cybersecurity reporter Brian Krebs is. He broke the news that the Wipro systems had been hacked and intruders had been using this company’s network as a jumping off point into the emails and accounts of at least 12 of their clients.
So far, there are minimal known details about the hackers. According to the Krebs report, it is believed that the hackers are a nation-state group more interested in data than in cold hard cash. The hackers approach seems to be like a late 2018 attack against HP and IBM. That attack was attributed to hackers working on behalf of China’s Ministry of State Security.
It’s sometimes a question how important security issues (such as data privacy) should be for companies. In regards to HP and IBM, the responsibility is clear – their accounts were hacked, the invaders took the data of their business and of their clients. For IT outsourcing firms, while the risks of a data breach are just as high, responsibility seems to be a bit less direct. As Wipro CISO Sridhar Govardhan stated in a recent interview, “security cannot be a show stopper for business priorities.”
Wipro has said there were zero-day vulnerabilities harnessed in the attack, they’ve hired a forensics firm to look into the issue, but that there were some inaccuracies in the Krebs report. However, they passed up an opportunity to directly clarify the issues with him in an open call with investors.
So when it comes to data security, you can keep tabs on your own data, you can try to see what happens to companies directly holding and collecting your data, but you will be hard pressed to even know the names of many of the firms that have been outsourced to work with your data.