Survey Reveals IT Managers Overlooking VoIP Security Threats

A recent survey conducted by NetIQ, an Attachmate business, examining the use of VoIP today within UK organisations, has revealed that many IT Managers are turning a blind eye to security threats which could compromise their VoIP infrastructure.

The findings come as the SANS Institute in its annual round up of the most significant risks facing end users, recently announced that VOIP servers and phones ranked within their top 20 security risks for 2007. Their experts have warned that the rapid adoption of systems in order to achieve cost savings has led many organisations to overlook vulnerabilities such as VoIP phishing scams, eavesdropping, toll fraud, or denial-of-service attacks.

The research which was carried out by NetIQ amongst 66 IT managers either using or planning to deploy VoIP systems in mid to large enterprises, reveals that more than half of all respondents (59%) rated as “low” or “very low” the threat of viruses or worms attacking their VoIP system. Spam over IP (SPIT) and SIP compromises were equally low on respondents’ radar with only 12% and 18% of respondents, respectively rating these as “high” or “very high” security threats. Just 24% of those surveyed were concerned with DoS or toll fraud.

Whilst the majority of respondents had a firewall in place to secure their infrastructure, less than half had installed security management specifically designed to protect and secure their VoIP system. With analysts predicting 1.2 billion VoIP users by 2012 NetIQ is urging IT Managers to fully assess the threats and ensure they have taken appropriate security measures before deployment.

Ulrich Weigel, Chief Security Strategist for NetIQ comments: “The survey highlights a worrying complacency amongst organisations which have either already deployed or are about to install a VoIP infrastructure. Whilst the advantages in terms of cost savings are a huge incentive I’d urge organisations to carefully consider the potential vulnerabilities which can exist in the network and even in the phones themselves. The main focus for organisations has traditionally been on ensuring voice quality and performance, but vigilance with security – and taking measures such as encrypting voice services and performing regular security audits – is equally important.”

In terms of performance the survey revealed more positive results with 60% of respondents rating high or very high levels of overall user satisfaction and a similar number (59%) rating the levels of cost savings that had been experienced as highly satisfactory.