Name of the University

A
Consultancy Report
On
Cybersecurity Challenges at Tata Consultancy Services (TCS)

Assignment Name and ID

Lecturer Name
Word Count 5000

Student Name
Student ID

[1]
EXECUTIVE SUMMARY

Tata Consultancy Services is an Indian multinational information technology services and

consulting company whose headquarters are situated in Mumbai and is led by Rajesh
Gopinathan. The mission is to provide customers reach their strategic objectives through a
innovative consulting as well as giving them IT services and solutions. The purpose of the
company is to provide a portfolio of technology-oriented solutions with customer centric
models from IT infrastructure, cloud computing, Machine learning and digital platform
products. However, with a vast customer base, information is a key security measure which
should be protected. Cybersecurity challenge is traced within the past two years in the
organization’s business process which has jeopardised its position as leading Indian IT
service provider. According to a news report, Tata Group companies like Croma and Tata
Sky found vulnerabilities in their websites which could expose sensitive information among
scammers due to issues in their application programming interfaces (APIs) for both the
websites. The sensitive data could be stolen with cyber-attacks from a range of complex
distributed denial of service, ransomware, malware, phishing, backdoor, trojan horse, to a
simple computer virus. The potential impact of this challenge will be on the company's
reputation, customers, and employees as well. This report’s objective is to identify how new
protective measures could be undertaken for controlling challenges for longer intent.

Data analysis is useful to analyse where and from what point the actual problem began
internally in the TCS’s business processes. SWOT analysis concluded that cyber security
information is incomplete in the employee’s division for which a framework could be a better
opportunity. Also, PESTLE analysis helped to understand which factor could impact
cybersecurity concerns. It was found that environmental, social, legal, and technological
factors will impact more. The company should improve their social barriers because the
customers and employees both are impacted with attack of data. For example, customers will
lose their faith in the company to provide them services successfully. Also, the
unemployment rate affects economic stability within organizations too. For this reason, it is
essential to have a strong workforce with awareness, regulatory understandings, and new
technological solutions for controlling problems.

The summary concluded that areas should be fixed in TCS’s security department by making
new measures like Adoption of compliance framework, Workforce Awareness programs,
Access control protocol, new positions designed for cyber security issues, and artificial

[2]
intelligence and machine learning technologies. It is very crucial to understand why such
suggestions could be implied as strong recommendations from a business perspective. First
of all, a compliance framework will help in checking all the information flow. Second, a
strong workforce will avoid making the same mistakes to follow protocols. The access
control keeps permissions which make information accessibility protected from people who
have malicious intent. Lastly, artificial intelligence is a very advanced framework which will
provide organizations to keep track of any issue traced and resolve them on the spot.

Due to the challenge identified related to corporate data stealing, TCS must follow a
cybersecurity framework internally to work in other regions. For example, the NIST
cybersecurity framework will help to avoid this challenge in the near future. It was developed
to improve critical infrastructure parameters by collaborating among public and private
sectors.

[3]
Table of Contents
Introduction 4
Challenges Description 6
Project Purpose 7
Stakeholder Analysis 7
Key Stakeholders Linked with cybersecurity challenge 7
Power/Interest Grid 8
Assessment on Impact of Challenge on Stakeholders 8
Evaluation of the Secondary Data 10
Data Analysis 10
SWOT Analysis 10
PESTLE Analysis 12
Summary of the Results 15
Recommendations 17
Conclusion 19
References 20
Appendix 25
Appendix 1. SWOT Table 25
Appendix 2. PESTLE Table 26

[4]
Introduction
Tata Consultancy Services is India’s second largest company which provides IT services,
consulting and business solutions by partnering with different businesses to accommodate
transformation. It provides consultation oriented, cognitive approach and integrated portfolio
related to business, technology, engineering services and solutions (TCS, 2022). With
changing times, the company has adopted a unique AgileTM delivery model making it a
benchmark for software development excellence. The total employee rate is around 6 lakhs in
all the branches across the globe. The annual sales of Tata Consultancy Services are around
1.91 trillion Indian rupees in the fiscal year of 2022 equivalent to approximately 23 billion
U.S. dollars (Sava, 2022). Due to such annual revenue jump a rapid growth in industry is seen
in the last seven years with double return on investment from 2013.

Figure 1. TCS Performance in 2022 Source (Sava, 2022).

Also, the company has now provided innovation by offering new features such as Pace Port
co-innovation hubs and its AI-powered Machine first approach in extending business
capabilities and seeking contextual knowledge (Tata Consultancy Services, 2020). As a
result, the organization is now focusing on receiving holistic growth and developing value for
the stakeholders.

[5]
Information is a key source for any IT service provider. However, cybersecurity challenges
are identified in TCS due to ever increasing cybercrime in Indian companies. There are five
primary types of cybercrimes which are seen by an IT service organization including illegal
access to IT systems, data and system interference, cyber extortion from customers, internet
fraud and Cyber espionage which disturb a company's overall performance in data integrity
and its management (Paoli et al., 2018). Whereas, cybersecurity concern is a bigger challenge
among TCS because India lacks an original technology and patent against cybercrime related
to financial asset safety (Kshetri, 2016). Due to these reasons the attacks mainly appear here
altogether on a technical firm for extracting data which is extremely confidential.

