Independent directors at India’s biggest software companies have put cybersecurity on top of their agendas, underscoring the growing threat perception about hacker attacks that could damage their reputation and affect their ability to win business. Their fears are not unfounded.
Recently, one of the top five Indian software firms faced unprecedented attacks on a customer’s mortgage processing systems, a platform the company owns and manages on the client’s behalf. An executive aware of the incident said the event went unnoticed for a week until it was spotted by a junior engineer.
“Sometimes, we tend to overlook potential threats,” the executive said, requesting anonymity. Soon after, the incident was reported to the board’s risk committee, which in turn made a pitch to all directors about the need to have monthly and sometimes real-time reviews of preparedness.
In another incident last month at a mid-sized IT firm, a customer’s employee based in India was found to be copying sensitive corporate data onto his personal devices.
“We couldn’t even trust the local staff and had to raise the flag with their headquarters. The stakes are high for us because we own and manage their systems,” said a person familiar with the incident.
Although it is not clear how many data breaches were reported at homegrown IT firms, anti-virus software firm Kaspersky Labs estimated earlier this year that cybersecurity breaches over the previous 12 months led to 43% of firms losing data about their internal operations, 31% losing client data and 22% losing their financial data. “We are paranoid over this (cybersecurity),” said KK Natarajan, CEO, Mindtree. “Paranoid because if there is a breach, the reputational implication can be really substantive.”
Last November, EXL Services lost its largest client, Travelers Indemnity, which terminated the contract over “breach of confidential client data” by a few of EXL’s employees. A person familiar with the development told ET that a few EXL staff shared a client document with those outside the company.
“The risk is redefined now…today everybody is getting worried about cybersecurity,” said Jagdish Sheth, Charles Kellstadt professor of marketing at Emory University and an independent Board member at Wipro.
Earlier this year, KPMG carried out a survey, ‘The Cybercrime Survey 2014’ based on the consultant’s interaction with 170 CXOs. Some 89% of the respondents identified Cybercrime as a major threat, with more than half of them perceiving them selves to be an easy target for cyberattacks due to the nature of their business. “No matter who you are, you have to have processes in place. If it happens, how do you manage it? These are major strategic challenges ahead of risk management committee,” said Sheth.
Experts argue that IT companies face heightened risk because most of their staff bring their own gadgets from smartphones to tablets and also because the advent of most data to cloud has increased the vulnerability of data.
“At the board level, the threat of cybersecurity is not related to if a company has proper security in frastructure in place. Rather, it is more to do with safeguarding in formation,” said Tarun Kaura, director of technology sales for South Asia at Symantec.
Mindtree’s Natarajan acknowl edges that a firm’s employees pose a greater risk to firms’ “sensitive data” than outsiders.
“If you look at it, invariably, when such things happen, there is an internal person involved. And that is why a lot not talk about it. But of people don’t talk about it. But there are now whole tools to monitor any suspicious activities with in your team.”
Cybersecurity is a challenge globally, and while there are pockets of excellence, nobody is really doing a ‘great’ job, said Jacob Ol cott who manages the cybersecurity practice at Good Harbor Security Risk Management. Good Harbor chairman is Richard Clarke, former senior White House adviser to three past US presidents on cybersecurity and counterterrorism.
“I think Indian companies absolutely have the technical expertise to improve the cybersecurity of their organisations, but think that many firms have only recently started confronting these challenges,” added Olcott. “As cybersecurity is becoming an increasingly important business issue, I would not be surprised to see more Indian IT companies being asked to do more in secure developmentse cure coding, and provide evidence of their efforts to secure their own businesses generally.”
Credit Sudhaar is India’s first Credit Health management & improvement company whose goal is to help clients to Restore, Enhance and Protect their Credit and make them credit healthy.
CS IdentityShield helps you to Monitor, Protect and Recover your Identity from multiple risks.
Courtesy: Times of India