Cognizant Had A Big, Embarrassing Fail On Security. Are You Next?
Did you see what happened to Cognizant? It is mind boggling to me that this still happens in large firms, especially after the debacle that the City of Atlanta, Georgia in the US suffered due to ransomware. The global BPO that claims to offer “Digital Engineering” and “Digital Strategy” has suffered customer data loss and operational impairment due to ransomware infections. Ransomware is a form of malware, or malicious software that once it gets on your computer or network, encrypts your data and prevents your access unless you pay the ‘kidnappers’ a ransom to provide you with the decryption keys. In many cases, it also seeks to provide access to the data to the cyber criminals so that they can sell it or release it—think consumer credit card data, trade secrets, national secrets, personally sensitive information, etc.
I find it mind boggling because ransomware is not impossible to prevent. Cognizant even claims to offer security services:
“At Cognizant, we approach security as the starting point for delivering the outcomes that leading global organizations demand. Our end-to-end security solutions combine deep domain and industry expertise with a future-focused approach that encompasses advisory, transformation and managed services. We offer the foresight and expertise to solve your most complex challenges.”
“Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack.”
It is not my intention to pick on Cognizant. Just like the only way to completely secure a bank is to keep all customers & employees locked out at all times, this can happen to any company of any complexity. But what I find inexcusable is the apparent lack of fault tolerance, redundancy, and real time backup.
We are rushing into a new telework environment. Companies are deploying VPNs and other technologies, innovating and adapting to enable remote work by employees who never previously even considered it. As we move to reduce public health risks, we open up countless more exposures to information insecurity and theft.
Coincidentally, I met (remotely, mind you) Etek’s recently appointed CEO, Praveen Sengar. Etek is a South American IT security company that focuses entirely on security; but not just through software and hardware, the company offers IT security training and testing for end users and corporate IT security professionals. All the technology in the world won’t help if your employees don’t follow best practices and “give out papayas” or leave your company’s virtual doors open.
I have two questions for you, regarding your company or agency’s information infrastructure.
- Are you feeling secure?
- And if you are, how sure are you?
Better double check, just to be safe. I don’t care how big you are.