The structure of the report focuses on exploring major cybersecurity and technology
challenges in tata consultancy services. Also, the report describes major challenges associated
with cybersecurity and its impact on customer services. Furthermore, stakeholder analysis
describes how this challenge could be reduced with new changing demands internally. The
secondary data analysis will identify major new opportunities and solutions on cybersecurity
operations. With the help of secondary data, the recommendations in improving the
cybersecurity framework and its position in TCS is achievable in a successful manner.

Challenges Description
Cybersecurity challenges are very commonly occurring within IT service providers such as
Tata Consultancy services within the past two years. The nature of this challenge is strategic
so that confidential data is extracted and business as well as customers could be harmed from
them. TCS operates based on information creation and developing software and web
platforms for different clients and products (TCS, 2022). However, computerized systems
with the expansion of the internet go through potential cybercrimes for which a cybersecurity
challenge occurs. TCS found that hackers changed their domain name and made auction of
website to sold online by changing the Internet Protocol (IP) address of TCS's website from
216.15.200.140 to 205.178.152.154, re-pointing the name server (NS) records (Moneylife,
2022). This was accomplished by breaking their NS records and registrar account. In addition
to this, TCS faced issues like Operation Cloud Hopper conducted by China as a global cyber
espionage campaign to gain access to client’s networks (Gill, 2019).

A cybersecurity challenge occurs when a company lacks to keep their data safe from attacks
due to lack of technologies, structures, practices, and processes. These types of challenges
have adverse effects on TCS’s reputation, economic imbalance, and withdrawal of customers

[6]
on various products and services (Ursillo and Arnold, 2019). First of all, if sensitive
information on a product is found then, reputation will ruin because customer data is lost here
for which legal and regulatory actions are undertaken. In other words, the legal actions from
privacy breach will make them adapt for penalties. Second, the financial and credit card
information stolen from the company will make them unable to fulfill debt, making their
monetary position extremely weak (Dutt et al., 2013).

Third, customers who have undertaken various IT products will not trust them for future
projects. For example, the company will face withdrawal as customers have incurred loss due
to hacking of data. Also, impact will be faced by TCS employees because bringing
company’s assets and recovering them will create more pressure which in turn concerns
organizational performances. Unless and until, no measures are undertaken for making the
cybersecurity framework stronger at TCS, this challenge will occur in future also. With
enhancement of new technologies in the marketplace, hackers have become more smarter to
conduct cyber-attacks such as social engineering, ransomware, distributed denial of service,
third party software, email-phishing scams, malware, as well as AI/ML attacks (Agrafiotis et
al., 2018).

As per cyber security breaches survey 2018, 43% firms and 19% small firms have suffered
over cyberattack in a developed country such as the UK (GOV.UK, 2016). One of the reasons
was that firms lacked cybersecurity protection features and no spending on the management
was undertaken here. Whereas, a survey states that small scale businesses face complex
cyber-attacks due to lack of online safety for their platforms (Fadilpasic, 2016). As per views
of Gao et al. (2019) most frequent cyber-criminal activities are accomplished fraudulent
emails, impersonating as other organizations online, increasing malwares and breaking into
their systems. All these examples from sources, the nature and authentication of research
state that it is important to recommend a cybersecurity framework which will help TCS
recover from issues and gain more advantage in the marketplace as a successful IT service
provider.

Project Purpose
The focus of the current project is to determine major cybersecurity challenges which could
affect TCS company’s operations. There are several types of cyber-attacks which occurs
occur on the company which is important to assess and have a major agenda. Some of them
includes reputation harming, lack of cybersecurity expertise, information stealing, and

[7]
financial extortion. From this research, the intention is to find all major cyber-attacks from a
business perspective and offer recommendations with an approach to deal with attacks and
implement a strong cybersecurity framework. The findings will be essential in determining
which areas should TCS cover from cyber-attacks and how they could create a approach for
the same.

Stakeholder Analysis
Key Stakeholders Linked with cybersecurity challenge
The major stakeholders linked with the cybersecurity challenge are vendors, customers,
employees, CFO, CSO and CEO. Due to the lack of cyber attacks these people will face
major problems as they will be accountable to different authorities.

● Government

● Customers: Bank of America, Deutsche Bank, Citi, ABN Amro and Walgreens

● Vendors: Ariba, Oracle, Blue Yonder, O9, E2Open, DASSAULT SYSTEMES, and

Manhattan Associates

● Employees

- CEO: Chief Executive Officer: Rajesh Gopinathan

- CFO: Chief Finance Officer: Samir Seksaria
- CSO: Chief Information Security Officer: Ajit Menon

Power/Interest Grid
The following power/interest grid demonstrates power and influence level of each
stakeholder for the cybersecurity challenge respectively for employees, vendors, and
customers.

