Heard, and overheard

Apr 22 2010   6:04AM GMT

Leverage the phishing-legal squabble to push your infosec plans

Anilpatrick Anil Patrick Profile: Anilpatrick

Recent news reports about a leading Indian bank being directed to compensate a phishing victim is of significance from several perspectives, especially for organizations in the BFSI space. Some of the interesting points in this incident (as well as the judgment) are:

  • First instance in India where the IT Act has been used to redress phishing victims.
  • The bank has been taken to task, which shows that India’s IT Act does have teeth. Yes, your company can also bite the dust if the customer has a bad experience on the infosec front.
  • The customer’s responsibility to protect his authentication credentials has not been taken into account by the adjudicator.

I don’t plan to get into a debate about who was right or wrong in this case—except for the fact that effective infosec controls, user education and processes in the organization can negate the effects of phishing to a great extent.On the positive front, this particular incident does make it easier for CIOs and CISOs to justify and push through the information security plans that they’ve had in mind for years due to the following reasons.

1. Banks might face RBI audits of a more stringent variety, so now is the time for banks to get funding for security controls and those user (as well as end user) security awareness training sessions and campaigns.

2. The business is likely to be more interested in your information security plans, now that the legal watchdogs are involved (along with possibilities of possible monetary compensation and loss of face to business). Enforcement of policies will also become easier with their blessings.

So it’s best to strike while the iron is hot, as the clichéd idiom goes. What are you waiting for?

PS: Naavi.org has an interesting take on the phishing incident, and what might have gone wrong.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: