The IT/BPO industry in India has experienced significant cost savings, higher quality products and processes and improved operational performance. However, it also deals with challenges relating to data security and protection from insider threats. This, when combined with increasing regulatory pressures, make insider threat a key challenge for the IT/BPO industry in India.
This joint report by PwC and DSCI highlights the challenges and areas that need to be addressed in order to handle insider threats.
Some key message sections within the report are:
- People involved in these incidents are generally current employees, suppliers/contractors, former employess, hackers and customers.
- Motivation is information gain, personal financial gain, a new job, unsatisfactory appraisal or unmet professional expectations, an urge to prove oneself, dissatisfaction etc
- The different types of insider threats include unintentional exposure of private or sensitive information, unauthorised access to/use of information, systems & network, illicit communications with unauthorised recipients, IPR/ Copyright violation, Financial Fraud etc
- Organisations face a number of obstacles in the prevention of these threats. Lack of education and awareness, a lack of standardised background screening practices in India, lack of visibility of breaches, lack of incident sharing with CERT-in, inadequate legal provisions etc are some examples.
The report concludes with how to combat these threats.