A House Of Cards

Uploaded on 2023-06-08 in NEWS-Cybersecurity News, FREE TO VIEW

The 2023 Capita hacks have caused ripples throughout the industry, affecting hundreds of organisations that use the outsourcing giant to administer pension funds. With incidents coming to light in both March and May of this year, the ramifications have left not only Capita customers but thousands of their clients dealing with the repercussions of having their data breached. 

As arguably the most high-profile cyber incident we’ve seen this year, affecting a range of providers within financial services and beyond, the events of the past few months create significant concerns for Capita customers and pose serious questions as to how we should be protecting the valuable data that firms hold. Why did these incidents occur in the first place? More importantly, how can they be prevented in the future?

Uncovering The Damage

Taking a glance back at the initial attack, Capita’s systems were compromised in March, causing a several-day service outage for many of their customers. At first, Capita denied that their customer data has been affected. However, this was quickly proved to not be the case, with reports released stating that as many as 350 UK retirement schemes had been affected. Leaked samples of the stolen data online showed that bank account details, passport photos and driver’s licenses had been accessed. 

Fast forward to May, and a second Capita incident comes to light – this time, involving the long-term exposure of confidential data. This was attributed to Capital having failed to properly configure an Amazon Web Services (AWS) storage bucket.

Consumer Trust At Risk

With Capita’s systems used to administer pensions for several large and prominent organisations, including Royal Mail, Axa, Unilever, Marks and Spencer and a selection of local councils, the fallout from these two data breaches has been catastrophic. 

Financially, Capita will be expecting losses of up to £20 million, after having to spend a large amount on specialist fees, recovery processes and remediation costs. However, the financial impact may be the least of their worries, with the brand now experiencing significant reputational damage.

Colchester Council is just one of the affected organisations that have expressed visible disappointment with Capita, stating that the outsourcer had “failed to maintain the necessary standards for data protection”.

This loss of customer trust is not only felt by Capita but by the pension schemes and financial organisations that they provide services to. The fact that a third party or supplier was the origin of the hack will do nothing to soften the blow for end customers, especially when their personal data is on the line. Ultimately, each business is accountable for the security of their customers’ information. 

Why Cybersecurity Can’t Be The Last Priority 

Digital transformation strategies have been front and centre for many organisations in the past few years, with each business looking to improve customer experiences and increase business efficiency. Consumers are increasingly demanding improved and frictionless customer experiences but any goodwill or advantage gained for firms will be lost if consumers don’t feel their data is secure. 

The lesson that Capita teaches us is clear - digitising services cannot come at the cost of security. Cybersecurity has to be a core element within your digital transformation strategy, with organisations needing to proactively implement sufficient cybersecurity measures and practices to mitigate risk and safeguard customer data, rather than waiting for an incident to occur and cleaning up the mess.

For businesses that fail to afford cybersecurity the attention it needs and deserves, it’s only a matter of time until one weak element brings all the benefits crashing down, and a business loses the reputation they have built over years, in mere days. 

Paul Holland is CEO at Beyond Encryption 

You Might Also Read:

Who Foots the Bill For A Data Breach?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Ransomware Trends In The Aviation & Maritime Industries
More Than 340 Million User Accounts Breached So Far This Year »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Egerie

Egerie

EGERIE's RiskManager solution provides a Global, Centralized, and Updated view of risk maps and security measures for your company.

GreatHorn

GreatHorn

GreatHorn offers the only cloud-native security platform that stops targeted social engineering and phishing attacks on communication tools like O365, G Suite, and Slack.

SecureMetric Technology

SecureMetric Technology

SecureMetric is one of SE Asia’s leading players in the field of digital security with a focus on Software Licensing Protection, 2-Factor Authentication, Advanced Identity and Access Management, Publi

CSIRT Italia

CSIRT Italia

CSIRT Italia is the national Computer Security Incident Response Team for Italy.

ePLDT

ePLDT

ePLDT delivers best-in-class digital business solutions that include Cloud, Cyber Security, purpose-built Data Center facilities and Managed IT Services.

Gray Analytics

Gray Analytics

Gray Analytics is a Cybersecurity Risk Management company providing best-practice services across a broad spectrum of cyber scenarios for both government and commercial customers.

CWSI

CWSI

CWSI provide a full suite of enterprise mobility, security and productivity solutions to many of Ireland and the UK’s most respected organisations across a wide range of industry and public sectors.

Analygence

Analygence

ANALYGENCE is your trusted partner for mission support, cyber solutions, and management services.

Coviant Software

Coviant Software

Coviant Software delivers secure managed file transfer (MFT) software that integrates smoothly and easily with business processes.

KATIM

KATIM

KATIM is a leader in the development of innovative secure communication products and solutions for governments and businesses.

Virtual Infosec Africa (VIA)

Virtual Infosec Africa (VIA)

Virtual InfoSec Africa (VIA) is a wholly-owned Ghanaian company specializing in information security and cybersecurity solutions and services.

Globesecure Technologies

Globesecure Technologies

Globesecure Technologies is a networks and cyber security company. We are here to resolve business security challenges and secure the digital transformation journey of our clients.

MyKRIS Asia

MyKRIS Asia

MyKRIS specialise in providing and managing Internet network services and cyber security services to enterprises.

Proximus Ada

Proximus Ada

Proximus Ada is the first Belgian center of excellence combining artificial intelligence and cybersecurity.

Surf Security

Surf Security

SURF Security has transformed the browser into your strongest security asset while providing complete end-user privacy – all with full compliance.

Eye World

Eye World

Eye World, founded in 2015, is one of Northern Europe’s leading and fastest-growing providers of SaaS solutions in Cyber Security.