High High
Keep Satisfied Managed Closely
Chief Executive Officer:
Customers Chief Finance Officer
Chief Information Security

[8]
 Officer

Power
Higher Power, Lower Interest Higher Power, Higher Interest
Low Low
Minimum Effort Keep Informed
Government Vendors

Interest
Lower Power, Lower Interest Lower Power, Higher Interest
Table 1. Stakeholders Power/Interest Grid

Assessment on Impact of Challenge on Stakeholders

1. Employees
The employees are a very integral and important stakeholder group which have
corporate data as they work on processes and know major weaknesses in a company's
business strategies. However, the cybersecurity challenge also impacts employees
equally because they are accountable for keeping information safe. For example,
employees were targeted from Nortel, a multinational communications firm, in which
documents of employees were stolen including email, technical papers, research and
development reports as well as business plans from foreign IP addresses (Lawrence,
2013). Due to this reason, organizations shut down and employees were left with
unemployment as a consequence and appointments towards new organizations were
halted due to lack of expertise on the same (Team, 2021). Also, employees who are
employers will be considered liable and responsible by the courts for data breaches
and personal loss of customers; for example, Morrisons company’s employees were
held responsible for loss of customer’s resources and projects attached by them
(Clydeco.com. 2021).
a. CEO: Chief Executive Officer will face issues because they will require to
balance the reputation of the firm. TCS have a very effective cyber approach
however, lack of knowledge of their employees on the same will harm reputation
and create concern over corporate data. For example, reputation is affected
because employees lack technical knowledge which ends up with them going

[9]
 through a phishing attack with a click on malicious emails and offering them real
responses (Al-Mohannadi et al., 2018).
b. CFO: Chief Finance Officer will impact this challenge as the financial assets are
harmed through cyber-attacks. The economic balance and gain from the market
through products will decrease and no one will invest in the company now.
c. CSO: Chief Information Security Officer will be required to recover the
information because stolen data can be used against the competitors for which
control over sensitive data sharing should be looked at here. Here litigation risk is
found as CSO is accountable to protect information and was not able to
completely (Saini et al., 2012).
2. Customers
The cybersecurity threats will directly harm confidentiality, integrity and availability
of the customers at TCS (Yeboah-Boateng, 2013). Customers have received services
which are secure, safe and protect information from any suspicious activities.
However, cybersecurity issues make them lose business activities which decrease
trust in an IT service provider. Consider the example of Lloyds Group in which a
cyber-attack made customer service unavailable which resulted in their anger over the
bank's security feature and availability was harmed (Bada, and Nurse, 2020). The
confidentiality of potential customers will lose as they withdraw services immediately
due to lack of secure features.
3. Vendors
The vendors are also impacted through cybersecurity attacks but not fully although
minutely. The lack of technical expertise in security will allow hackers to hack
systems and steal information on different vendors working with TCS. This
information could be used by other competitors under bureaucracy culture (Joshi et
al., 2019).

Evaluation of the Secondary Data

Data Analysis
SWOT Analysis
A SWOT analysis examines core resources, weaknesses, opportunities, and threats in order to
determine its strategic position.

Appendix 1 SWOT Analysis Table

[10]
Strength

1. Extensive and Global reach of operations: The company has operations worldwide
and has geographical preferences making its customers in areas such as North
America, the United Kingdom, Africa, Europe, and the Asia-Pacific regions (TCS,
2022).
2. Strong reputation and brand image: The company has sold several IT products and
services like information extraction, digital marketing, analytics, enterprise
applications. This diverse portfolio of projects makes its image stronger in the market.
3. Strategic alliances: TCS have better strategic alliances with other companies across
the world such as Amazon, Adobe, Dell, Bosch, and HP (TCS, 2022). This helps in
receiving revenue from joint ventures.
4. Robust portfolio of services: TCS has a strong and robust portfolio for offering
customer services such as analytics, machine learning, application development,
business process service maintenance, IT infrastructures and business intelligence
(TCS, 2022).
5. Return on investment profits: As per revenue report, the return on projects is
accomplished successfully with 1.91 trillion Indian rupees in 2022 fiscal year
equivalent to 23 billion U.S. dollars (Alexandra Sava, 2022).

Weakness

1. Litigation risks: There will be higher litigation risks because of which lawsuits are
dropped by customers related to cybersecurity problems. For example, TCS
managed a legal battle with Epic System in 2014 for private information leakage
as well as being charged with 940 million dollars for damages done (Majumdar,
2019).
2. Employee attrition: There is a weakness of employee attrition because people
have left their previous job due to lack of positive response in their career growth.
In addition to this, people have left in the cybersecurity division which increases
cyber crimes in the company’s operational processes (Bhardwaj et al., 2019).
3. Information stealing: The cyber-attacks are done for stealing information which is
sensitive and mostly include corporate data (Reddy, and Reddy, 2014). The lack
of security for information makes stealing a bigger issue.

[11]
 4. Customer loss: The potential customers rely on TCS for consultancy services and
products. However, if they don’t see cyber security practices their trust will be lost
and customers will withdraw.

Opportunities

1. Cloud computing solutions: The alternative will be cloud computing solutions in

which services are offered on-demand through the SAAS platform (Okuhara et al.,
2010). It will increase security features for TCS to protect from third parties.
2. Cybersecurity framework and training programs: The adoption of training
programs for professionals and adopting new standards will help in keeping data
protected and train people from dealing with attacks.
3. Mobility Solutions: The mobility solution is new technology which will help them
to gain more return of investment from the mobile market (Miskolczi et al., 2021).
For example, creation of mobile accessories and enterprise solutions in a secured
framework will increase more customers from different sectors.
4. Cyber security tools: The professionals can adopt security tools so that employees
are well known in dealing with phishing.
5. AI and ML tools: Artificial intelligence and machine learning tools could be
useful for identifying cybersecurity problems in the organization.

