58% of CIOs Expect IT Spending to Increase

New market research from global media business UBM Tech offers insights into chief information officers (CIOs). When it comes to their main business challenges, CIOs view lowering costs, network uptime, IT innovation and security breaches at the top of the list, according to “The CIO State of Mind – How to Successfully Engage with CIOs.”

CIOs view mobile and security as key IT priorities, the UBM Tech research found. Fifty-four percent of CIO respondents, moreover, said they would like their IT organization to do more with mobile apps and devices, while 53 percent would like to improve security.

CIOs are also optimistic when it comes to IT spending: 58 percent said they expect it will increase year over year in 2014.

When it comes to how CIOs make technology decisions, UBM Tech found that they rely heavily on peers. While the CIO ultimately makes the decision, “the purchase process is extremely collaborative,” according to UBM.

Sixty-five percent of IT execs get involved in new tech purchases. Seventy-three percent of respondents said management’s view is an important part of making tech decisions. Twelve people are involved in such decisions on average, UBM found.

Commenting on the report, UBM Tech Research Director Amy Doherty said, “CIOs rely heavily on peers for input when they are making technology decisions. Tech marketers would be wise to include peer-based insight across their content marketing strategies.”

The Relationship Between VoIP and Unified Communications

Often we talk about unified communications and business VoIP as if they were two separate products. And they are, to a point. Business VoIP is IP-based phone service and unified communications (UC) is not only voice but also video conferencing, chat and presence all rolled into one.

Business VoIP and UC are deeply related, however, and while you can have business VoIP without UC, you can’t have UC without a strong business VoIP foundation. That’s because voice is a crucial component of UC. It is the foundation, really. UC is the unification of all communication channels, and voice is the foundational business communications channel outside of direct, face-to-face interaction. No good UC platform can stand without good business VoIP at its core. In many respects, UC is just business VoIP expanded with integration from the other channels.

This is how UC starts for many businesses, too. A business phone system becomes a VoIP system, and once the business has the flexibility and features of IP-based phone service it is only a short hop to bring VoIP together with other communication channels.

Business VoIP is not only the foundation of UC, but it also is the gateway for most businesses.
The first step for any business that is considering UC is getting the business VoIP component right.

VoIP Termination Operators Evade Fees in India

The process of terminating VoIP calls has its fair share of regulations, just like any other service, but sometimes ensuring that operators stick to those regulations is half the battle. In India, this seems to be the case, as 14 international gateway operators appear to be dragging their feet when it comes to paying their annual license fees. In fact, they have failed to pay the fees even after repeated reminders from the telecom regulator.

According to officials, the 14 operators that have neglected to pay their license fees owe around Tk 700 million (or approximately $9 million). Up until 2013, the annual license fee for international gateway (IGW) operators was Tk 70 million (or about $903,771), but beginning this year moving forward, the fee will be significantly reduced to Tk 35 million based on an amendment to the IGW guideline.

So, if fees are lowering this year, what’s the hold-up? Whatever the reason, the Bangladesh Telecommunication Regulatory Commission (BTRC) has set a hard deadline for these operators. Under the timeframe, they have until June 30 to pay any outstanding fees, after which point they will be subject to administrative action taken by the BTRC. Some operators asked for extensions to the deadline but have not given any indication of getting the fund together.

It’s important for the government to collect these fees, as they are key to its revenue for the sector. According to officials, these operators not only owe their annual fees, but also dues with the regulator from revenue sharing part of their income—dues that could be worth up to Tk 10 million.

The BTRC is playing hardball with these operators as a result. It has suspended or cancelled the operations of 11 of the IGW operators that have failed to pay their fees. Other operators have fled altogether to avoid the payments and have shut their doors on their own.

VoIP Crimes in Kenya Raise Serious Concerns

Kenya’s financial institutions lose nearly Sh1.6 billion yearly to cases of fraud and cybercrime, according to a shocking report published this month by the 2013 Banking Fraud Investigations Department (BFID). Even more concerning, the statistic marks a nearly 300 percent increase over a nine month period in 2013.

