With the increasing use of social media and personal devices in the workplace, cyber crime is now the third most prevalent economic crime in India. This rise, attributed largely to insiders, may have a correlation to the tendency of professionals here to flout a company’s IT policies more often compared to those in other countries, say experts.
According to the Global Economic Crime Survey, 2011, conducted by accounting firm PricewaterhouseCoopers earlier this month, cyber crime came third in the list of common economic crimes in the country, following asset misappropriation and corruption. About a quarter of the respondents stated that they had been victims of such crimes in the past 12 months and half opined that such threats were on the rise.
“We studied 3,877 respondents globally and 106 companies in India. Cyber crime has emerged as one of the top four types of economic crimes here. Frequent advancements in technology are increasing the universe of cyber crime. Moreover, increased media attention around recent cyber crime cases has lead to a heightened awareness on this type of fraud,” says PwC India’s forensic services leader Vidya Rajarao.
While PwC’s study found that 47% of respondents attribute such crimes to insiders, the Cisco Connected World Technology Report released last week, found that in India, almost 80% of the surveyed employees break their organisation’s IT regulations all the time, putting businesses at risk. This was the highest figure amongst several economies such as the United States, Russia, China, Autralia, and the UK. The global average for the same was 70%.
“The desire for on-demand access to information is so engrained in the incoming generation of employees that many young professionals take extreme measures to access the internet, even if it compromises their company’s or their own security. Such behaviour includes secretly using neighbours’ wireless connections, sitting in front of businesses to access free Wi-Fi networks and borrowing other’s devices without supervision,” said VC Gopalratnam, vice-president, information technology & chief information officer, globalisation, Cisco.
Despite such rampant flouting of regulations, monitoring of cyber crimes, training on security and awareness among personnel continued to be low. A large percentage in the Cisco poll did not believe breaking IT rules was wrong, while several others said they did it because “their bosses weren’t watching”, or because it was necessary to get work done. A two-third of the respondents in PwC’s study did not have access to forensic technology needed for combating cyber crime, while 35% did not have any cyber security training in the last 12 months. At the board level, it was found that 35% of the respondents reviewed cyber security risks on an ad-hoc basis, or not at all; while 26% were not aware of the top management’s involvement in the matter.
“Statistics indicate that senior managements in Indian companies do not place enough emphasis on managing cyber threats and frauds. Although the CIO is usually responsible for IT security risks, the CEO and the board should understand and probe into the risk of cyber crime,” the PwC report stated.
However, some say that Indian companies have become more proactive with cyber threats than before, although ensuring security is a bigger challenge than ever. Manohar Ganshani, practice partner, governance, risk and compliance, Wipro Consulting Services, says, “Indian companies are definitely focusing a lot more on cyber security issues now, but there are challenges in dealing with them. First, the pace at which technologies evolve is tremendous, and new threats arise everyday. Maintaining and managing threats on a constant basis is a daunting task. Enforcing policies, having mechanisms to check effectiveness of policies and spreading awareness is also something firms have to work on.” Wipro Consulting recently conducted the ‘CSO Outlook 2011’, studying challenges and priorities of chief security officers in India.
Employees, on the other hand, believe companies need to be more flexible in IT policies and give them more space in terms of usage of social media and devices. Cisco found that while not many employees find policies to be unfair, a large majority across countries feel their IT policies needs some improvement and updating.
Besides working professionals, college students awaiting to to start their careers also hoped for liberal IT policies from prospective employers. Cisco, which surveyed 1,400 college students, found 60% of them in India expected flexible and open-minded IT regulations that allowed them to stay connected to their work and and personal lives at the same time. A mere 17% said that they would abide by the policies issued by employers. “Employees joining the work force today belong to the ‘digital generation’ and are used to being connected at all times. They expect their employers to give them unfettered access to the Internet and also the freedom to use their own devices, for both personal and official purposes,” said Gopalratnam of Cisco.
Credit Sudhaar is India’s first Credit Health management & improvement company whose goal is to help clients to Restore, Enhance and Protect their Credit and make them credit healthy
CS Identity Shield is a product of Credit Sudhaar with helps individuals protect against various types of Identity theft, Cyber crime and Credit card fraud.
Courtesy : Financial Express