Threats

1. Competitors in cybersecurity features: Other competitors will progress in

cybersecurity standards which lowers down company’s value over providing
better customer services.
2. Loss of customer confidentiality and integrity: The customers involved in projects
will lose confidentiality and integrity with which products and software services
are provided (Tiwari, and Kumari, 2015).
3. Decreasing employment rate: The employees will decrease and fired due to lack
of cyber security knowledge are threat related to information release into hackers.
4. Reputation harm: TCS reputation is negative because they are incapable in
dealing with security challenges. As a result, customers will switch into new
scenarios and IT solutions.

[12]
PESTLE Analysis
PESTLE analysis is accomplished to understand whether the cybersecurity challenge will get
impacted by these factors for TCS or not respectively. PESTLE analysis will determine how
a company's cybersecurity challenge should be updated so that information protection is
accomplished in recommendations (Rastogi, and Trivedi, 2016).

Political factor: India and its political regulations will affect the cybersecurity status at the
company. If political parties do not support the cybersecurity problem then it is incapable of
addressing it.

1. Lack of regulatory measures and standards: The regulatory measures and frameworks
for cyber security are adopted by Europe, USA, and other regions (Attatfa et al.,
2020). However, India does not have standards which provide application of
cybersecurity education and training sufficiency which create a void in relevant
regulatory frameworks.
2. No political ambition in creating standards and measures: The political parties in India
have not focused on any standards and measures which saves the digitalization into
organizations. However, under new prime minister Mr. Narendra Modi, regulations
are found in decreasing crimes based on computers (Cybersecurity Skills Development in
the EU, 2019).
3. Lack of coordination among companies and government policies to follow: The
companies especially operating as Indian IT providers do not have any coordination
with government policies or regulations in protecting sensitive data (Shafqat, and
Masood, 2016).
4. No programs by government to fill skills shortage: The cyber cell awareness is not
launched by the Government of India to bridge gaps on catching online crimes. The
skilled labor shortage for Software Engineers, and programmers by government
initiative could affect crime in Indian companies (Kesharwani et al., 2019).

Economic Factor: The economic conditions of the country affect cybersecurity programs
initiation in India’s marketplace.

1. Lack of economic support to cybersecurity programs: The Indian Government does

not have any budgets or economic support from other countries to ensure
cybersecurity programs are developed in Indian MNCs such as Tata group of

[13]
 companies. This is a concern, because if government authorization is missing then
new technological standards are not adopted.
2. Lack of funding by companies to offer training against cyber-attacks: The economic
revenue is lower in terms of training to the employees which also affects them
abruptly.
3. Lack of awareness in economic and financial concern by the company: Tata
consultancy is a very big international company which operates in different regions
however highly incapable of reporting victims regarding cybercrimes (Business-
standard.com. 2022). As a result, authorities have no idea how to overcome this
situation which decreases the value of cybersecurity education because the
understanding level of the cybersecurity challenge is negligible and not representative
of the actual situation.

Social Factor: Employees within the company are incapable of cybersecurity management
which impact progress in delivery of IT services securely.

1. No diversified workforce: The cybersecurity has grown in a developing country such

as India however cultural diversity in the workforce is still missing at TCS. It could be
stated that people who are more experienced in security provision regarding computer
systems could tackle problems in diverse manner (Phadnis, 2022). On top of that, a
highly diversified workforce could enhance the application of a cybersecurity system
regarding fairness, open opportunities, regardless of their gender or ethnicity.
2. Lack of dedicated curricula and training and no clear identification of skills: The
company does not proper any curricula and training sessions after they are appointed
from fresher positions in TCS every year through placements (Sharma, 2014). A
dedicated training will boost security positions because new employees are well
aware of how to deal whenever a cyber-attack happens in the office.
3. Gender bias and women candidates could be trained within the workforce: There are
not many positions for women candidates to work in the cyber security department
which creates gender bias in working as security professionals. Although 68% of the
workforce hold them in senior positions related to management and IT development at
Tata Group, new positions for cyber frameworks could be developed (Mint, 2022).
4. Cybersecurity misconceptions: India is a country which has many misconceptions
regarding cybersecurity feasibility (Pietre-Cambacédes et al., 2010). Consider that
small vulnerable incidents by a big company are not reported because they feel it is

[14]
 not required. Therefore, it will impact how companies perceive hacking and theft to
steal corporate data because they are not taken seriously.
5. No social awareness in Indian MNC: There lacks a social awareness in small scale
and middle scale organizations (Pietre-Cambacédes et al., 2010). If they are working
with TCS on any product or services, there must be an understanding that sensitive
information could be stolen or violated.

Technological Factor: The lack of cyber tools will impact cybersecurity challenges because
they cannot be managed with extensive techniques.

1. Adoption of cyber range tools is absent: The cyber range tools and its adoption is still
missing. Only a small cybersecurity practice could not protect volumes of data.
2. Lack of familiarity with Hardware and software tools: The company must work with
other foreign associates to broaden knowledge on tools.
3. AI and ML emerging technologies are missing: Even though some companies opt for
machine learning mechanisms in malware detection, still these technologies are fully
used by TCS and are still in doubt.

Environmental Factor: The devices which help in cyber security management could harm
the environment negatively.

1. Cyber security devices now are environmentally harmful: The current cyber security
devices are not very harmful to the environment as they are based on policies and
procedures. However, with increasing new technologies they will impact the
environment and could not be allowed by the government to use further; for example,
IoT devices impact the surrounding negatively (Williams, and Woodward, 2015).

Legal Factor: The legal implications and changes in dealing with cyber attacks are not
present in India to support TCS.

