Report: 47% of orgs experienced a voice phishing attack last year

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 — 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

A new report by Mutare reveals serious shortcomings in enterprise security protections against voice network attacks. According to the report, nearly half (47%) of organizations experienced a vishing (voice phishing) or social engineering attack in the past year. The issue of these attacks is widely underreported as legacy voice networks are often ignored as a point of egress. The associated risks go unrecognized, particularly with the accelerated adoption of unified collaboration tools like Microsoft Teams and Slack, where voice and data networks converge.

The majority of enterprises are unaware of the volume of unwanted voice traffic (phone calls) that traverses their voice network, or the significance of threats lurking in unwanted traffic — robocalls, spoof calls, scam calls, spam calls, spam storms, vishing, smishing and social engineering. Within the organizations that were the victims of a voice attacks in the past year, nearly one-third (32%) involved SMS/text scams, followed by attacks on collaboration platforms such as Cisco WebEx and Microsoft Teams (16%), and voice networks (14%).

Mutare’s Index of Unwanted Voice Traffic report shows that across all industries 9% of all calls (or, voice traffic) received by businesses are unwanted.  Moreover, 45% of all unwanted traffic is tied to nefarious activity, while 55% is tied to nuisance activity. The most significant source of security risk, according to 43% of survey respondents, stems from employee errors. That was followed by the risk from email (36 %), endpoints (35%), data networks (17%), data storage (12%) and applications/core systems (9%). Only 10% of respondents cited their voice networks and phone systems as the biggest source of security risk in their organizations, reinforcing the widespread lack of awareness about this problem. Even with these risks identified, more than 1/3 of businesses are unaware of their levels of unwanted voice traffic, which poses a significant threat to employee security and staff productivity.

Organizations simply are not investing in voice network protection. Security awareness training was cited by 36% of respondents as the top solution to protect against voice phishing (vishing) and SMS phishing (smishing) attacks. More than one-fourth of survey respondents (26%) were unsure about which tools were being used to protect their voice networks and 9% said their organizations had no solutions in place whatsoever. Despite this, 81% agreed or strongly agreed that their organizations identified vishing, smishing, social engineering, and robocalls as major security threats.

The survey was taken by more than 150 onsite attendees at tech industry trade shows, RSA and Cisco Live in June 2022.

Read the full report by Mutare.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.