Clients Of Indian IT Companies Demand Stricter Contracts, More Audits Against Rising Attacks

Since IT companies in India face a lot of cyberattacks, their customers require more security audits to examine whether their partners are making enough investments to ensure the safety of their data, as per analysts. 

The language of clients’ contracts is typically broad to make sure they were safe; however, with the rise of cyberattacks by hackers, they still need more.  According to IT Advisory Everest Research’s CEO, Peter Bendor-Samuel, security was not paid enough attention in the entire industry, even in the networks of the vendors. Customers are switching to increase the commitment level, introduce more security audits to check the compliance level as well as work with the partners to make sure they made and kept the right kind of security investment. 

The CEO added that for customers, this looked like a case of “the cobbler’s daughter having no shoes” since IT businesses sometimes offered services of security to their customers, however, they might not have tried their best to ensure the safety of their systems. 

Bendor-Samuel said:

According to the IT exec, more customers were demanding tighter security as reports about the attempted cyberattack at one company cause them to raise questions about the security of others. He also added that previously customers didn’t have much understanding about the security. Now, due to the rise of expensive and sophisticated hacks, customers wanted more than the terms covering them in the contract. They wanted to participate in the way IT companies protect their data. 

Earlier this year, Wipro felt victim of a cyberattack aiming at collecting the data of its clients. In addition, Newswire Reuters also revealed that Tata Consultancy Service and other IT companies like Hewlett Packard, DXC Technology, and IBM were attacked by hackers sponsored by China. 

IT companies in India have access to the systems of the clients and their data, so they are hackers’ big targets.  According to Wipro, it investigated 4.5 million security alerts every year. But IT companies confirm that not every cyberattack results in a breach. They hold a successful track record of defending against attacks and work to make sure the data is safe. A spokesperson from Cognizant said that the corporate security team of the company carried out regular internal and external assessments, comprising of vulnerability scans and penetration testing to evaluate the security safety of its systems.

Provided that phishing attacks, a technique that sends emails to victims to deceive them into revealing their system passwords or setting up malware, are behind some successful beaches, IT companies will run training simulations to teach their employees about such emails and those who don’t realize the attack need to join an additional training.

Wipro organizes training sessions for employees about phishing attacks. Both Infosys and TSC didn’t have any response to the issue.