/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsAs the data integrity and its security are the most saught after issues, data theft has come as the is one of the major challenges. For the companies across the world are struggling to find a perfect way out. In the year 2004, Theft of proprietary information was the third most expensive category of loss for companies.
Some Examples of Data Theft 1. April 2005: Third Party BPO: Employees arrested for stealing $350,000 from Client account. The client in New York, by acquiring passwords to the holders' bank accounts.
2. June 2005: An IT employee in Delhi was reported by a UK newspaper, The Sun, to be prepared to sell confidential information on 1,000 banking
3. June 2006: HSBC EDP (Bangalore) Data leaked leading to theft of Pound 230000 from accounts of UK customers
Insider threat facts § Information leakage cost the Fortune 1000 Companies $ 45 billion in 2004.
§ 52% of Chief information and security officers (CISO's) say they have a "moat and castle" approach to network security, admitting that once the perimeter is penetrated the inner defenses are soft
§ Insiders cause more than 50% of identity theft cases with legitimate access to sensitive customer information.
§ 80 to 90% of data exposure incidents resulted from established businesses processes or employee error.
§ Current estimates put the cost of proprietary information loss to U.S. companies at $133 Billion
Insider threat impacts § Across the globe, more than 1.4 million users have suffered from identity theft fraud, costing banks, and card issuers $1.2 billion in direct losses in the past year.
§ An insider attack against a large company caused an average of $2.7M in damages, where the average outside attack cost $57,000.
§ Close to 51% of the Companies, do not reveal their security incidents to law enforcement because this will affect their stock market price or company image.
Security framework Based on a research study conducted among top management officials , Zinnov has identified the most common reasons for data thefts and has also come up with a security framework that can be implemented to mitigate these risks. Four most common reasons for data theft identified in the study are:
1. Lack of Security Laws with respect to data theft in India
2. Poor implementation of non-disclosure agreements, etc.
3. Hesitation to admit the default case by vendors/captives
4. Lack of Data Security System in IT companies encourages data theft among employees
With the implementation of complex IT systems, sophistication of these threats is consistently increasing and the methods employed to combat these threats must match this level of sophistication. As a result, it is necessary for all systems users to be especially vigilant at all times. Zinnov security framework has been divided into three main categories i.e. physical, network, and Personnel security. Each of these categories has been further broken down into many sub categories (Snapshot of the framework given below)
The security framework comprises all the parameters of information security as recommended by BS 7799 standards.