1. Lack of certification and protocols for cybersecurity issues: Government of India is

still working on adopting certification and protocols in laws
(Cebula, and Young, 2010). TCS will be impacted because they don’t know how legal
suits could be managed whenever it happens with them.
2. Knowledge gap of legal requirements in personal data protection: The general data
protection rules and regulations are not presented by India law corporations

[15]
 (Hoofnagle et al., 2019). This affects the company's position because every business
product and service takes place based on information provided.

Summary of the Results

From above data analysis tools, the following findings are found which are presented in the
table with summary regarding cyber security challenge identified for TCS.

Key findings Summary

Exact Challenge ● Cybersecurity challenge because TCS is
targeted to extract corporate data and
finance resources and gain into the
company internally with suspicious
crimes.
Key Factors
● Lack of cyber security protocols and

standards in India’s legal authority and

law.

● Lack of curricula at TCS specifically

designed for new employees.

● Poor workforce as they are given formal

training in dealing with cyber attacks

such as ransomware, phishing, and
basics.

● No political ambition from Government

of India to fund cybersecurity programs

for Indian MNCs.

● Misconceptions on cybersecurity

frameworks in employees and business

partners.

● Lack of security management,

awareness, and compliance authorities

internally.

[16]
May occur in future ● TCS should stop security problems
related to computerized systems by
adopting compliance standards,
employee awareness, build strong
workforce, as well as align them with
new political campaigns regarding the
same.
● In future it may rise because the
company lacks a separate workforce on
dealing with cyber-attacks which are
meant to harm business processes.
Key actors ● Employers: The impact is that
employers will lose reputation and it
harms their business operations.
● Customers: The impact is that
customers will find other companies for
IT services which decrease revenue
generation.
● Employee: They will lose jobs from the
company and it will increase employee
attribution rates.
Areas need to be emphasized
● Adoption of compliance framework

● Workforce Awareness programs

● New positions designed for cyber

security issues

● AI and ML technologies

● Access control protocols

[17]
Recommendations
The following recommendations are identified for areas emphasized from SWOT and
PESTLE analysis at TCS’s cybersecurity challenge.

Appendix 2 PESTLE Table

1. Cybersecurity tools composed of AI/ML aiding prevention and detection: The

advanced tools composed of AI and ML technology will detect security concerns
identified for the organization. Some major features included perimeter security
controls, internal vulnerability detection, data leak prevention, incident management
and recovery process definition and testing protocols. For example, TCS could use
machine learning for malware detection as the algorithm will exploit the static and
dynamic features of business products (Anderson et al., 2017). In addition to this,
malware classification will take place in which malware classification involves
tagging a class of malware that is tagged for a sample to gather the type of malware to
define the attacker's motive (Dasgupta and Collins, 2019). One of the major benefits
for the company will be that this solution will detect malware families which are
unknown and are not scanned easily. Furthermore, AI algorithm such as Domain
Generation Algorithms will depict a large number of diverse malicious domain names
to standard blacklisting and are helpful in managing phishing and spam email,
malware communication over control servers, as well as DDoS attacks (Mahdavifar
and Ghorbani, 2019).
2. Security Policies and Procedures: It is important for TCS in maintaining extensive
security regulations and procedures, along with upgrading protective measures and
raising awareness against suspicious threats like phishing, fraudulent causes, and
leaking of confidential data with communication such as social media, text or calls.
One of the security procedures is development of CISO offices in the company as per
April 2017 issued guidelines from the Insurance Regulatory and Development
Authority of India (IRDAI) (DNA India, 2017). The CISO office will usually check if
any cyber related problems at TCS have arrived and fix them immediately.
Furthermore, other security policies with documents should be adopted which helps in
building cybersecurity risk management such as NIST 800 series and DoD Unified
Facilities Criteria (Kshetri, 2016). As a result, it will increase cybersecurity posture by

[18]
 identifying security gaps and providing managers and building personnel actionable
guidance to help secure their IT projects.
3. Computer Emergency Response Team CERT: The CERT for Asia pacific should
have close collaboration with TCS who works as an intelligence agency for reporting
corporate attacks by online hackers. With closely tied up through Asia Pacific CERT,
computer incident response services are provided to the organization by involving
their team such as Internet Service Providers (ISPs) organizations, law enforcement
agencies on country level, Counterpart international incident response team, National
and state level Government authorities as well as Domestics and international private
sectors (Connolly, 2012).
4. Workforce awareness programs: The enterprise training and awareness programs are
not provided currently whenever a new workforce is placed through recruitment
programs (Baker, 2016). The recommendation is to plan a professional expertise
training and awareness program designed for Information Security principles so that
employees who are new could understand problems. For example, it could be
achieved through conferences, seminars as well as enterprise-wide communication
and collaboration platforms accessible from mobile and desktop channels (Dawson,
and Thomson, 2018). This will help them to understand how phishing attacks and
ransomware are tackled if their system tracks any suspicious activities.
5. Strict Access control protocol: The company should create a security division in
which permission to each department is given on who will access the system and who
is not authorised (Abukari, and Bankas, 2020). For example, OTP will be given for
secure access to any enterprise applications or network with privileged administrator
accounts on a cloud-based platform.
6. Data Encryption: The data encryption mechanism will protect data among two people
with encryption keys opened only by destination and no third party could hack it
(Adhie et al., 2018). Also, data backup and recovery through such protocols will help
if some information is lost so that business operations are not disrupted here.
7. TCS Enterprise network: The TCS’s enterprise network will be kept different from
the client network so that whenever a security incident occurs in the client
environment it will not impact the enterprise environment and vice versa (Kryvinska
et al., 2011).

