Many IT managers are "turning a blind eye" to security threats that could compromise their VoIP infrastructure, research claimed today.

A study carried out by NetIQ among 66 IT managers, either using or planning to deploy VoIP systems in mid to large enterprises, found that more than half (59 per cent) rated the threat of viruses or worms attacking their VoIP system as “low” or “very low”.

Spam over IP (SPIT) and SIP compromises were equally low on respondents’ radar with only 12 per cent and 18 per cent of respondents, respectively rating these as “high” or “very high” security threats. Just 24 per cent of those surveyed were concerned with DoS or toll fraud.

While the majority of respondents had a firewall in place to secure their infrastructure, less than half had installed security management specifically designed to protect and secure their VoIP system.

Ulrich Weigel, chief security strategist for NetIQ comments: "The survey highlights a worrying complacency among organisations that have either already deployed or are about to install a VoIP infrastructure.

"The main focus for organisations has traditionally been on ensuring voice quality and performance, but vigilance with security – and taking measures such as encrypting voice services and performing regular security audits – is equally important.”

The research findings come as the SANS Institute, in its annual round up of the most significant IT risks, recently announced that VOIP servers and phones ranked within the top 20 security risks for 2007. The organisation's experts have warned that the rapid adoption of systems in order to achieve cost savings has led many organisations to overlook vulnerabilities such as VoIP phishing scams, eavesdropping, toll fraud, or denial-of-service attacks.