UK Enterprises Concerned Voice-Activated Devices Could Easily Leak Data, Affecting GDPR Compliance

With speech recognition and voice-activated personal assistants slowly making their move into the corporate world, companies will have to adjust their security and digital strategies, infrastructure and customer interactions.

Voice-activated devices might leave networks more prone to attacks, if we consider the countless security incidents with the popular Google Home and Amazon Echo. The two voice-activated smart devices were easily hacked and turned into recording tools, sharing private conversations without user consent. It’s events like these that make businesses wonder if voice can truly become a valuable authentication method, often viewed as a possible extra layer of security in multi-factor authentication.

Although they understand the benefits and business opportunities of voice technology, enterprises in the UK have mixed feelings about voice channels, Aeriandi, a provider of hosted PCI compliance solutions for call centers, showed in a study at IFSEC security event in London. UK businesses are concerned voice channels could affect their GDPR compliance by exposing data to third parties.  According to 72 percent of respondents, voice technology may become a top threat in the near future, requiring increased efforts to ensure its security.

As many as 70 percent of respondents acknowledged the importance of voice channel security and said it should be part of their cyber strategy. Even though enterprises understand securing voice-activated technology is needed, 69 percent don’t see it as a top priority and are still uncertain who should take responsibility for it.

Only 37 percent said the IT security team should be responsible, while 64 percent named other non-security departments such as customer care or general IT teams. For now, businesses are more focused on improving security to reduce malware and phishing risks than on voice security and authentication.

“We live in an age where the topic of data security is barely out of the news. Many organizations live and die by their ability to keep our data safe, which is why billions of pounds a year are spent on doing just that,” said Aeriandi CEO Matt Bryars. “However, a chain is only as strong as its weakest link and for many organizations, the voice channel is an often-overlooked vulnerability that ends up being its downfall. With estimates that between 30 to 50 per cent of all fraud incidents are initiated with a phone call, organizations must give the voice channel equal priority to other cyber-attack vectors.”

Identification and access control through biometrics such as signature dynamics, voice, fingerprint, gait and facial recognition has been deployed, due to its uniqueness, for extra authentication in fraud prevention. Sure, it’s not always completely reliable or without flaw, but it’s a work in progress, some would argue.

 



*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Luana Pascu. Read the original post at: http://feedproxy.google.com/~r/BusinessInsightsInVirtualizationAndCloudSecurity/~3/-7JIlJ_bXcg/uk-enterprises-concerned-voice-activated-devices-could-easily-leak-data-affecting-gdpr-compliance