[19]
 8. Periodic Testing: For every product delivered to the client a Vulnerability Assessment
and Penetration Testing will occur periodically for validation of control over client’s
projects and sensitive data shared by them (Süzen, 2020).
9. Internal and External Audits: The internal and external audits after every 4 weeks will
ensure if any breach or attack simulation is observed in any business process or
disruption could be measured up for preparation of mitigation techniques (Diesch et
al., 2020).

Conclusion
Because of how quickly threats are evolving, cyber risks are a constant danger. Due to
international concerns, there is also an increased chance from different cyberthreats and
attacks with pandemic aspects. A security breach could affect business operations as well as
cause reputational harm, fines, and legal and financial liabilities. The company should invest
more in constructing cyber resilience so they can identify and stop attack attempts and lessen
the effects. This report offers a chance to connect with customers and establish itself as their
top choice for being an IT service provider.

From the summary table it is clear that cybersecurity measures are very poor within the
organization even though they offer services. The SWOT analysis focuses on the major
challenge that TCS lacks internally cyber security because the employees are not serious
enough to deal with concerns. Also, the company itself does not bother to address litigation
issues whenever a lawsuit appears to them. Hence, a major opportunity to deal with the issue
will be the creation of a technology-oriented program which is strong and addresses data
protection, customer confidentiality, and helps to regain reputation for being a bigger
enterprise in India in the IT sector. On the other hand, PESTLE analysis states that the
changes could be made from environmental, social, technological and legal perspectives to
change the company's position over the cybersecurity framework.

Overall, TCS should adopt recommendations proposed in the report including the
international compliance frameworks, conducting employee awareness activities, establishing
access control mechanisms, making new positions solely for cyber security challenges, and
utilizing AI and ML technologies. The compliance framework will first assist in screening
any information flow. Second, a strong workforce will follow standards and not repeat the
same mistakes. The access control keeps those with malicious intentions away from the
credentials that enable information accessibility. Also, machine learning is a highly advanced

[20]
framework that will enable us to monitor any issues found and fix them promptly regarding
cyber security challenges.

References
2019. Cybersecurity Skills Development in the EU. https://www.enisa.europa.eu/
publications/the-status-of-cyber-security-education-in-the-european-union

[21]
Agrafiotis, I., Nurse, J.R., Goldsmith, M., Creese, S. and Upton, D., 2018. A taxonomy of
cyber-harms: Defining the impacts of cyber-attacks and understanding how they
propagate. Journal of Cybersecurity, 4(1), p.tyy006.

Attata, A., Renaud, K. and De Paoli, S., 2020. Cyber diplomacy: A systematic literature
review. Procedia computer science, 176, pp.60-69.

Anderson, H.S., Kharkar, A., Filar, B. and Roth, P., 2017. Evading machine learning malware
detection. black Hat, 2017.

Al-Mohannadi H, Awan IU, Al Hamar J, Al Hamar Y, Shah M and Musa AS (2018)

Understanding Awareness of Cyber Security Threat Among IT Employees. The IEEE 6th
International Conference on Future Internet of Things and Cloud Workshops, FiCloudW
2018, 6-8 August, Barcelona, Spain.

Adhie, R.P., Hutama, Y., Ahmar, A.S. and Setiawan, M.I., 2018. Implementation
cryptography data encryption standard (DES) and triple data encryption standard (3DES)
method in communication systems based near field communication (NFC). In Journal of
Physics: Conference Series (Vol. 954, No. 1, p. 012009). IOP Publishing.

Abukari, A.M. and Bankas, E.K., 2020. Some cyber security hygienic protocols for
teleworkers in COVID-19 pandemic period and beyond. International Journal of Scientific &
Engineering Research, 11(4), pp.1401-1407.

Alexandra Sava, J., 2022. TCS annual revenue 2013-2022 | Statista. [online] Statista.
Available at: <https://www.statista.com/statistics/759883/india-tcs-annual-revenue/
#:~:text=Tata%20Consultancy%20Services%20(TCS)%20 achieved,doubled%20that
%20from%20the%20FY2013.> [Accessed 15 September 2022].

Bada, M. and Nurse, J.R., 2020. The social and psychological impact of cyberattacks.
In Emerging cyber threats and cognitive vulnerabilities (pp. 73-92). Academic Press.

Business-standard.com. 2022. Cyber crime to cost economies $10 trn by 2025: Microsoft
India official. [online] Available at: <https://www.business-standard.com/article/economy-
policy/cyber-crime-to-cost-economies-10-trn-by-2025-microsoft-india-official-
122031201080_1.html> [Accessed 15 September 2022].

Baker, M., 2016. Striving for effective cyber workforce development. Software Engineering
Institute, May. https://resources. sei. cmu. edu/library/asset-view. cfm.

[22]
Bhardwaj, A., Avasthi, V. and Goundar, S., 2019. Cyber security attacks on robotic
platforms. Network Security, 2019(10), pp.13-19.

Cebula, J.L. and Young, L.R., 2010. A taxonomy of operational cyber security risks.
Carnegie-Mellon Univ Pittsburgh Pa Software Engineering Inst.

