/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsPune: Is India a trustworthy outsourcing destination? Are Indian IT companies taking enough measures against possible security breaches? Yes, according to the Asian School of Cyber Laws (ASCL), Pune president and director Rohas Nagpal.
The recent sting operation by the British tabloid Sun placed the Indian call centers on high alert. Nagpal is of the opinion that `penetration testing' (otherwise termed as a sting operation) is common practice in the Indian IT industry.
“This is more of a pro-active measure taken by companies to ensure that their security is not compromised,” he explained. ASCL has conducted over 40 such `penetration testing' operations in various companies in the IT as well as non-IT industry in Pune.
What does penetration testing involve? “What happens here is that our ethical hacking team breaks into the company systems at the insistence of the company and presents a vulnerability assessment report. Many companies opt for ethical hackers to identify possible vulnerabilities in their systems. This is done to ensure that they can then necessary corrective measures to prevent possible failures in the future,” Nagpal further elaborated.
“Sometimes, the team members also befriend some of the employees and attempt to seek sensitive information from them. Sometimes, a spoof mail is sent seeking passwords and surprisingly, many respond back with the password, thus proving how easy it is to break into sensitive information,” he added. However, he hastened to point out that 99 percent of the times, most employees are trustworthy.
The vulnerability assessment reports submitted by ASCL also contain the names of employees who may have breached security codes and shared sensitive information with outsiders. However, later it is entirely up to the company to act upon the report. “A majority of times, companies treat such information as a symptom and do not expel such employees,” Nagpal informed.