As the developing world gains access to the Internet, the immense vulnerability and lack of infrastructure in these nations is exposed. Pouring resources into advancing technology and restructuring the way businesses operate is not enough to raise them among the ranks of the global economy. Often, the trappings of the internet and overexposure lead them even more susceptible to criminal activity, and in this case fraud.

Even more devastating to the hopes of Kenya and other nations, these crimes are often produced “through schemes hatched by employees, [who] took advantage of the online and mobile banking platforms to temper with the web systems in their respective banks to siphon out the cash,” according to William Makatiani, managing director of Serianu Limited, a leading IT services firm in Kenya.

As the banks become more digitized, internet transactions, online banking, mobile money transfers and cyber credit card and check payments become increasingly the norm in a country that does not possess the ability adequately protect all of these assets. Makatiani highlights the two fold advantage to these fraudsters of preying on a population with a “growing dependence” on the new infrastructure and a “perceived lower risk of detection and capture…as compare to more traditional crime.”

Hackers are preying as well on the popularity of VoIP services, breaking into private branch exchange (PBX) phone systems to make illegal and fraudulent calls on behalf of the bank they represent, and taking money from unsuspecting civilians. Banks are equally hurt as they are left completely liable for the lost money. “Car selling companies” based on the internet are also targeting unsuspecting consumers selling them ghost cars and other nonexistent goods.

Beyond the banking industry, the Kenyan government itself is facing major risks with their newly launched programs. The Kenya Revenue Authority’s iTax system, the Kenya Trade Network Agency, and the Integrated Financial Management Information System, all face serious threats. In 2013, network attacks grew by 108 percent to 5.4 million compared to just 2.6 million the previous year. Makatiani states that nearly “85 percent of all Web application in the country are unsecure and available for attacks.”

Kris Senanu, chairman of Telecommunications Service Providers of Kenya, a technology industry lobby group, sees a partnership between the private sector and the government as the solution to the growing threat. Senanu called for corporate and government organizations to impose security sanctions at the beginning of ICT (information communication technology) infrastructure creation.

The Principal Secretary in the Ministry of Information, Communications and Technology, Joseph Tiampati ole Musuni responded with the promise of a National Cybersecurity Strategy to research, create and regulate the growing problems in Kenya’s technology industry. He envisions a Kenya Computer Incident Response Team Co-ordination Center to be formed and operational by August of 2014.

The example of Kenya points to the realities of technology in developing countries. Simply dropping off advanced systems and operations at their doorstep is not enough to aid developing countries in playing catch up with the global superpowers. These are delicate states with intense structural inequalities and problems that cannot be fixed with faster processors. The entire society must play a role in the advancement of the economy and technology, and cannot leave gaping insecurities that will render them even more powerless.

Following Heartbleed, VoIP Providers Continue to Reassess Security

The open-source cryptographic library OpenSSL showed the world that it had a major vulnerability this past April. Known as the “Heartbleed” bug, OpenSSL proved itself vulnerable to hackers who wished to exploit its process that functioned to keep two computers in communication with one another. It appears, however, that Heartbleed was not the only flaw because the OpenSSL project recently named six additional vulnerabilities associated with the platform.

The advisory report the group initially released June 5 lists the six vulnerabilities. The list includes a DTLS invalid fragment vulnerability, a SSL/TLS MITM vulnerability, a DTLS recursion flaw, a pointer dereference, a session injection or denial of service, and an Anonymous ECDH denial of service bug.

Out of these six, Tech Republic points out that the first two are most worrisome. OpenSSL describes the DTLS invalid fragment vulnerability as “a buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server.” And it continues by mentioning that the vulnerability “is potentially exploitable to run arbitrary code on a vulnerable client or server.”

