VOIP on the front
burner"> Cressey used part of his keynote to call on VOIP (voice over IP) developers to put security on the front burner. To read more about the threats facing VOIP, click here."VOIP is today where the Internet was 10 years ago. Everyone acknowledges that security is a big issue, but no one is making it a top priority. We know we need to worry about it, but were not doing anything about it," he said. The growth of VOIP in the enterprise has led to several vulnerabilities in the technology, including the ability to launch denial-of-service attacks, caller-ID spoofing or the hijacking or voice sessions. "Nobody is baking security into the [VOIP] products just yet. If this truly becomes ubiquitous, it will be back to the future. Well be scrambling to fix it just like were scrambling today to deal with spam and viruses." Cressey urged enterprise IT leaders to take a holistic approach to managing risks, arguing that executives must resist the urge to use return on investment to drive spending on security. "Instead of ROI, you should be adopting new acronyms like ROR [Reduction of Risk] or ROC [Return on Compliance]." Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Describing VOIP security as the great challenge of this decade, he said it would be a "big mistake" for another nascent industry to emerge without built-in protections.