VoIP Applications Create A New Cybersecurity Challenge
By: Matt Goggin
Despite the text messaging we do, and the rise of online chat and chatbots, the number one channel for customer engagement is still voice, and there is no indication voice will ever lose its leading position in the contact center space.
Why is voice so attractive, and in some instances gaining ground?
The answer is simple: getting to the bottom of a non-trivial problem takes less time when two humans speak, especially when the human answering the call is an expert in whatever the issue may be.
The popularity of voice, especially for high-value interactions is driving tremendous innovation across what is now more commonly being called “Customer Experience,” or CX. For example, in the luxury travel industry, concierge services can be provided to rewards program members, or in the wealth management industry, financial advisors are able to respond successfully to high-net-worth clients.
CX providers are now leveraging instantaneous voice transcription, for example, to capture, store, analyze and create instruction for the agent in real-time, thus enabling them to solve problems more precisely and answer questions in a personalized way. It can also be used to provide ongoing insights and trends which can enhance the entire business, using AI applications that run across all channels (voice, text, social media, embedded, and more).
“This call may be recorded for quality and training purposes” has become standard, but today those recorded conversations are now stored in vast big data lakes and are tapped for many valuable applications. Often APIs are used that share the raw data (from inbound at the contact center for example) and feed that data into third-party applications. Data is being shared at a dramatically increasing rate, as the telecom API market is poised to reach over $300 billion (from zero in 2000, before the creation and adoption of APIs began).
An API is a set of standard software functions an application can use, and large tech companies including IBM and Oracle are building CX businesses around them. Telecom APIs enable a third-party company to access data/information from telecom network operators for purposes of application support and the delivery of Value-added Service applications. Twilio has been an innovation leader, building and monetizing with tens of thousands of developers, including those in the CX industry.
The conversational economy is here, and AI has helped fuel value creation in that economy, analyzing billions of conversations a day in the CX space. Have we paid enough attention to ensuring these innovations are secure?
Some immediately think of voice biometrics – voice authentication – as the answer. That technology is still nascent, and ultimately it only protects one consumer at a time, when they wish to access personal information, for example, including through modern IVR systems. Whether authenticating voices from a voice call, or even a connected IoT device that is voice-activated, IT teams are charged with ensuring comprehensive security, identity, and compliance for every voice interaction.
Companies like Pindrop help contact centers authenticate customers and detect fraud throughout the lifecycle of a call. They assist by analyzing the audio, voice, behavior, and metadata to create call risk scores and customer credentials. Other companies are advancing voice biometrics and security analytics applied to voice sessions. These are all important and valuable services, but if the network itself is not secure, attacks on the infrastructure and theft of highly sensitive and personalized data can cause significant damage.
Securing voice traffic is not new; Session Border Controllers (SBCs), for example, work with the Session Initiation Protocol (SIP) used to connect phone calls over Internet Protocol (IP). SBCs have been in place for contact centers using firewalls that prevent criminals from infiltrating networks. Encryption of voice traffic and protection against denial of service attacks and toll fraud to keep conversations private while preventing others from using them illegitimately are steps in the right direction. However, the stakes are now higher. Now that every conversation can be transcribed into data which can be exfiltrated from large data storage (often held in AWS and other cloud environments).
This new architecture supporting new services, including big data analytics, is coming under new scrutiny by regulators. This is especially true in the healthcare industry where HIPAA and other requirements are present, and in the financial services and credit card industries where SOX, PCI, and other requirements are increasing. On the one hand, regulators are concerned about adversaries being able to benefit from transcribed voice information. While on the other hand, they are looking at advances there to be able to screen more efficiently as part of their audits to ensure providers are compliant.
While it would have been impossible a few years ago to be able to search key words against billions of calls, companies like CustomerView have developed extraordinary capabilities in the transcription and analytics world. These advances enable communication service providers to comply more easily with FCC regulations, including offer compliance.
Dispersive’s contribution to a fully secure networking and application “stack” is providing a better way to transmit data over IP networks, including data that is shared via APIs into a cloud-hosted database or an application. We make data sharing through integrations with third-party applications more secure and performant with faster processing times based on our proprietary methods.
Dispersive™ Virtual Network deployments are composed of three fundamental components: endpoint clients/gateways, strategically placed deflects, and controllers. These components make our solution ideal for distributed systems including cloud-based contact centers which connect thousands of agents, managers, applications, databases, and other innovations. Our solution enables the personalization of every conversation, reduces handle time, which improves customer satisfaction and lowers cost, and generally provides better outcomes for businesses and their customers.
Please reach out if you’d like to learn more about Dispersive™ Virtual Network’s benefits for CX systems, platforms and applications. — Matt Goggin
Critical Infrastructure On Edge: Colonial Pipeline Is Only the Latest Example of the Massive Risks Associated with Attacks
This past week Colonial Pipeline company, which operates a pipeline that carries gasoline, diesel fuel, and natural gas along a 5,500-mile path from Texas to New Jersey, was forced to take itself offline after being attacked by a criminal cyber gang. The pipeline, which carries 2.5 million barrels a day, nearly 50% of the East Coast supply of diesel, gasoline, and jet fuel, is still working to restore service and gain access to their systems after the malicious cyberattack, while its four mainlines remain offline.
Financial Services Companies Struggle With The Work from Home Digital Perimeter With Serious Cyber Attacks on the Rise
When pandemic lockdowns turned many jobs into work-from-home almost overnight, some industries experienced relatively seamless transitions; however, the banking industry was not one of them. These institutions were forced to pivot from traditional office environments, but the switch to remote working came with an abundance of challenges, the most serious being cybersecurity.
With physical retail re-opening, large retailers with hundreds or thousands of locations are rethinking their security strategies, especially when it comes to Point-of-Sale (POS) systems.
Retailers need reliable, resilient networks, as downtime leads to slow checkout lines and unhappy customers.