Tech Republic points out that this bug can affect businesses utilizing VPN and VoIP platforms because those platforms may require the use of DTLS – a method of encrypting UDP packets. Hackers taking advantage of the DTLS vulnerability could potentially run code on a business’s server from a remote location, so any business in the VPN or VoIP market will want to examine its code to find out if this flaw could hinder its operations.

The other worrisome problem, the SSL/TLC MITM vulnerability, stretches back to the early days of the software, and exploiting this flaw, “an attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server,” OpenSSL reports. Public Wi-Fi hotspots and open source VPNs may be at risk here, Tech Republic says, and that could result in the vulnerability as able to affect a substantial number of people.

Organizations operating VPNs, VoIP software products, Wi-Fi hotspots, or open source VPNs will want to upgrade their services as quickly as possible. OpenSSL says that the vulnerabilities have been patched and that users can upgrade their software versions to take advantage of those patches. Users of such services may still want to check that the software and platforms have been upgraded and are using that patches so they are not caught in any possible hacker crossfire.

BYOD, VoIP Go Hand in Hand in the Enterprise

BYOD is sweeping across the business landscape, with employees using their personal smartphones and tablets for work whether or not businesses have BYOD policies in place. Using a personal cell phone to make a business call on the road is too compelling for most employees who are not furnished with a company phone. Even those who are given a company cell phone often pivot to their personal phone due to its familiarity.

Companies can watch as employees give out personal cell phone numbers and use their own phones, or they can get proactive and adjust their office phone systems to accommodate the shift. For most, accommodating the BYOD revolution means getting a more mobile-friendly business phone system, which means VoIP.

“While new cloud technology has made it possible for remote workers to be just as productive outside the office as in it, today’s business phone systems are taking that remote access to the next level,” noted a recent Business News Daily article on the trend. “Rather than having to be at their desk to receive business calls, employees have the freedom with Voice over Internet Protocol (VoIP) technology to take and make business calls from anywhere without the need for a business-dedicated cell phone.”

VoIP enables employees to seamlessly move between the office and a mobile environment without having to move off the business phone system. With VoIP, employees can use a smartphone app or web interface to place and receive calls from their personal cell phone using their business phone number. This eliminates the need for employees to give out their personal phone numbers, and it presents a much more professional business image.

Another advantage is that workers can leverage their work address book when outside of the office, avoiding the need to keep two sets of contacts. Crucially, VoIP also helps employees stay connected while outside of the office, which helps not only with BYOD but also with a mobile workforce in general. With VoIP, employees can easily check their voicemail from any location, not just when they are in the office.

Customers and fellow employees also can reach mobile workers through the company phone system when VoIP is used. With VoIP, it is possible to have calls through the company directory routed to any smartphone. So even if an employee is on the road and using a personal cell phone, the customer calling through the company’s main phone number will not know the difference.

BYOD, mobility and VoIP go hand in hand, which is just one reason why the number of businesses adopting VoIP is on the rise according to just about every survey.

Bipartisan Speakers Talk about “Customers, Competition and the 1996 Telecom Act”

Recently, current and former Members of Congress, consumer advocates and CEOs from the nation’s leading competitive broadband providers joined with customers to discuss the enduring benefits of competition forged in the landmark 1996 Telecom Act.

The event – “Customers, Competition and the 1996 Telecom Act” – was hosted by COMPTEL and The Broadband Coalition in the historic Jefferson Building of the Library of Congress, the original site of the signing of the 1996 Telecommunications Act.

Also during the event, the Broadband Coalition launched a new effort called Customers for Competition to highlight the needs of their business customers in the debate over the future of broadband networks.

“The site will be building stories from all over the country, from customers who benefit from competition,” said COMPTEL CEO Chip Pickering at the event. “There is a broad group of business, individuals and communities that believe in the same principles of competition.”

The Future of Brazilian Telecom Market

In honor of this weekend’s world cup final, let’s take a look at the telecom market in host country, Brazil.