Clydeco.com. 2021. Cybercrime – are your employees a threat to operational security? :

Clyde & Co. [online] Available at:
<https://www.clydeco.com/en/insights/2021/08/cybercrime-are-your-employees-a-threat-to-
operatio> [Accessed 13 September 2022].

Connolly, M., 2012. Creating a Campus Based Community Emergency Response Team
(CERT). Community College Journal of Research and Practice, 36(6), pp.448-452.

Dasgupta, P. and Collins, J., 2019. A Survey of Game Theoretic Approaches for Adversarial
Machine Learning in Cybersecurity Tasks. AI Magazine, 40(2), pp.31-43.

Diesch, R., Pfaff, M. and Krcmar, H., 2020. A comprehensive model of information security
factors for decision-makers. Computers &amp; Security, 92, p.101747.

DNA India. 2017. Irdai asks insurers to appoint data security officers by April 30. [online]
Available at: <http://www.dnaindia.com/money/report-irdai-asks-insurers-to-appoint-data-
securityofficer-by-apr-30-2391043> [Accessed 15 September 2022].

Dutt, V., Ahn, Y.S. and Gonzalez, C., 2013. Cyber situation awareness: modeling detection
of cyber attacks with instance-based learning theory. Human Factors, 55(3), pp.605-618.

Dawson, J. and Thomson, R., 2018. The future cybersecurity workforce: going beyond
technical skills for successful cyber performance. Frontiers in psychology, 9, p.744.

Fadilpasic, S., 2016. Running old operating systems means risking a lot, says Duo Security.
[online] ITProPortal. Available at: <https://www.itproportal.com/news/running-old-
operating-systems-means-risking-a-lot-says-duo-security/> [Accessed 13 September 2022].

Gao, H.Y., Hu, A.H., Shen, W.Q. and Jiang, Z.X., 2019. Group consensus of multi-agent
systems subjected to cyber-attacks. Chinese Physics B, 28(6), p.060501.

Gill, P., 2019. TCS was hacked for its clients by China’s cyber spy campaign: Report.
[online] Business Insider. Available at: <https://www.businessinsider.in/tcs-hacked-and-data-
leaked-to-chinas-operation-cloud-hopper/articleshow/69969506.cms#:~:text=The%20Indian

[23]
%20IT%20giant%2C%20Tata,access%20to%20their%20client's%20networks.> [Accessed
13 September 2022].

GOV.UK. 2016. New figures show large numbers of businesses and charities suffer at least
one cyber attack in the past year. [online] Available at:
<https://www.gov.uk/government/news/new-figures-show-large-numbers-of-businesses-and-
charities-suffer-at-least-one-cyber-attack-in-the-past-year> [Accessed 13 September 2022].

Hoofnagle, C.J., van der Sloot, B. and Borgesius, F.Z., 2019. The European Union general
data protection regulation: what it is and what it means. Information & Communications
Technology Law, 28(1), pp.65-98.

Joshi, R., Goel, R. and Garg, S., 2019. A Study on Customers’ Perception on Adoption of
Digital Banking in Indian Banking Sector. SSRN Electronic Journal.

Kryvinska, N., Strauss, C., Collini‐Nocker, B. and Zinterhof, P., 2011. Enterprise network
maintaining mobility–architectural model of services delivery. International Journal of
Pervasive Computing and Communications.

Kesharwani, S., Sarkar, M.P. and Oberoi, S., 2019. Cyber security in India: threats and
challenges. Cybernomics, 1(2), pp.32-34.

Kshetri, N., 2016. Cybercrime and cybersecurity in India: causes, consequences and
implications for the future. Crime, Law and Social Change, 66(3), pp.313-338.

Lawrence, J., 2013. Cyber crime – employees have become one of the biggest risks to a
business. [online] HRZone. Available at: <https://www.hrzone.com/perform/business/cyber-
crime-employees-have-become-one-of-the-biggest-risks-to-a-business> [Accessed 13
September 2022].

Majumdar, R., 2019. After 2014 epic case, TCS Faces Fresh US lawsuit for Stealing Trade
Secrets. Business Standard News. Available at:
https://www.business-standard.com/article/companies/after-2014-epic-case-tcs-faces-fresh-
us-lawsuit-for-stealing-trade-secrets-119043000327_1.html [Accessed September 17, 2022].

Miskolczi, M., Földes, D., Munkácsy, A. and Jászberényi, M., 2021. Urban mobility
scenarios until the 2030s. Sustainable Cities and Society, 72, p.103029.

[24]
Moneylife. 2022. TCS restores its website after hackers put it up for sale. [online] Available
at: <https://www.moneylife.in/article/tcs-restores-its-website-after-hackers-put-it-up-for-
sale/3593.html> [Accessed 13 September 2022].

Mahdavifar, S. and Ghorbani, A., 2019. Application of deep learning to cybersecurity: A

survey. Neurocomputing, 347, pp.149-176.

Mint. 2022. In a significant milestone, TCS now has more than 2 lakh women employees.
[online] Available at: <https://www.livemint.com/companies/news/in-a-significant-
milestone-tcs-women-workforce-tops-2-lakh-11642002463684.html> [Accessed 15
September 2022].

Okuhara, M., Shiozaki, T. and Suzuki, T., 2010. Security architecture for cloud
computing. Fujitsu Sci. Tech. J, 46(4), pp.397-402.

