AI, toll fraud and messaging top the list of UC security concerns
AI might get all the attention, but IT leaders are also concerned about some other key security vulnerabilities within their unified communications platforms.
Companies are facing a variety of unified communications threats -- from AI, toll fraud and improper use of messaging channels -- all of which were highlighted at a UC security panel at this year's Enterprise Connect in Orlando, Fla.
The UC security challenges session, which I moderated, featured a diverse group of vendors. Mark Collier, CTO of SecureLogix, Ram Ramanathan, senior director of product management at Ribbon Communications, and Bryan Mack, master principal consultant at Oracle, represented vendors who have historically been focused on protecting their customers against threats of attack via voice channels. The panel also included Anthony Cresci, senior vice president of go-to-market and partnerships at Theta Lake, which helps companies meet compliance obligations, as well as Smita Hashim, chief product officer of Zoom.
Metrigy has tracked trends in the communications and customer engagement security space for the last several years. We've noted that even as security concerns grow -- one in five of our research participants report having experienced a security incident -- proactive strategies are lacking. Just 35% of organizations report having a proactive, company-wide strategy in place to protect against communications, collaboration and contact center threats.
AI tops security concerns
AI dominated this year's discussion, as well as most other Enterprise Connect sessions. That's no surprise. Nearly half the companies polled by Metrigy's "AI for Business Success: 2024-25" global research study said they are using AI for customer engagement and/or internal collaboration. For those who remain reluctant to roll out AI, security is the primary reason, according to the study. In particular, IT and business leaders are concerned about privacy, the reliability of AI output, potential for attacks on large language models that result in erroneous responses from AI engines and how to protect AI-generated content from leakage.
AI is now creeping into the voice and video space where deepfakes threaten to disrupt methods used to verify employee and customer identities. These new attacks focus on systems used to identify individuals based on voice or face.
At the same time, nefarious individuals or groups are exploring how to use AI to improve the success of phishing and social engineering attacks by crafting more realistic emails and texts. Hackers can even use AI to find the best way to access remote systems.
Voice is still a target
The panel spent a lot of time talking about AI, but it's still an older tactic -- toll fraud -- that is causing sleepless nights for telecom managers. Toll fraud cost businesses nearly $39 billion in 2023, a 12% increase from 2021, according to the Communications Fraud Control Association.
Preventing toll fraud becomes even more complex as organizations juggle their shift to cloud-based calling and contact center platforms while retaining PTSN access to ensure global connectivity and call routing. Here, too, a proactive approach is required, panelists said.
Messaging concerns increase
The rise of team messaging for internal collaboration and consumer messaging channels for customer engagement poses another UC security challenge. Regulators have fined U.S. companies billions of dollars in the past several years due to employees improperly using consumer channels for regulated customer communications.
This has led organizations to increase efforts to monitor or block channel engagement, as well as ensure that supported messaging channels meet business needs. Simply blocking communications because of management concerns is a recipe for employees to go around IT and use what they need to do their jobs.
This year's panel reinforced why organizations need to establish a proactive approach to secure communications, collaboration and customer engagement apps and services. It also highlighted the importance of security, application, and business teams working hand in hand to deliver capabilities that balance business and employee needs with the need to minimize the risk of attack and data loss. Finally, panelists discussed the benefits of investigating vendors' products engineered to address specific threats or compliance requirements.
Irwin Lazar is president and principal analyst at Metrigy, where he leads coverage on the digital workplace. His research focus includes unified communications, VoIP, video conferencing and team collaboration.