The acknowledged world soccer capital of Brazil has a thriving telecom market and according to a recent research report, it is going to be a whopping $83.72 billion market by 2018.

According to Frost & Sullivan’s Analysis of the Brazilian Total Telecommunications Services Market, the market is expanding by leaps and bounds at a compound annual growth rate of 4.2 percent. The deployment of new generation of communication technologies is supporting the rollout of new applications and services for the Brazilian consumer and business segments, driving the telecommunication growth in the country, analysts pointed out.

The report has predicted further growth in the upcoming years. Although the adoption rate of pay TV, fixed and mobile broadband and value-added services is not exactly very high at the moment, it actually points to vast untapped potential in the market, the report emphasized. The competition in the pay TV and broadband space is likely to slash the prices of telecommunication solutions and services making them more affordable for the lower income consumers. This will drive large scale adoption of telecommunication applications and services by the cross sections of Brazilian population, the report noted.

In order to attract more customers, the providers are expected to walk the path of innovation, bundling new solutions with existing ones. Thus the near future might see Brazilian providers launching unique business models in an effort to extend their reach in the Brazilian telecommunications services market. Thus over the top video and machine to machine services and mobile payment services are some of the services that are likely to debut in the Brazilian market in the upcoming years.

Cyber cops bust another telecom fraud ring

The Anti-Cybercrime Group of the Philippine National Police busted another online fraud syndicate, arresting 35 Taiwanese and two Chinese and seizing equipment in a raid in Paranaque City Wednesday.

Senior Superintendent Gilbert Sosa said the operation was mounted after a request for assistance from Jerry Chih-Yung Wang about a Taiwan-based transnational syndicate that victimized Taiwanese and mainland Chinese.

The syndicate would use a VOIP Internet call system to contact potential victims, introducing themselves as police officers, prosecutors, judges and other government officials.

The victims would be told they were under investigation for money laundering, fraud or other crimes and ordered to deposit money in a secure bank account.

Sosa said the team that served the search warrant found the suspects contacting victims.

The suspects, who will be charged with violating Republic Act 8484, or the Access Devices Regulation Act of 1998, have been turned over to the Bureau of Immigration and Deportation for processing.

£35,000 SIP Trunk Fraud Case Decided

A recent article in PrintWeek caught our attention for its story about a small printing company’s phone system getting hacked.

Frip Finishing was the target of a fraud carried out by unknown third-party hackers over the Halloween weekend in 2011 that resulted in it being invoiced for call charges totaling £29,631.50 for the month of October 2011. (Frip’s normal phone bill was £10.) Over one holiday weekend, 10,366 telephone calls were made, the majority of which were to a premium rate number in Poland.

Frip’s VoIP service provider, VoiceFlex, attempted to sue the print company for the money owed, claiming that Frip failed to “take all reasonable steps to secure its network, so as to prevent unauthorised access to [Voiceflex's] SIP trunks system”

After a two year legal battle, Frip was cleared of any liability for the fraud and awarding its legal costs in defending the claim brought by its VOIP telephone service provider. Presumably leaving VoiceFlex stuck paying for the fraudulent telephone calls, as well as the additional legal costs.

This telecom fraud attack is a classic scenario – a subscriber does not properly protect their access to a network, gets hacked during a time when no one is paying much attention, and a fraudster pumps traffic to a premium number.

Telecom subscribers today look at telecom fraud like they do credit card fraud, expecting not to have any liability over fraudulent behavior. This leaves service providers as the party that is most hurt by fraud, as they must still pay for terminating services.

Telecom service providers can protect themselves by proactively monitoring their network with software like TransNexus’s SDReporter. If VoiceFlex had been using SDReporter, the software would have detected the unusual spike in traffic to the premium number in Poland, and would have alerted VoiceFlex in real time. SDReporter could also automatically block the fraudulent calls, stopping the incident long before it racked up tens of thousands of pounds in fraud charges.

For more information on SDReporter and to request a free trial, click here.