
In the light of this present and real threat, every CEO and board member should ensure they avoid using traditional GSM phones and stick to encrypted, safe and secure correspondence. Obviously, this is a steep learning curve for those in charge of managing security measures, but be under no illusion?the phone fraud threat is growing, not shrinking.
In light of this fact, phone correspondence simply cannot be overlooked in organisation’s wider security armour. With hacking technology getting cheaper and easier, CIOs should start addressing this problem now and ensure that in their organisations they are fully aware of the threats to unencrypted voice and SMS correspondence.