Global BPO firm Cognizant (NASDAQ:CTSH) who markets itself as a guardian of corporate security, was itself infected by Maze Ransomware, inhibiting and encrypting multiple corporate systems last month. Now the New Jersey based company says on an earnings call that the dollar value of the losses caused by the penetration in the second quarter of 2020 may amount to between $50-70 million USD.
“The ransomware attack in April negatively impacted our work from home enablement schedule. As a result of this ransomware attack, our Q2 revenue and margins will both be negatively impacted. While we anticipate that the revenue impact related to this issue will be largely resolved by the middle of the quarter, we do anticipate the revenue and corresponding margin impact to be in the range of $50 million to $70 million for the quarter,” said Karen McLoughlin, Cognizant’s CFO.
Brian Humphries, the company’s CEO said: “First, the attack encrypted some of our internal systems, effectively disabling them and we proactively took other systems offline. This disruption included both select systems supporting our work from home enablements such as BDI and the provisioning of laptops that had been expected to further increase our work from home capabilities in April. Second, in the wake of the ransomware attack, some clients opted to suspend our access to their networks. Billing was therefore impacted for a period of time, yet the cost of staffing these projects remained on our books.”
Ransomware is a form of malware, or malicious software that once it infects a computer or network, it encrypts the data and prevents access by legitimate users unless the data kidnappers are paid a ransom to provide victims with the decryption keys. In many cases, the software also seeks to provide access to the data to the cyber criminals so that they can sell it or release it.
“At Cognizant, we approach security as the starting point for delivering the outcomes that leading global organizations demand. Our end-to-end security solutions combine deep domain and industry expertise with a future-focused approach that encompasses advisory, transformation and managed services. We offer the foresight and expertise to solve your most complex challenges.”—a statement on Cognizant’s website.
Because of this claimed expertise it is surprising to see Cognizant fall victim to this type of crime, showing that it is critical for companies of all sizes, governments, and even individuals to take protective measures. There are tools that can be deployed such as antimalware applications, but also correct procedures such as backup and verification, and behavior driven by training.
“Sometimes the most basic things get ignored,” says Praveen Sengar, CEO of multinational security firm Etek. “APTs or Advanced Persistent Threats [such as Maze malware] can be prevented by a combination of technology and people’s awareness of security culture. The organization needs to proactively approach this with an integrated security approach.”
Sengar says comprehensive enterprise approaches are not expensive, as low as $25 per user, per month compared to the $50-70 million dollar loss that Cognizant attributes to a single breach of their environment, let alone indirect and reputational losses.