Research from Enea reveals 76% of enterprises lack sufficient voice and messaging fraud protection as AI-powered vishing and smishing skyrocket following the launch of ChatGPT. Around two-thirds (61%) of enterprises still suffer significant losses to mobile fraud, with smishing (SMS phishing) and vishing (voice phishing) being the most prevalent and costly. That’s according to a new global survey undertaken by Enea which gathered insights from more than 400 telecom operator and enterprise respondents about the state of mobile fraud and network security.
The report, titled “Mobile Network Security: Bridging the gap between enterprise needs and CSP capabilities” sheds light on the extent of fraud perpetrated through vital telecom channels used by enterprises worldwide. Enterprises account for a significant share of communication service provider (CSP) subscribers and an even greater share of their revenues. They depend on their CSP to protect them from telecom-related fraud, with the absolute majority (85%) saying security is important or extremely important for their telecoms buying decisions.
Publication of the report comes as the democratization of AI-based deepfake technology and easy access to number spoofing apps is lowering the barrier to entry for cybercriminals and increasing the sophistication of fraud-based attacks. Since the launch of ChatGPT in November 2022, vishing, smishing, and phishing attacks have increased by a staggering 1,265%.
The key takeaway from the survey was the discovery of a significant gap between the security needs and expectations of enterprises and the level of network security being offered by CSPs. This is a gap criminals are keen to exploit, evidenced by the soaring rate of fraud. A summary of the report’s key findings is outlined below.
Enterprises are being hit hard by voice and messaging fraud and expect their CSPs to take the lead in protecting them.
- 61% of enterprise respondents said their mobile messaging fraud costs were significant, yet more than three-quarters don’t invest in SMS spam or voice scam/fraud protection.
- Slightly more than half (51%) said they expect their telecom operator to protect them from voice and mobile messaging fraud, citing their role as more important than that of cloud providers, managed IT providers, systems integrators or direct software vendors.
- 85% of enterprises say that security is important or extremely important for their telecoms purchasing decisions.
CSPs lack sufficient capabilities to meet enterprise expectations for security.
- Only 59% of CSPs say they have implemented a messaging firewall, and just 51% said they have implemented a signaling firewall.
- Less than half (46%) report adopting some threat intelligence service, essentially leaving a majority blind to new or morphing threats.
CSPs that prioritize security are better positioned to win enterprise business.
- Security leaders, characterized by better capabilities, better funding, and a higher prioritization of security, are less than half as likely as the followers to have a security breach go undetected or unmitigated (12% vs 25%).
- CSP security leaders are more likely to see security as an opportunity to generate revenues (31% vs 19%).
“We’ve observed the rapidly evolving threat landscape with growing concern, particularly as AI-powered techniques become more accessible to cybercriminals,” commented John Hughes, Senior Vice President and Head of Network Security at Enea. “The stark increase in mobile fraud, particularly following the advent of advanced technologies like ChatGPT, underscores a critical need for enhanced network security measures. This survey highlights a significant disconnect between enterprise expectations and the current capabilities of many CSPs, and our on-going mission is to help the sector bridge that gap and safeguard networks and users.”