Cognizant has been sued by Clorox over a cyberattack that cost around $380M. A hacking group known as Scattered Spider managed to infiltrate Clorox's network by calling the Cognizant Service Desk and requesting employees' passwords directly. Cognizant, allegedly lacking any sophisticated security measures, handed over the credentials. Cognizant's spokesperson blamed Clorox for having weak internal cybersecurity practices. The incident raises questions about accountability and the efficacy of existing security protocols, stressing the importance of multi-factor authentication.
Cognizant was not duped by any elaborate ploy or sophisticated hacking techniques. The cybercriminal just called the Cognizant Service Desk, asked for credentials to access Clorox's network, and Cognizant handed the credentials right over.
Cognizant's spokesperson placed the blame on Clorox, saying that it was shocking that a corporation the size of Clorox had such an inept internal cybersecurity system to mitigate this attack.
Cognizant’s alleged lack of awareness ultimately cost around $380M in damages. Everyone can admit that two-factor authentication is annoying, but come on people - you should at least have one factor!
There's something poetic about the idea that a tech company named Cognizant would not be aware of an imminent 'hacking.'
Clorox's 'No, you' account of what happened is pretty damning: 'The Agent further reset Employee 1's MFA credentials multiple times without any identity verification at all.'
Collection
[
|
...
]