Mutare Voice Network Threat Survey Shows Nearly Half of Organizations Experienced Vishing or Social Engineering Attacks in Past Year
July 2022 by Mutare, Inc.
Mutare, Inc. released a new industry Voice Network Threat Survey that reveals serious shortcomings in enterprise security protections against voice network attacks. With responses from cybersecurity and networking professionals at RSAC 2022 and Cisco Live, Mutare found that nearly half (47%) of organizations experienced a vishing (voice phishing) or social engineering attack in the past year. More troubling, most are unaware of the volume of unwanted voice traffic (phone calls) traversing their voice network, or the significance of threats lurking in unwanted traffic, which includes robocalls, spoof calls, scam calls, spam calls, spam storms, vishing, smishing and social engineering.
Mutare’s Index of Unwanted Voice Traffic shows that across all industries nine percent of all calls (or, voice traffic) received by businesses are unwanted. Moreover, 45% of all unwanted traffic is tied to nefarious activity, while 55% is tied to nuisance activity. Remarkably, more than one-third of respondents to the Voice Network Threat Survey (38%) said their organizations do not collect any data on the amount of inbound, unwanted, and potentially malicious voice traffic hitting their organizations. Of those that do collect such data, 23% of respondents estimated that 5% to 10% of inbound calls were unwanted, followed by 15% of respondents who estimated that over 10% of inbound calls were unwanted, and 10% of respondents who estimated that over 20% of calls were unwanted.
The biggest source of security risk stems from employee errors, according to 43% of survey respondents. That ranking was followed by the risk from email (36%), endpoints (35%), data networks (17%), data storage (12%), and applications/core systems (9%). Only 10% of respondents cited their voice networks and phone systems as the biggest source of security risk in their organizations, reinforcing a widespread lack of awareness about this problem.
More than one-third (36%) of respondents cited security awareness training as the top solution to protect voice networks from Vishing (voice vishing) and Smishing (SMS phishing) attacks. That approach was followed by traffic firewalls (34%), spam blockers (26%), training for vishing attacks (20%), training for social engineering (23%), and threat detection (13%). In addition, more than one-fourth of survey respondents (26%) were unsure about which tools were being used to protect their voice networks, and 9% said their organizations had no solutions in place whatsoever to protect their voice networks.
Other findings from the survey included:
• More than four-in-five respondents (81%) agreed or strongly agreed that their organizations identified vishing, smishing, social engineering, and robocalls as major security threats
• For those organizations that received voice attacks in the past year, nearly one-third (32%) involved SMS/text scams, followed by attacks on collaboration platforms such as Cisco WebEx and Microsoft Teams (16%), and voice networks (14%). 35% of respondents were unsure about what types of attacks had struck their organizations.
• The responsibility for overseeing voice security was almost evenly divided between responses for the Security Team with 38%, and the Network Team with 37%. In addition, 15% of respondents cited the Unified Communications/Collaboration/Voice Team as being responsible for their company’s voice network security.
The Mutare Voice Network Threat Survey was taken by more than 150 onsite attendees at tech industry trade shows in June 2022. More than half of respondents (54%) came from the Technology and Innovation industry, followed by Government (12%), Education (9%), Financial Services (7%), Healthcare (5%), and Legal (3%). The largest group of respondents came from midlevel specialists and managers at 44%, followed by senior executives (27%), entry-level employees (13%), and C-level execs (9%).