At what point is it more believable that these are inside jobs done on purpose vs. incompetence? I guess that’s just Hanlon’s Razor though.
At what point is it more believable that these are inside jobs done on purpose vs. incompetence? I guess that’s just Hanlon’s Razor though.
Based on my experience working alongside TCS, incompetence seems far more likely. If we'd asked for a back door, we'd have gotten a solid wall.
Then again, my experience may have left me a little jaded.
It's perfectly believable. Whether it is more believable or not is a toss up. If you employ such a large number of people there are bound to be a couple of bad apples, and unless you have very good internal processes and monitoring it isn't all that hard to imagine someone doing something they shouldn't be doing. But absent hard evidence that it happened that way it interesting speculation but no more than that, besides, it can be impossible to distinguish between the two even if you have evidence of an inside job that looks like incompetence!
I have heard there is a growing trend of hackers paying kickbacks to insiders, certainly makes hacking easier.
Having worked with Indian consultancy firms for over 10 years. I can safely say security attitudes and practices haven't changed much.
There's always this culture of taking shortcuts at the expense of security and quality.
One of the problems with incompetence, of which there are many, is that it gives bad actors space to operate. From a security point of view I don’t think the distinction matters all that much.
That said, the situations I’ve head about were from affiliate ransomware attacks that didn’t make the news because the backup worked. It’s difficult to keep things secure from highly motivated internal bad actors. I’ve been told it’s an increasing trend but have not heard much about it publicly.
The challenge is this though: companies that are outsourcing to these consultancy firms put them against each other in RFPs that incentivise whatever behaviour can get them to the lowest bid.
Inevitably quality suffers. Until customers start awarding business based on something other than the number at the bottom, this kind of thing will continue.
When you pay your support employees so little, it's not difficult for someone from a wealthier place to bribe them.