In-house IT security threat worries corporates now
- 2008 Malegaon blast case: Bombay HC grants bail to Sadhvi Pragya
- Worst in Chhattisgarh in seven years: 25 CRPF men killed by Maoists in Sukma
- Govt said no but SC firm, sends back names for Allahabad HC
- PFA’s Haryana chief says he trained Delhi suspects, had worked under Maneka Gandhi
- Jaish-e-Muhammad launches jihad fundraising drive in Pakistan
For several years, Information Technology (IT) security officers had been losing their sleep over viruses, Trojan horses and worms. These were external threats. Now, it's the enemy within that is prompting them to be vigilant.
According to a survey conducted by CIO-PricewaterhouseCoopers (PwC) in August this year, out of the total security breach incidents in companies and institutions, 83 per cent were due to the loopholes in internal security. Experts are of the view that companies spend very less on IT security, giving rise to such incidents.
The survey report showed that 22 per cent of the country's Chief Information Officers (CIOs) had reported three to nine incidents of security breach during the last year. Global State of Information Security Survey (August 2008) suggests that 83 per cent of these threats faced by the Indian companies are because of internal security breach.
The internal security breach by employees constitute 43 per cent, former employees (28 per cent) and partner/supplier (12 per cent). Forty-two per cent of the companies that were surveyed suffered financial losses, while 35 per cent suffered intellectual property losses.
Recently, an employee of an Ahmedabad-based software development company was leaking out information about the projects on one of the clients' blog.
"The employee wrote on the blog that he could do the project at one-tenth of the cost as a freelancer," said Sunny Vaghela, an IT security expert. Finally, a trap was laid to catch the employee, and he was later terminated from service. The US-based client cancelled the project when they came to know that information was leaked about the project, Vaghela added.
In another incident, a disgruntled employee of an IT company, who was fired from the company due to his irresponsible behaviour, started sending e-mails to the clients by creating a fake e-mail account. The employee used abusive words in the letters telling them not to outsource work to the company. The foreign client never came back to that company.
Meera Ramnivas, DIG, CID (Crime) admitted that there are lot of cases in which internal security breach takes place. "The internal security breach is a serious issue. You will not find many examples as most of the companies don't want to come forward to report such incidents. They feel their reputation will take a beating."
The need for internal security is massive. The Directorate of Security Council of India (DSCI) has also realised this. Along with the department of IT, DSCI is now coming up with its own report on security in the IT and ITeS sector.
"We are in the process of preparing the report, which will be released in Bangalore in December. Based on the findings, we will be able to measure the need of securitising the IT/ITeS sector. At this point, we have made it mandatory for them to get the security audit done. We are also in the process of incorporating the financial services sector under this," said DSCI Chairman Shyamal Ghosh. The statutory body under NASSCOM is committed to uphold a high-level of data privacy and security standard.
L K Pathak, senior manager with the Ahmedabad-based Elitecore Technologies, said: "Companies spend a lot on external threat. But when it comes to internal security, they don't have any option, but to trust their employees. They don't have monitoring as well as control on the employees."
Elitecore Technologies, a unified threat management system appliances manufacturer, has now recently come up with an internal security appliance.
- India’s political & security establishment needs strategy in light of China’s naval expansion
- Extremism comes in all shades. Justice Shah should critique each one
- Modi’s rise to power saw mushrooming of RSS & affiliates like ABVP
- The political project of Hindutva is incompatible with a liberal polity
- Three decades of mistrust
- From plate to plough: The faraway fields