Urgent Need for Enhanced Security Measures in Communication Practices

December 13, 2023

I am reaching out to underscore the critical importance of addressing a substantial vulnerability in our current communication practices – specifically, the widespread lack of encryption in voice, chat, and video calls.

 

Recent statistics reveal a concerning surge in cyber attacks, with German companies alone sustaining a staggering €206 billion in damages over the past twelve months, predominantly due to espionage, sabotage, and data theft. A significant portion of this damage, amounting to €148 billion, can be attributed to cyber attacks, highlighting the severity of the issue.

 

One of the glaring gaps in our defences lies in the persistent use of unencrypted communication channels. Such practices inadvertently provide a gateway for attackers, particularly in the case of VoIP and video calls. These communication modes, utilizing well-known ports and easily identifiable network packets, become easy targets for malicious actors.

 

While encrypted packets may reveal the existence of voice and video calls, their content remains inaccessible without decryption. Unfortunately, encryption is woefully underutilized in civilian applications, leaving conversations vulnerable to real-time interception by potential attackers. Furthermore, unencrypted VoIP exposes critical information about call participants, including names, phone numbers, email addresses, and more, providing a fertile ground for targeted attacks.

 

We refrain from elaborating on the myriad ways unencrypted communication systems can be exploited and attacked, considering the sensitivity of this information. Suffice it to say that in the current landscape, unencrypted communication poses an unacceptable risk that demands our immediate attention.

 

Looking forward, it is imperative for organizations to transition to robust encryption methods. Even the most secure encryption algorithms today may be rendered obsolete within the next 5 to 10 years due to advancements in quantum decryption. As of early 2024, NIST will announce post-quantum encryption methods, and we strongly recommend adopting the most secure method at that time.

 

Allow me to emphasize the urgency of this matter. From my own encounters, I've witnessed organizations reluctant to invest in cybersecurity, only to pay exorbitant sums post-ransomware attacks to retrieve encrypted company and customer data. Commercial prudence dictates a proactive approach, especially in an era where cyber attacks aim not only for financial gain but also for maximum disruption.

 

Consider the repercussions: every unencrypted VoIP call is susceptible to recording and subsequent keyword-based searches by malicious software. Relevant content can then be selectively presented to hackers, enabling targeted attacks. For boards using voice or video calls for meetings, this poses a significant risk, as strategic and confidential information becomes susceptible to exploitation on stock markets or through direct extortion.

 

In conclusion, the encryption of all VoIP and video calls, coupled with securing server IP through encryption, is a pivotal step in mitigating the immediate risks associated with these communication channels. I urge your consideration of these critical security enhancements for the safeguarding of our organization's sensitive information and strategic objectives.

 

Thank you for your time and attention to this matter.