Businesses are ignoring the problem of telecoms fraud, even though the potential losses could be huge.
According to telecoms supplier, Damovo, businesses underestimate how much they could be affected by such fraud, although its recent survey found that one organisation lost £50,000 ($99,000) through telecoms fraud.
Chris Richardson, portfolio manager at Damovo UK, said that businesses concentrated heavily on combating data loss while voice was seen as the poor relation. "About ten years ago, companies would have had a voice manager and an IT manager, now voice comes in as a function of IT. What happens is that the IT manager often doesn't fully understand the workings of the phone system so it gets ignored."
The Damovo survey, carried out by RedShift Research on 250 organisations, found that phone fraud wasn't an isolated problem with 40 percent of companies having suffered some form of telecoms fraud. Although, said Richardson, the figures are even worse for smaller businesses: 53 percent of companies between 400 and 600 employees had been hit in the pocket. And, Richardson said, the losses were not just pocket money, "We found that 16 percent of businesses with more than a 1,000 users had been hit for losses of more than £50,000."
Richardson said that there were two main type of external attacks on phone networks: DISA (direct inward system access) which is where a user can access an internal PBX by cracking the PIN code, and voice mail fraud where a user can enter a phone system through voice mail and then dial out.
"But there can also be internal attacks," said Richardson. "We came across one case where one employee in an organisation was using an analogue port to rack up a 1,000 hours of dial-up to Pipex."
Richardson said that this was a typical example of the lack of care by organisations when it came to telecoms traffic. Companies pay a lot of attention to protecting their LANs and monitoring what websites employees visit, but they completely ignore dial-up, which could introduce any amount of viruses and Trojans to the corporate LAN.
Almost inevitably, Damovo is set to introduce an offering to address this issue. "We are launching a device that monitors in-bound and out-bound traffic. The user can set rules, for example if the cost of a port goes above a certain amount, and if any rules are being broken, then it issues an alert."
Richardson said that this was not a problem that was going to go away. "At the moment, VoIP is small, not many organisations have adopted the technology yet, but when they do, that's going to cause some new problems."