A team of researchers including professors of University of Brighton published a report in July 2009 titled “Crime online — Cybercrime and illegal innovation”. It was picked up by online news channels and quoted in news items to propagate lies about so-called cybercrimes in the business process outsourcing (BPO) industry of India. The report tries to present data from the annual reports of the Indian Computer Emergency Team, and Symantec in a way that suits its story, of India being a centre of cybercrimes and in general being a weak state. We want to set the record straight.

In a section entitled “Global Distribution of Cyber Crime”, the report notes that, “cybercrime is a global industry, but the combination of poor economic opportunities and high skills is driving many developing regions to surface as major players in cyber crime”. It has observed that most cyber attacks are directed to the US and UK even though the origin of phishing activities is also concentrated in a few international locations, namely the US, Southern Asia and Eastern Europe. It also observes that the US is still the major generator of malware, and according to the latest Symantec report it is still the country with the most underground servers. China is the focus of attention when considering the future of cybercrimes even as Russia continues to be the original home of cybercrime, where high technical skills are combined with stumbling economy and a long tradition of organised crime. The report quotes “Sophos Security Threats reports of 2007 and 2008” to identify top 10 countries hosting web-based malware, according to which China is at the top followed by the US, Russia, Ukraine, Germany, Netherlands, France, Poland, the UK and Canada. India does not figure in this list.

Click here for Cloud Computing

Also Read   Related Stories News Now - MoU signed to set up rural BPO centres in 22 AP districts - Healthy demand outlook - UP announces incentives for IT/BPO, realty - NEWSALERT: Genpact opens remote operations center in Hyderabad - Hiring activity up 4.1% in September: Study - Etisalat DB inks Rs 750-cr BPO deals

Also Read   Related Stories News Now - Markets remain lacklustre - Microsoft India retail website down after hacking - Growth should not be at cost of environment: PM - BJP woos women, elderly ahead of Goa polls - Silver futures up by Rs 123 overseas trend More

It is instructive to examine Microsoft Security Intelligence Report H2, 2008. It gives worldwide distribution of phishing sites in percentages. India has 0.125 to 0.25 – the same as Australia, compared to the US at 10 per cent, Russia 5 to 10 per cent, and China 2 to 5 per cent. Likewise, for malware hosting sites India is at the bottom with 0.0001 to 0.16 per cent — even lower than Australia — with the US 5 to 10 per cent, and China having malware hosts in excess of 10 per cent.

Clearly, facts tell a different story. India is neither a malware hosting country, nor does it figure anywhere as phishing sites hosting country.

Elsewhere, it observes that “Brazil, Turkey, Poland, India and Russia are expected to increase their share of malicious activity because they have rapidly growing Internet infrastructure. Countries that have a relatively new and growing Internet infrastructure tend to experience increasing levels of malicious activity unless security protocols and measures are improved to control”. This is strange logic. What makes the researchers presume that India will not put ‘security protocols and measures’ in place?

In fact, Indian companies employ highly qualified manpower, put them through intensive training in data security, and implement robust privacy and security policies, which are constantly monitored for compliance. The delivery centres are physically secured, and appropriate technology solutions are deployed to isolate customer networks. Employees are put through stringent background checks at the time of hiring, while the operational area is kept under electronic surveillance.

Finally, the report states that Russia, Brazil and China are world leaders in cybercrimes. It also observes that, “India, Russia and Brazil share a light regulatory regime, an acceptable IT infrastructure and a relatively weak state”. This statement is unwarranted and needs to be strongly condemned. India has a strong data protection regime under the Information Technology (Amendment) Act, 2008 along with several other enactments such as the Indian Penal Code. There are specific clauses like section 43A and 72A in the IT Act, 2008 that mandate implementation of reasonable security practices while processing personal information, and any disclosure of personal information without consent of the data subject constitutes a breach that attracts penal and civil liability including compensation and imprisonment. India is certainly not a banana republic.

(The author is CEO, Data Security Council of India which was set up by software body Nasscom as a self-regulatory organisation to promote best practices in data security and privacy)

New Ipad Application :Business Standard's all new IPad App Click here to download for free Other Stories      - Markets remain lacklustre - Microsoft India retail website down after hacking - Growth should not be at cost of environment: PM - BJP woos women, elderly ahead of Goa polls - Silver futures up by Rs 123 overseas trend

Tags : BPO | Crime online | CERT | Microsoft | malware   Read Business news in  Advertisements -  Now property search gets more exciting than ever before! -  Office 365 for professionals and small businesses. -  India's No. 1 Property Site. Click here to know more.. -  Improve Patient Care & Experience. Click here to know more -  Health is Wealth..... Insurance + Savings... Know More...