Melih Abdulhayoglu
🛑 $380 million.
That’s the size of the lawsuit Clorox just filed against IT services provider Cognizant.
The allegation?
Negligence.
Hackers reportedly exploited a manipulated password reset process inside Cognizant—one that bypassed Clorox’s own security protocols.
The result?
🚨 Corporate systems down
🚨 Product shipments stalled
🚨 Business continuity in shambles
And now:
A global brand is taking its MSP to court for failing to follow cybersecurity best practices.
📉 The Fallout of a Reset Button
This wasn’t a nation-state exploit or zero-day attack.
It was a process failure. Something preventable. Something that every MSP should have hardened.
And this is where the CISA guidelines for Managed Service Providers come in—because they’re no longer nice to follow. They are becoming the standard of care that defines legal accountability.
⚖️ CISA’s Cybersecurity Guidelines for MSPs
The Cybersecurity & Infrastructure Security Agency (CISA)—along with international partners—has released official guidance for MSPs to improve cyber hygiene and reduce risks for themselves and their clients.
Some of the key recommendations:
✅ Enforce Multi-Factor Authentication (MFA)
Especially on:
- Remote access tools
- Administrative accounts
- Cloud management portals
✅ Segment Internal Networks
Limit blast radius in case of compromise. MSPs should isolate management systems from customer environments.
✅ Audit and Monitor Access
Keep detailed logs of:
- Password resets
- Admin logins
- Remote sessions
…and monitor them for anomalies.
✅ Limit Use of Privileged Accounts
Use least privilege access, and avoid reusing admin accounts across clients.
✅ Apply Patching Rigorously
Not just for your clients, but for your own infrastructure and toolsets. Many attacks succeed through unpatched third-party management tools.
✅ Have a Documented Incident Response Plan
You’re responsible not only for detection, but timely escalation and containment.
📄 Read the full guidance here:
https://www.cisa.gov/resources-tools/resources/joint-advisory-guidance-managed-service-providers-may-2022
🧯 Legal Accountability Is No Longer a Theory
Cognizant was allegedly the door attackers used—via a manipulated password reset process. It wasn’t Clorox’s system that failed—it was their trusted provider’s process.
In today’s world, if you manage the keys, you also carry the liability.
We’re not just talking about best practices.
We’re talking about court-admissible standards.
🔐 You Can’t Outsource Liability
Outsourcing cybersecurity doesn’t mean outsourcing responsibility.
If something goes wrong on your watch, your contracts, documentation, and controls must prove you were aligned with guidelines like CISA’s.
Because if not?
You’re not just exposed to malware. You’re exposed to courtrooms.
📌 How to Stay Out of the Headlines
If you’re an MSP or MSSP, take this seriously:
🔒 Review CISA’s checklist monthly
📋 Conduct quarterly tabletop incident simulations
👨💻 Train your helpdesk in social engineering detection
🔁 Reassess your password reset and identity management workflows
📊 Log everything — and review those logs
🚫 Never use shared or hard-coded credentials
🚨 Final Word
The Clorox vs. Cognizant lawsuit could mark a turning point for the industry.
Security is no longer just a value-add.
It’s your product. Your liability. Your reputation.
And CISA just gave you the checklist. The only question now is:
Are you following it?
