The Confederation of Indian Industries (CII), which is probably the most
representative of all industry associations, has never been very successful in
drawing an IT audience for its various seminars. But the conference on
information security held in Mumbai recently was a definite exception: over a
hundred practitioners, CIOs, and even CEOs clustering together to debate and
understand the imperatives-of securing their data, applications, and
organizations, against the new threats that are prevalent today.
A report on computer and crime abuse in India has revealed quite alarming
statistics: the average cost of a data theft attack in India is Rs 1.8 lakh-ranging
between Rs 20,000 to Rs 1.87 crore. And over 60% of the victims do not even
report incidents due to fear of negative publicity and retribution. Many people,
who should be better informed, still believe that the Information Technology
Act, 2000 is still a bill and consequently that there are no laws in India to
cover computer crime and abuse. While recent amendments to the IT Act have
addressed some of the more urgent piracy issues, the act is still more oriented
to the promotion of e-commerce and is not very effective in dealing with several
cyber crimes like cyber harassment, defamation, stalking, and many such emerging
threats.
|
All of these point to the need for a comprehensive prevention framework to be
established in any organization. An amusing parallel reported is the case of
fire security. It took an enterprising George Parmalee in 1882 to set a
cotton-spinning factory in England on fire, only to have it put out after two
minutes by thirty-two sprinklers kicking in and extinguishing the fire-the
surest possible demonstration of the power of automatic security.
While something this dramatic may not be required to press the case for
information security, proper investment still needs attention at the highest
levels in most organizations. What is most striking is that while American and
European companies would have spent over $11 bn on IT security by 2008, the
investments in developing countries are a fraction of this amount. And for a
nation like India, which is aspiring to be the IT and BPO backoffice of the
developed world, this could be the surest recipe for an industry slowdown,
unless addressed expeditiously and effectively.
The good news for India is the extent of interest generated in this area in
the past few months. The vicarious pleasure that the Indian and global media has
taken in analyzing the issues threadbare, pertaining to information security in
two recent call center incidents may have caused acute embarrassment to the
exports industry, but it has served as a wake-up call to Indian CEOs as well.
In doing this, however, it would be good to keep in mind the rather caustic
comment made by the chairman of the CII's Western Region and CEO of electrical
engineering—major Crompton Greaves. Commenting on the fact that the CII
questionnaire about information security had met with poor response from
industry chiefs while CIOs had been quick to respond, he pointed to the extent
of jargon and technical words in the form. He said that unless the techies were
willing to explain the issues in words understandable to CEOs, such tasks would
always be marked down to other techies. A lesson indeed for all of us!
The author is deputy chairman and MD of Zensar Technologies, and chairman
of the NASSCOM Innovation Initiative ganesh@dqindia.com