Deepak Nitrite Cyber-Fraud Incident, Decoding for SMEs

On 10th March 2020, news broke about Deepak Nitrite Limited, which filed INR 370 Crore (USD 55 Million) suit against its junior-level employee in marketing.

Click here to know more.

I naturally got curious about this news, thanks to my regular meetings with their IT team to position BLACKbox for the prevention of Data Theft from the laptops. Our discussions always concluded with a note: All is Well, We don’t need anything.

Let me set the right context for this blog. Deepak Nitrite Limited is a large enterprise. It has access to the best of the IT talent, legal advisors and can spend significantly to fight, prove and recover the damages. It has got all the might to set an example. Most of my SME readers don’t have any. Nevertheless, SMEs have a serious take-away from the details of this sub judice suite.

Let me focus on explaining why this commonly happens and deriving the learning value for my SME readers.

The difference in Perceptions of CVD (Competitive Value of Data):

There is always a difference in perception of the value of digital assets like designs, drawings, recipes, formulations, cost sheets, non-disclosure agreements, tender bids, research reports. There is a stark contrast between the owner’s and the IT executive’s perception of the CVD.

IT executives mostly focus on backup practices to protect data from loss. CVD is beyond their understanding. Higher the CVD more is the severity of the Competitive Vulnerability. Owners understand the true CVD and would, in all possibilities, like to avoid Competitive Vulnerability. Here, in the case we are taking as an example, I am sure the IT department would not have valued the allegedly stolen data being worth INR 370 CR.

Skewed Investments in Data Theft Prevention Solutions

Most IT executives think that Data Theft is synonymous with Hacking. They have a one-track mind to focus on keeping external hackers away. They heavily invest in Firewalls, UTMs, and Gateway level security. They mostly ignore and underestimate the possibility of Data Theft by internal employees. They grossly ignore laptop users, remote office users, and BYOD (Bring Your Device) users. In an SME environment, Data Theft is more likely by internal employees than by external hackers. Our product BLACKbox focusses on preventing Data Theft by internal employees as much as it keeps hackers away.

Obsession of Doing it Myself

Many IT executives avoid buying readymade and fit-to-purpose products and try to do it themselves. We call it “Jugaad.” They seriously expose their employer to Data Theft risk and potential damages. Ten holes require ten seals. Jugaad to seal six holes will not stop the leakage. Let experts do it, nothing personal. BLACKbox Prevents Data Theft from Mobiles, Tablets, Laptops, and Desktops through USB, Email Attachments, Blind Carbon Copy, and the Internet.

Monitoring versus Controls

It is just impossible to monitor every user’s every email attachment, blind carbon copy, internet session, and USB access. Forwarding every email to a single mailbox, or blocking social media and shopping websites, or disconnecting USB ports do not serve the purpose. Most monitoring can only happen when the user is inside the office environment. It just doesn’t work. There are smarter ways to minimize monitoring by maximizing controls. BLACKbox works on the principle of maximum controls and minimum monitoring. Its innovative design makes monitoring trigger-based.

ECC (Evidence Creation Capability)

There are two types of enterprises. Those who have to trust people and those who opt to trust people. Enterprise’s ability to generate and preserve the evidence will decide whether to trust people by choice or by compulsion. Any act by users, may it be deletion, blind carbon copy, data upload to the third party if it is triggered and evidenced, users will think twice before cheating. BLACKbox has smart policies to trigger alert over an attempt, product evidence, and playback computer screens for any investigations.

A Megabyte of Prevention is worth more than a Gigabyte of Cure.

The credit of my last sentence goes to Mr. Nikhil Gupta, Managing Director of Auto Steel and Rubber Industries Pvt Ltd, Pune. He coined this sentence during our meeting during my Pune visit.

Best Regards,

Vishal Shah

Founder and CEO,

Synersoft Technologies Pvt Ltd