More on Wipro Terror threat… We need to shed our complacency

P.S. This is in continuation of the previous article

The second e-mail threat received by Wipro has been reported with some more detail today in this article in Times of India. 

According to this report, the investigation has now been taken back by CID from the Bellandur Police. However unless this is pursued like a Terror threat in full invoking the assistance of NIA, it is unlikely that any quick progress can be made.

Law enforcement naturally have a nose for smelling intelligence but Companies are more prone to displaying an “All is Well” syndrome and try to downplay such risks under the false impression that they are protecting their reputation which would otherwise be lost.

In this case, the natural complacency of the corporate sector  seems to have rubbed off on the Police also and hence over the last one month, no progress seems to have been made in tracing the e-mail.

For those who think Naavi.org is being needlessly hyper about the incident, it is necessary to point out that “Risk Management” requires identification of risk and assigning the probability of its manifestation. As long as the risk is not brought down to zero, it is the duty of the Risk manager to flag the risk and seek action. In the subject incident I feel the risk goes beyond the corporate boundaries of WIPRO and hence we the citizens have the right and also the duty to seek proper corrective action by all those concerned.

If this delinquent employee as is being believed turns himself up to be recruited by a terror organization, his threat may be used as a potent weapon against people outside WIPRO. Hence the incident cannot be buried as a coprorate event on which only WIPRO is interested

In Cyber Crime investigation, one month is an unpardonable delay and parking of the investigation at the local police station which every one knows is ill equipped  to handle was as good as abandoning the investigation.

I hope atleast now the investigation is taken up with a new vigour to catch up with the loss of time that has occurred.

I would like to also make a comment here about companies thinking that if they give weight to such incidents, they would be harming the reputation of the company.

Actually, in my opinion, the reputation of the companies would be enhanced when they respond promptly to adverse situations.

As the proverb goes,

It is not the way you fall down that determines your character, but it is the way you get up after a fall

When a company hides problems under the carpet fearing a reputation loss fall out  (in a case like this where no fault can be ascribed to the Company in the first place), it is only enhancing the risk of the incident escalating in future with a greater force.

I hope the wisemen investigating the incident would correct for the deliberate neglect over the last month and go hyper now.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.