Don’t overlook the elevated risks in the rush to cloud, warns BICS' Head of Fraud prevention and Security
With a 20-year track record in international connectivity, fraud prevention and network security, BICS has seen trends in the activity of bad actors come and go as the business world itself has transitioned from traditional telecoms to UC.
As this has brought many new entrants into the market at speed, opportunistic fraudsters have not been slow to take advantage. And as the world reacts to a global crisis, sadly attacks have only proliferated at an accelerated rate, seeking vulnerabilities in providers making hasty transitions.
We caught up with Katia Gonzalez, Head of Fraud Prevention and Security at BICS, to talk about the implications of this for secure communications in 2020:
“UC providers have less experience than telcos in managing fraud and handling security breaches. Their focus is, understandably, on growing their business and acquiring as many customers as possible”
“Yet fraud is a huge and growing issue. In 2018 and 2019 respectively, we saw 30% and 32% increases in fraudulent attacks to UC providers on the BICS network”, she explained. “Many of these are multi-layer businesses where a set of numbers or lines are allocated to one business who will lease or allocate part of that provision to another, which creates a lack of transparency, and an increased surface area of attack.”
And as the user base increases, that vulnerable attack space does also, just when the world needs it least. While BICS’ customers benefit from embedded attack prevention capabilities, many public institutions are running older software with a lot less protection. “Right now we see elevated DDoS attacks on emergency services, which is very sad given what’s going on in the world.”
UCaaS makes the most sense for organisations who need to focus on their core activities, rather than try to compete in the endless arms race against hackers and fraudsters. By outsourcing this effort they remain contractually supported, whatever their size and speciality. As Gonzalez continued, “Standalone DDoS protection solutions are quite expensive, but we embed ours in the Session Border Controller (SBC), so all the traffic, in or out, goes through this. We make sure all our customers are protected.”
BICS’ years of experience in tackling these criminals and stopping fraud attempts is what makes the difference, as what is happening today is essentially the continuation of an existing pattern. As Gonzalez reminded us, “this big increase that we have seen in fraud in the past two years across all cloud communication providers is mainly driven by the same kind of activity that we have seen for years in traditional telco businesses. There’s nothing dramatically new. Fraudsters are just adapting their procedures. And for them, attacking cloud communication services is by far a better deal as generally it’s easier to do.”
Indeed, the very efficiencies of cloud-based working that customers enjoy, offer benefits for the attackers too. However, outsourcing defence to a provider like BICS means outsourcing the vigilance and continual worry about incoming threats from any direction. “One of the advantages our customers have while working with us is the combination of our experience and our global view”, Gonzalez concluded.
“We can track attacks happening today in Australia, react as they shift to Zimbabwe tomorrow, and analyse traffic patterns immediately to build additional protection into our firewalls”
And like the best defensive moves, most people don’t even see it happening — they just enjoy uninterrupted secure communications worldwide, through their BICS-supported platform of choice.