Security Staff Acquisition & Development, Content

Cognizant Board Forms Security Subcommittee After Ransomware Attack


Cognizant's board of directors has formed a subcommittee to refresh and strengthen the global IT consulting firm's approach to security, CEO Brian Humphries said during Cognizant's ($CTSH) earnings call this week.

Cognizant CEO Brian Humphries

The amplified security effort comes after Cognizant suffered a Maze ransomware attack in late April 2020. By May 2020, Cognizant estimated that the attack would  cost the global systems integrator and MSP roughly $50 million to $70 million in lost revenue and margin for Q2, 2020,

Fast forward to July 2020. Cognizant has "essentially completely contained and eradicated" the ransomware attack, Humphries said on the Q2 2020 earnings call, hosted July 29, 2020. Next up, the company has begun a "multi-quarter initiative to refresh and strengthen our approach to security," Humphries said. "A subcommittee of the Board of Directors will help me provide oversight of these efforts, which is being conducted in conjunction with external security experts."

Cognizant did not disclose the security experts' names or company affiliations.

Cognizant Ransomware Attack Recovery: Business and Financial Impact

Meanwhile, Humphries also disclosed the ransomware attack's overall financial impact on Cognizant's business. He stated:

"Now let me turn to our results. Second quarter revenue of $4 billion declined 3.4% year-over-year or 2.5% in constant currency including a negative 120 basis points impact from the exit of certain content related services and a negative 90 basis points from the ransomware attack impact on fulfillment, the latter which was skewed towards our financial services and healthcare segment."

Still, Cognizant's business saw improved momentum in May 2020 and June 2020, driven by "double-digit growth in our digital service offerings, particularly in areas such as cloud and enterprise application services, IT modernization and digital engineering," Humphries said.

Hackers, Ransomware Continue to Target MSPs

The U.S. Secret Service recently warned IT service providers and consulting firms about ongoing cyberattacks. The warning indicated that threat actors are increasingly targeting point-of-sale (POS) systems and performing business email compromise (BEC) and ransomware attacks.

Recent MSP and IT consulting ransomware attack victims include:

How MSPs Can Mitigate Ransomware Attack Risks: To safeguard your MSP business and clientele from ransomware attacks, follow this tip sheet.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.