Employee Error Lets Hackers Clean Up at Clorox

The Clorox Company’s $574M lawsuit against IT services provider Cognizant Technology Solutions is a stark reminder of the cyber threat posed by unwitting or uncaring employees.

Clorox alleges that help desk agents managed by Cognizant provided hackers with access to Clorox’s IT network in August 2023. They say that Cognizant agents repeatedly reset passwords and multi-factor authentication (MFA) tokens for hackers posing as Clorox employees without asking a single security question.

One partial call transcript filed with the court shows a Cognizant agent volunteering “Let me provide the password to you” after a hacker said he couldn’t log in.

Hackers used the credentials provided to paralyse manufacturing lines, which led to product shortages costing Clorox hundreds of millions in lost sales.

Clorox says it had provided Cognizant with strict credential-reset protocols such as verifying a manager’s name and sending confirmation emails, but that these protocols weren’t followed.

Human Error Common

Clorox’s unfortunate experience is consistent with studies which have found human error a leading cause of most cyber security incursions. 

In a 2024 experiment by Fortra, 14.9% of employees across the Asia-Pacific region succumbed to hackers’ attempts to have them provide network access. 60% of the employees who clicked on that phishing link went on to further expose their organisation by sharing their password.

Guarding Against Employee Error  

Employee education is a great start to protecting your organisation. But as Clorox’s experience shows, it’s not enough.  Technical safeguards are needed, too.

Generic Systems Australia’s Advanced Threat Protection Bundle enables your organisation’s email system to automatically detect and prevent phishing links and other malware from entering your organisation. Combining the layered strengths of GoAnywhere MFT and Clearswift, it enables your employees to receive and share information securely without impairing their productivity.

How It Works

Our Advanced Threat Protection Bundle seamlessly integrates managed file transfer with advanced threat protection and adaptive data loss prevention to keep your sensitive data secure. It not only prevents malware from entering your organisation, but it also prevents employees from losing or mishandling data.

For example, if an employee knowingly (or unknowingly) attempts to share any files containing malware, those files are sanitised by having the malicious elements automatically removed.

The Advanced Threat Protection Bundle can also automatically detect and –– if you configure it to do so –– prevent employees from sharing sensitive information.

Local Support

If you’d like to see first-hand how the Advanced Threat Protection Bundle can help keep your organisation’s data safe, please feel welcome to get in touch with me.  My technical team at Generic Systems Australia are local experts in the field.