Pietre-Cambacédes, L., Tritschler, M. and Ericsson, G.N., 2010. Cybersecurity myths on

power control systems: 21 misconceptions and false beliefs. IEEE Transactions on Power
Delivery, 26(1), pp.161-172.

Phadnis, S., 2022. Talent Shortage A Challenge For Mnc Tech Centres: Ey | India Business
News - Times of India. [online] The Times of India. Available at:
<https://timesofindia.indiatimes.com/business/india-business/talent-shortage-a-challenge-for-
mnc-tech-centres-ey/articleshow/89735165.cms> [Accessed 15 September 2022].

Paoli, L., Visschers, J. and Verstraete, C., 2018. The impact of cybercrime on businesses: A
novel conceptual framework and its application to Belgium. Crime, Law and Social
Change, 70(4), pp.397-420.

Rastogi, N.I.T.A.N.K. and Trivedi, M.K., 2016. PESTLE technique–a tool to identify
external risks in construction projects. International Research Journal of Engineering and
Technology (IRJET), 3(1), pp.384-388.

Reddy, G.N. and Reddy, G.J., 2014. A study of cyber security challenges and its emerging
trends on latest technologies. arXiv preprint arXiv:1402.1842.

Sharma, H., 2014. Importance and performance of managerial training in Indian companies–
an empirical study. Journal of Management Development.

[25]
Saini, H., Rao, Y.S. and Panda, T.C., 2012. Cyber-crimes and their impacts: A
review. International Journal of Engineering Research and Applications, 2(2), pp.202-209.

Shafqat, N. and Masood, A., 2016. Comparative analysis of various national cyber security
strategies. International Journal of Computer Science and Information Security, 14(1), p.129.

Süzen, A.A., 2020. A Risk-Assessment of Cyber Attacks and Defense Strategies in Industry
4.0 Ecosystem. International Journal of Computer Network & Information Security, 12(1).

Team, E., 2021. Cyber-attacks can lead to employees getting fired: Here's how - My Siccura
- Private and Secure Digital Life. [online] My Siccura - Private and Secure Digital Life.
Available at: <https://siccura.com/cyber-attacks-can-lead-to-employees-getting-fired-heres-
how/> [Accessed 13 September 2022].

Tiwari, R. and Kumari, P., 2015. Dividend and Capital Structure Pattern In Information
Technology Industry: A Case Study Of Tata Consultancy Services. Pezzottaite
Journals, 4(1), pp.2279-0896.

Tata Consultancy Services, 2020. TCS Annual Report 2019-20. TCS Annual Report. [online]
Mumbai: Tata Consultancy Services. Available at:
<https://www.tcs.com/content/dam/tcs/investor-relations/financial-statements/2019-20/ar/
annual-report-2019-2020.pdf> [Accessed 5 September 2022].

TCS, 2022. TCS Integrated Annual Report FY 2021-2022. TCS Integrated Annual Report.
[online] Mumbai: TCS. Available at: <https://www.tcs.com/content/dam/tcs/investor-
relations/financial-statements/2021-22/ar/annual-report-2021-2022.pdf> [Accessed 5
September 2022].

Ursillo, S. and Arnold, C., 2019. Cybersecurity Is Critical for all Organizations – Large and
Small. [online] IFAC. Available at: <https://www.ifac.org/knowledge-gateway/preparing-
future-ready-professionals/discussion/cybersecurity-critical-all-organizations-large-and-
small> [Accessed 13 September 2022].

Williams, P.A. and Woodward, A.J., 2015. Cybersecurity vulnerabilities in medical devices:
a complex environment and multifaceted problem. Medical Devices (Auckland, NZ), 8, p.305.

Yeboah-Boateng, E.O., 2013. Cyber-Security Challenges with SMEs in Developing

Economies: Issues of Confidentiality, Integrity & Availability (CIA). Institut for Elektroniske
Systemer, Aalborg Universitet.

[26]
Appendix
Appendix 1. SWOT Table
Strength Opportunities

● Extensive and Global reach of ● Cloud computing solutions

operations
● Cybersecurity framework and
● Strong reputation brand image
training programs

● Strategic alliance with cyber security ● Mobility Solutions

firms
● Cyber security tools
● Robust portfolio of services
● AI and ML tools
● Return on investment profits

Weakness Threats

● Litigation risks ● Competitors in cybersecurity

features
● Employee attrition
● Loss of customer confidentiality and
● Information stealing integrity

● Decreasing employment rate

● Customer loss

● Reputation harm

Appendix 2. PESTLE Table

Political Economic Social Technological Environmental Legal

Lack of Lack of No diversified Adoption of Cyber security Lack of
regulatory economic workforce cyber range devices now are certification
measures support to tools is absent environmentally and protocols
and cybersecurity Lack of and conduct for

[27]
standards programs dedicated Lack of harmful cybersecurity
curricula and familiarity operation issues
No political Lack of training and no with
ambition in funding by clear Hardware and Knowledge
creating company to identification software tools gap of legal
standards offer of skills requirements
and trainings AI and ML in personal
measures against cyber Gender bias emerging data
attacks and women technologies protection
Lack of candidates are missing
coordination Lack of could be
among awareness in trained within
companies economic workforce
and and financial
government concern by Cybersecurity
policies to the company. misconceptions
follow
No social
No awareness in
programs by Indian MNCs
government
to fill skills
shortage

[28]