After conducting a national survey into IP Telephony Security, Sydney-based integrator, Integ, has revealed that 97 per cent of organisations do not have sufficient security measures in place when they implement IP telephony and as a result are putting their data networks at risk.
The survey also found that 65 percent of organisations were currently in an IP telephony trial, assessment or review phase.
"Adoption of IP telephony is not an issue, everyone understands the fundamental benefits of it," said Integ CEO, Ian Poole. "But organisations are still not addressing the security threats that affect IP telephony."
Poole said organisations were aware of security threats to existing data networks, but were not aware of the risks when data networks were converged with new IP telephony systems.
"It's a whole other kettle of fish when you converge these systems," he said. "Organisations were not aware that when they put IP telephony on top of their data network it would create additional security issues."
Organisations that do not build robust secure systems from the bottom up and address the additional threats associated with IP telephony could put their whole network at risk, he added.
Although 93 percent of respondents had implemented antivirus software, 48 percent indicated they were still affected by virus attacks.
A whitepaper released by Integ (can be downloaded from http://www.integ.net.au/uploads/downloads/Whitepaper_finalemail2.pdf) detailed the top five security risks as Denial of Service (DoS), Spam over IP Telephony (SPIT), Virus/Worms, Eavesdropping and Toll Fraud.
SPIT and Toll Fraud registered as the two main threats that organisations were not aware of, polling at 68 percent and 40 percent respectively among respondents. DoS, Viruses and Eavesdropping were all between 25 percent and 35 percent.
Poole said many of the threats went unreported because organisations were either unaware they had been targeted, or underestimated the attacks.
"You have to build on top of your network," he said. "Make sure the data infrastructure is secure right down to the nth degree because these threats are enough to cripple any organisation."
Poole said organisations needed a security policy in place that encompassed not just IT security but policies associated with physical lockups and infrastructure security.
To better manage the risks, Integ's whitepaper also suggested six steps in deploying secure IP Telephony. These included securing handsets, PBX and call management systems, switches and routers, LAN and WAN, desktops and servers, and securing the knowledge associated with it all.
"If organisations don't address these issues, they will end up being reactive instead of proactive and incurring additional costs," he said.
The data was collected during an October road show when Integ travelled to Perth, Sydney, Melbourne and Canberra, surveying more than 200 medium to large business and government agencies.