According to a latest survey jointly undertaken by the Data Security Council of India (DSCI) and PwC. Indian service providers in the IT/BPO industry are exploring new and innovative methods to mitigate risks associated with insider threats such as social networking and credit card history check.
The survey used a three-pronged approach i.e. industry survey and inputs, analysis of the insider theft cases and secondary research to understand the security environment of the Indian IT/BPO industry from an insider threat perspective and the perceptions of the organisations.
The survey seeks to provide a better understanding of the challenges and risks associated with insider threats and an enhanced ability to manage them for both the industry service providers and organisations in the Indian IT/BPO space. The magnitude of the impact of an attack from an insider is at least ten times more than that of the total impact that an external attacker can cause, though the likelihood of the attack from insiders may be very low as compared to external threats.
Commenting on the survey, Dr. Kamlesh Bajaj - CEO, DSCI said:
“It is generally thought that while the external threats can be handled by deploying appropriate technology solutions, controls, and by developing the required processes, the internal threats are difficult to track. But this is only partially true since there are behavioural indicators that companies can look for in the people who work there.”
Siddharth Vishwanath, Executive Director, Risk and Regulatory practice, PwC India added:
“It is encouraging to note that more than 88% of the service providers have defined the insider incident response plan to manage insider incidents in their organisations. Audit and review is still the primary source of identification and learning about insider incidents with both the service provider and organisations”.
Here are some of the other key findings of the DSCI–PwC survey:
Notes to the editor
DSCI is a focal body on data protection in India, setup as an independent Self-Regulatory Organisation (SRO) by NASSCOM®, to promote data protection; develop security and privacy best practices and standards; and encourage the Indian industries to implement the same. DSCI is engaged with the Indian IT/BPO industry, their clients worldwide, banking and telecom sectors, industry associations, data protection authorities and other government agencies in different countries. DSCI is focused on capacity building of Law Enforcement Agencies for combating cyber crimes in India and towards this it operates several cyber labs across India.
PwC firms provide industry-focused assurance, tax and advisory services to enhance value for their clients. More than 161,000 people in 154 countries in firms across the PwC network share their thinking, experience and solutions to develop fresh perspectives and practical advice. See pwc.com for more information.
In India, PwC (www.pwc.com/India) offers a comprehensive portfolio of Advisory and Tax & Regulatory services; each, in turn, presents a basket of finely defined deliverables. Network firms of PwC in India also provide services in Assurance as per the relevant rules and regulations in India.
Complementing our depth of industry expertise and breadth of skills is our sound knowledge of the local business environment in India. We are committed to working with our clients in India and beyond to deliver the solutions that help them take on the challenges of the ever-changing business environment.
PwC has offices in Ahmadabad, Bangalore, Bhubaneswar, Chennai, Delhi NCR, Hyderabad, Kolkata, Mumbai and Pune.
PwC has changed its brand name from PricewaterhouseCoopers to PwC. 'PwC' is written in text with a capital 'P' and capital 'C'. Only when you use the PwC logo is the name represented in lower case.
"PwC" is the brand under which member firms of PricewaterhouseCoopers International Limited (PwCIL) operate and provide services. Together, these firms form the PwC network. Each firm in the network is a separate legal entity and does not act as agent of PwCIL or any other member firm. PwCIL does not provide any services to clients. PwCIL is not responsible or liable for the acts or omissions of any of its member firms nor can it control the exercise of their professional judgment or bind them in any way.
2011 PwC. All rights reserved.
Chief Communication Officer
Tel: +91 124 4620661