Cyber security becomes key to retain clients for IT services providers | News

Infosys later said it had suffered a hit of 60 basis points on its operating margins from the McCamish cyber security incident. Infosys Chief Financial Officer Nilanjan Roy clarified during the latest earnings that while the incident had an impact on both revenues and costs, it is a “one-time impact” and unlikely to carry through the fourth quarter.

An analyst at a leading consulting firm said that the resignation of Infosys’ Chief Information Security Officer (CISO) and some of his team members, thereby resulting in a vacuum at such a critical position, could be one of the factors that led to this. “While no amount of preparation can insulate you from cyber attacks, one must have the best practices in place. Organisations should use a simulation model with an outside-in and inside-out approach so that they can simulate the motivation and action of the bad guys and see how it can be addressed,” he said on condition of anonymity.

In April 2020, Cognizant was attacked by a Maze ransomware which disrupted services to its customers. Some of Cognizant’s clients reportedly opted to protect themselves from the malware by closing off Cognizant’s access to their networks, effectively putting projects on hold. Later, Cognizant said it had contained the Maze ransomware strike that hit it as well as its customers and it expects to spend up to $70 million to fully restore its computer systems.

“Cognizant’s ransomware attack and subsequent fallout are certainly notable, but the most critical takeaway is that all organisations, both providers and enterprises, need to take the threat of ransomware seriously. Cognizant isn’t the first victim, and it won’t be the last,” Phil Fersht, Chief Executive Officer and Chief Analyst, HfS Research said in a note.

According to reports, 33 per cent of businesses said they lost customers due to a security breach. It also stated that nearly half of the clients will not return to the same provider post a breach.

Cyber security experts believe clients and vendors must establish clear security standards in their agreements and continuous communication is key. “To safeguard against potential compromises by third-party service providers, organisations must conduct thorough vendor risk assessments, establish clear security standards in contractual agreements, and regularly audit and monitor third-party systems. Data encryption during transmission and storage, strict access controls with multi-factor authentication, and a well-defined incident response plan are essential,” said Sonit Jain, Chief Executive Officer, GajShield Infotech, a security solutions provider. “Continuous communication, employee training, and adherence to legal and compliance standards further fortify defences.”

While generative AI (GenAI) technology is rapidly advancing and can provide significant benefits to an organisation, it also poses risks to privacy, cyber security, and client engagements. To address these, some IT services providers have come up with policies that clearly define the terms of usage of GenAI.

For instance, Wipro has stated in its policy: “GenAI tools can only be used for client projects if approved by clients or if the use is allowed as per client contract. Similarly, client enterprise data, including personal details, should not be used in GenAI without client approval. Account teams should reach out to the GenAI taskforce to obtain clearance for the usage of GenAI tools in all new and existing client engagements.”

First Published: Feb 15 2024 | 5:45 PM IST