Cognizant's ransomware attack is making peers like TCS and Infosys nervous — and they are beefing up security

• The Maze ransomware attack on Cognizant workers will have an impact on its revenue and operations in the coming year, according to the company filings with the Securities and Exchange Commission (SEC) in the US.
• The attack has put Indian IT companies like Infosys, Wipro and Tata Consultancy Services (TCS) on alert to continuously monitor their own systems.
• According to Infosys’ chief operating officer, the ransomware attack had nothing to do with working from home. The same attack could have just as easily occurred even if employees were working from an office.
• Other ways to exploit the systems, like phishing and malware, are a greater risk to a network when working from home.

The Fortune 500 company Cognizant was the victim of a ransomware attack last week on Friday, April 17. This has put Indian IT companies like Infosys on high alert.

Even though cybercriminals seem to have become more active during the coronavirus lockdown, working from home isn’t the primary issue. It’s about ensuring that networks have advanced threat protection and that they’re continuously monitored for breaches.

“We have looked at our own networks and found out that our networks are secure. We’ve invested in advanced protection software which has been deployed at all the endpoints and across the networks,” said Pravin Rao, the chief operating officer of Infosys, during the fourth-quarter earnings call on April 20.

Tata Consultancy Services (TCS) has shifted from the concept of offshore development centres (ODCs) to secure borderless workspaces (SBWS). It is also looking into solutions that can help its employees work from home without compromising on security. However, that was already in the works even before news of the Cognizant ransomware broke.

"We rejigged our cyber security posture, and all our project management practices and systems to ensure that proper work allocation, work monitoring and reporting continued, so that the high quality and delivery certainty that our customers have come to expect from us was never compromised," TCS CEO Rajesh Gopinathan explained during the company's earnings call on April 16.

The ransomware may hit Cognizant’s revenue, according to company filings made with the US Securities and Exchange Commission (SEC). Not only did the attack have an immediate impact, but continues to cause disruption in parts of its business processes.

The Maze ransomware has been around for less than a year, but its damage to businesses and government has only escalated.

Ransomware attacks don’t have anything to do with working from home
Those behind Maze are known to target IT support companies in the past as well. In October last year, it tried to infiltrate a management service provider (MSP) in Italy by impersonating the Italian Revenue Agency via email, according to a report by Proofpoint.

Experts believe this may have been an attempt to gain backdoor access to the MSPs, so that the ransomware could be pushed out to their clients.

With the coronavirus pandemic, more employees than ever are working from home. Across the board — for Infosys, HCL Technologies, Wipro and TCS — more than 90% of their employees are working from home.

However, working from home isn’t what is making the networks weaker. The same could have just as easily occurred even when employees were working from offices, according to Rao.

“Whatever has happened with this ransomware threat, it has nothing to do with work from home. If I look at the vulnerability, it could have happened anywhere irrespective of work from home because it exploited a particular version of a product,” Rao said.

IT giants are beefing up their own security
Ransomware is persistent enough to attack anywhere but that doesn’t mean that there’s a greater risk to a network when working from home.

“Work from home may have a higher impact, less from a security perspective, but more from phishing attacks than data leaks. Security breaches can happen even when you’re working from the office,” said Rao.

Last week, between April 13 and April 19, hackers attacked businesses over 22 million times, according to data compiled with Atlas VPN. There were at least 2 million attacks on average per day. During the last 30 days, cybercriminals have tried to infiltrate corporate networks nearly 100 million times.

Wipro was already a victim of one such phishing attack in April last year when employee accounts were used to gain access to customer information.

“Successful ongoing cyber resilience will require the strategic alignment of cyber strategies with incident response, business continuity and disaster recovery planning. We’ve got to involve the entire enterprise — from the front office to back,” said Akhilesh Tuteja, co-leader of global cybersecurity at KPMG International.

Going forward, businesses will need to invest more in cybersecurity, both on having the right tools as well as the right manpower in place.

Business-driven risk scenarios are currently lacking, according to a KPMG report on key cybersecurity considerations for 2020. Companies’ operating model needs to be in line with cybersecurity. Not only is that important for IT service companies to keep their networks and revenues secure but also maintain trust with their clients.

Note: Story was edited to add TCS CEO Rajesh Gopinathan quote from earnings call.

See also:
Infosys’ revenue, profit and margin in the red as Coronavirus sweeps over the global economy

Cognizant hit by Maze ransomware, service disrupted for some clients

Companies might look to bring in a new set of workforce after COVID-19 crisis — bots