BlogAudioCodesOracleUnified CommunicationsContact Center SolutionsNetwork SecurityDigital WorkspaceSecurity Transformation
Blog7 minute read

How Secure Is Voice Traffic in Your Contact Center?

Contact centers and voice calling have expanded the attack surface. While CISOs and cyber security leaders are doing their best to defend against bad actors, voice calling is a vulnerability that is often overlooked.

In this blog

As contact centers are the primary point of contact for customers and businesses, they rely heavily on voice communications to provide services and support. Unfortunately, voice traffic is vulnerable to various cyber threats, such as eavesdropping, spoofing, denial-of-service attacks, toll fraud and malware. These cyber threats can compromise the confidentiality, integrity and availability of voice communications, causing unforeseen financial losses and legal liabilities.

It's become critical to defend the contact center against these threats with voice traffic cyber security; but, also important is understanding the common types of unwanted voice traffic, and be able to recognize the difference between a threat and a nuisance. 

 Defend against unwanted voice traffic

According to a report by Mutare, a leading voice traffic security solutions company, contact centers are reporting that more than 20% of calls were unwanted and that that nearly half (47%) of organizations experienced a vishing (voice phishing) or social engineering attacks in the past year. This means that more than one in four calls received by contact centers are either classified as a nuisance or a nefarious call. The report also estimates that the annual cost of unwanted voice traffic for a typical 100-seat contact center is about $195,000.

Unwanted voice traffic refers to calls that are either a nuisance or nefarious, such as robocalls, spoof calls, spam calls and direct nefarious calls. These calls can flood the phone lines of contact centers, reducing their capacity to handle legitimate customer calls and wasting their time and resources. They can also trick contact center agents or customers into revealing sensitive information or performing actions that benefit the attackers.

Some common types of unwanted voice traffic that affect contact centers are:

  • Robocalls: Automated calls that deliver a recorded message, often for telemarketing, political or scam purposes. Robocalls can flood the phone lines of contact centers, reducing their capacity to handle legitimate customer calls and wasting their time and resources.
  • Spoof calls: Calls that manipulate the caller ID information to appear as a different number or name, often to impersonate a trusted entity or person. Spoof calls can trick contact center agents or customers into revealing sensitive information, such as passwords, account numbers or personal details.
  • Spam calls: Unsolicited calls that are irrelevant, inappropriate or malicious. Spam calls can annoy or harass contact center agents or customers or attempt to sell them unwanted products or services.
  • Direct nefarious calls: Calls that are intentionally malicious or fraudulent, such as vishing (voice phishing), toll fraud and sabotage.
    • Vishing calls use social engineering techniques to persuade contact center agents or customers to perform actions that benefit the attacker, such as transferring money, installing malware or divulging confidential data.
    • Toll fraud calls use stolen credentials or hacked systems to make unauthorized long-distance or international calls through the contact center's network, resulting in high phone bills.
    • Sabotage calls use denial-of-service attacks or other methods to disrupt or damage the contact center's voice infrastructure, affecting its availability and performance.

 Two components of voice traffic cyber security

To combat cyber threats, voice traffic cyber security is a critical issue for contact centers that want to maintain their reputation, productivity, customer satisfaction and profitability. There are two components to voice traffic cyber security: network security and voice traffic security. 

 Network security

Network security prevents and eliminates network-level threats. To protect a contact center's voice traffic from cyber-attacks they need to implement various network security measures, such as:

  • Encrypting voice data protocols like Secure Real-time Transport Protocol (SRTP) or Transport Layer Security (TLS). Encryption scrambles the voice data so that only authorized parties can decode and listen to it.
  • Using strong authentication and authorization mechanisms to verify the identity and access rights of users and devices. Authentication can be done using passwords, PINs, certificates or biometrics. Authorization can be done using policies, roles or permissions.
  • Implementing firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS) to monitor and filter network traffic and block malicious or suspicious packets. Firewalls can also create separate virtual networks (VLANs) for voice and data traffic to isolate them from each other.
  • Addressing VOIP vulnerabilities by updating and patching VoIP software and hardware regularly to fix any vulnerabilities or bugs that could be exploited by hackers. Updates and patches should be tested before deployment to avoid any compatibility or performance issues.
  • Educating users and staff about the risks and best practices of voice traffic cyber security. Users should be aware of how to create strong passwords, avoid phishing emails, report any suspicious activity and use secure devices and networks.

 Voice traffic security

Voice traffic security enables contact centers to use advanced analytics tools to identify and eliminate unwanted voice traffic from their networks. The leading vendors in this space (in no particular order, being not all features are directly comparable) are:

Mutare Voice Traffic Filter (VTF) is a solution designed to filter and analyze voice traffic in contact centers to identify and block unwanted and potentially malicious calls. It helps improve operational efficiency and enhances security by using AI and ML to analyze the caller ID, voice patterns, call duration, call frequency and other factors of incoming calls. Key features include:

  • Call screening: Filters and screens incoming voice calls to identify potential threats and block unwanted or spam calls.
  • Customizable rules: Allows customization of filtering rules based on specific requirements and organizational policies.
  • Real-time notifications: Provides real-time notifications for flagged calls, enabling quick responses and actions.
  • Integration flexibility: Can be integrated with various contact center systems and platforms for seamless implementation.
  • Comprehensive reporting: Provides detailed reports and insights on the types and sources of unwanted voice traffic affecting the contact center.

Oracle Communications Security Shield (OCSSC) is a comprehensive solution designed to secure voice communications in contact centers. It uses AI and ML to analyze the caller ID, voice patterns, call duration, call frequency and other factors of incoming calls. Key features include:

  • Call screening: Filters and screens incoming voice calls to identify potential threats and block unwanted or spam calls.
  • Fraud detection: Utilizes advanced analytics to detect fraudulent voice interactions and potential security threats.
  • Real-time monitoring: Provides real-time monitoring of voice traffic to identify suspicious patterns and behaviors.
  • Machine learning algorithms: Leverages machine learning algorithms to continuously improve threat detection capabilities.
  • Integration capabilities: Integrates seamlessly with existing contact center infrastructure for enhanced security without disrupting operations.
  • Comprehensive reporting: Provides detailed reports and insights on the types and sources of unwanted voice traffic affecting the contact center.

AudioCodes Enterprise Call Screening Solution focuses on call screening and protection against malicious calls in contact center environments, helps prevent fraud and ensures secure voice communication. This solution uses a combination of hardware devices and software applications to screen incoming calls, making it suitable for use with an on-premises call center such as Cisco UCCE or Avaya. Key features include:

  • Malicious call prevention: Utilizes advanced algorithms to identify and block malicious calls, including spam, phishing attempts and fraudulent activities.
  • Customizable policies: Allows the creation of customized call screening policies to align with organizational security requirements.
  • Comprehensive reporting: Provides detailed reports and analytics on call screening activities and identified threats.
  • Scalability and flexibility: Scales easily to accommodate varying call volumes and can adapt to different contact center setups.
  • Real-time notifications: Provides real-time alerts and notifications on the status of incoming calls.

 Conclusion

Voice traffic cyber threats have become increasingly sophisticated. Without adequate protection your organization faces a variety of threats. Spam calls will affect productivity, but malicious calls threaten to defraud the business, jeopardize your customers and cause significant financial damage. Inform yourself about WWT's contact center and network security capabilities in the related content below. And don't hesitate to contact us to arrange a complimentary briefing with our secure voice experts.

Technologies