Time to hard-sell the ‘India safe’ story
Internet and data security software maker Symantec released its latest edition of its semi-annual global internet security threat report a couple of days ago. And it makes for some pretty interesting reading. The scary bits first. For less than 20 US dollars, (under Rs 1,000), it is now possible to acquire a brand new digital identity as a US resident – name, credit card number, address, credit scores and even government-provided identities like social security numbers or driving licence numbers – though that’s not the scary part.
The really scary bit is that all this data is completely genuine; and the legitimate property of some unsuspecting user. Worse, data theft now appears to be an organised, global industry. While the number of computers controlled by ‘bots’ – robot software applications – grew by 25 per cent in six months to over six million, the number of ‘command-and-control’ systems which actually ran these bots dropped to just over 4,700. The stolen data was then methodically cracked, coded – and sold.
No wonder the world media – especially the US and, to a much greater extent, British media – went ballistic when ‘sting’ operations managed to nab a few Indian BPO employees selling sensitive financial data belonging to customers of overseas clients in the black market. The anti-outsourcing lobby in these countries immediately went into overdrive, dubbing India as a haven for data thieves and an unsafe destination in general for outsourcing work. What was India’s response? Pretty feeble, to say the least. The government made the usual noises, without managing to convince even the local media. The industry put up a stouter defence, but going by the amount of coverage this received abroad, they did not manage to put their case across very well either. Information on the actual business loss caused by this is difficult to come by, since everybody talks about contract wins and not losses. However, industry insiders admit that these episodes caused considerable harm to India’s image as an offshoring superpower.
Now, the data is out. And India, it appears, has been done monumental injustice.
For starters, India doesn’t even figure on Symantec’s map of malicious Internet activity per Internet user. The dubious distinction of being the world leader in this goes to tiny Ireland – a blip on the globe, but one of the fastest growing offshoring and outsourcing centres in the world. Significantly, Ireland is also a major competitor for BPO business as far as India is concerned.
Over a quarter of the world’s bot-run computers are located, unsurprisingly, in China – a fact which Symantic blandly attributes to the rapid growth of China’s information technology sector. But the really interesting bits are about illegal data theft in the US itself. For the first time, Symantec set up a group of servers, without any protective software shields. Then, after data thieves took control of these servers, it tracked illegal transactions in the black market occurring on these servers. Apart from finding out that hacking was now a well organised business, it also found that more than half of the malicious activities – including phishing (use of email to steal identities or online frauds), malicious code, data theft and network attacks – were mounted from the US itself.
All this does not mean that none of this happens here or that we have exceptionally secure systems of checks and protection in place. But it does seem to indicate that on this count at least, India has been tarred with a much bigger brush than warranted by the scale of activity. India has some of the world’s smartest IT marketing brains, as well as very professional public relations expertise. It’s time the industry put both to use to protect its image more vigorously.