Most organizations – most competent organizations – require employees to complete a litany of wide-ranging, cover-your-ass training: ethics, sexual harassment, workplace violence, non-discrimination, safety training, blah blah blah. Most require passings for successful completion. The material is often similar across vendors, the tests barely a speed bump. The content is so predictable that I often mute the training audio and do other work until it’s time for the test.
For obvious reasons, computer security training continues to increase year-over-year, educating the unaware about malware, spyware, ransomware, phishing, identify theft, password complexity, secured communications, and everything else. You are also told to never share your credentials (password) with anyone, including IT or support as they will never ask you for your password. Conversely, IT can’t pass out your current password because it’s encrypted, and often password resets are automated processes to eliminate people. These limitations should protect the company and yourself, protecting confidential business information and corporate infrastructure from bad actors. Yes, it can be a PITA, but it’s a necessary evil in today’s digital world.
And then you run across this article where Clorox is suing Cognizant for blatantly disregarding security measures defined by Clorox for Cognizant to follow for Clorox’s outsourced technical support, damages claimed to be in excess of $380m. Clorox’s accusations are jaw-dropping, OMFG, sensational, showing incredible stupidity and incompetence on Cognizant’s part, and. if proven, may (should?) damage Cognizant’s reputation irreparably: multiple successful social engineering attacks led to access of protected Clorox infrastructure and confidential business information. Obviously Cognizant doesn’t require employee training the way I’m used to!
It’s extremely unlikely we’ll ever learn the actual facts: if Cognizant is at fault, an out-of-court settlement without acknowledging fault will be reached and all findings kept private. Clorox wants money, Cognizant needs to protect their reputation, and every step taken in the legal process will be to reach that goal.
But wow, just gotta shake your head and wonder what the fuck they were thinking….
