When a massive multinational IT corporation garners international headlines by getting hacked, business leaders may want to reevaluate who’s handle their defenses. One of the tangled issues confronting industry decision-makers is which managed service provider (MSP) can deliver enterprise-level IT productivity and determined cybersecurity defenses.

A Fortune 500 corporation with facilities in Spain, China, Canada, Mexico, and India, among others, Cognizant (News - Alert) recently fell victim to a devastating Maze ransomware attack. According to reports, the fallout from the high-profile breach appears to have impacted its vast client base.

“Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack,” a company statement acknowledged.

Ransomware Attacks Brings MSP Cybersecurity into Question

The multinational corporation has a sizeable international workforce of more than 330,000, with upwards of 200,000 in India. What may confound industry leaders everywhere is the fact that Cognizant marketed itself as an MSP with reliable cybersecurity expertise.

These days, it’s leadership team has reportedly enlisted the help of New Jersey-based cybersecurity firm Teaneck to repair the damage done by hackers. This begs the question of how entrepreneurs and CEOs can arrive at a fact-based decision about an MSP’s ability to deliver cost-effective IT services as well as protections.

“The main issue is most MSP’s handle the daily support of a business and do not have expertise in cybersecurity. If you look at the technology industry, there is little overlap between managed services provides and cybersecurity providers,” Mike Shelah of Advantage Industries reportedly said. “This is a very vulnerable gap for the business relying on the MSP to provide guidance and cybersecurity protection.”

Cybercriminals deploying Maze ransomware appear to have a penchant for MSPs. Reports indicate that an attempted breach occurred in Italy after digital thieves cloaked an email under the guise of the Italian Revenue Agency. While the Maze ransomware threat has been targeting MSPs for upwards of one year, it has been thwarted in many instances. But the frightening reality that an organization’s relationship with its trusted MSP may be a backdoor to ransomware incursion has industry leaders on edge.

Industry Leaders Must Conduct Due Diligence on MSPs

Corporate decision-makers across sectors who must select a managed IT firm to maintain and secure its critical data will need to dig deeper than looking over a resume and an in-person consultation.

“As a business owner, you should look for documentation that an MSP follows the necessary compliance guidelines for their own infrastructure,” Advantage Industries’ Shelah reportedly said. “For example, if your business accepts credit cards as payment, you want to be sure the MSP can provide documentation of PCI (News - Alert) compliance for their infrastructure. A Doctor will want to see HIPAA, any company with customers in Europe will want to see GDPR.”

Many cybersecurity certifications exist that local MSPs would be wise to earn. Some of the more prominent ones include the following.

• GIAC: Global Information (News - Alert) Assurance Certification is an internationally recognized standard in military and governmental circles.
• ISC: Ranked among the leading non-profit cybersecurity accreditations, the International Information Systems Security Certifications Consortium has upwards of 140,000 members.
• CompTIA (News - Alert): Computing Technology Industry Association has reportedly issued more than 2 million entry-level certifications over the last two decades.

Along with these major certifications, there is a wealth of cybersecurity training courses available. In the wake of the splashy Cognizant headline, business leaders would be wise to review their MSP’s cybersecurity credentials. Too many hold themselves out as experts without the experience, expertise, or knowledge to back that claim.