Speaking at the Centre for Secure Information Technologies’ (CSIT) World Cyber Security Technology Research Summit 2017 in Belfast today, Secure Chorus’ board director and CEO Elisabetta Zaccaria discussed secure communications for the enterprise and shone a light on its importance for businesses of all kinds.
“If we all agree that data is the new oil, then we should care about any kind of data we discuss in an organization, and I don’t think any organization is excluded from this”, she said.
Organizations discuss many different kinds of sensitive issues (business plans, trade secrets, personal data, etc) and multimedia data is just as important as other data we protect. However, Zaccaria argued that companies are often not aware of the risks surrounding unprotected multimedia communications, and she pointed to four risks in particular:
1. Do you know who is calling you or receiving your call? Calls can be placed to or received from an attacker without the user realizing, resulting in compromises of spoken data.
2. Do you know who is accessing the networks? An attacker with privileged network access can access content and metadata for a user on that network.
3. Compromised or false cellular base stations. An attacker can compromise a cellular base station, or use a false base station, and gain access to content and metadata for all users on that base station.
4. Infrastructure controlled by attackers. An attacker could cause calls to be routed via infrastructure they control (e.g. offering low-cost routing), enabling interception.
Zaccaria also explained that the problem with many existing secure communications products currently on the market is that they are “islands of isolated security,” which means they are “isolated by the particular product or technology variant.” These only allow initiators and recipients to have secure comms if both use the same product, she added, but employees may not be able to speak securely to a colleague who is using a different secure comms solution.
What’s more, current solutions are not all designed to be centrally managed, meaning that it can be difficult to carry out an audit of the secure communication through a managed and logged process.
Therefore, it’s important that secure comms service providers offer cross-platform, interoperable secure comms systems and products that can overcome these hurdles, Zaccaria concluded.