A House Of Cards

Uploaded on 2023-06-08 in NEWS-Cybersecurity News, FREE TO VIEW

The 2023 Capita hacks have caused ripples throughout the industry, affecting hundreds of organisations that use the outsourcing giant to administer pension funds. With incidents coming to light in both March and May of this year, the ramifications have left not only Capita customers but thousands of their clients dealing with the repercussions of having their data breached. 

As arguably the most high-profile cyber incident we’ve seen this year, affecting a range of providers within financial services and beyond, the events of the past few months create significant concerns for Capita customers and pose serious questions as to how we should be protecting the valuable data that firms hold. Why did these incidents occur in the first place? More importantly, how can they be prevented in the future?

Uncovering The Damage

Taking a glance back at the initial attack, Capita’s systems were compromised in March, causing a several-day service outage for many of their customers. At first, Capita denied that their customer data has been affected. However, this was quickly proved to not be the case, with reports released stating that as many as 350 UK retirement schemes had been affected. Leaked samples of the stolen data online showed that bank account details, passport photos and driver’s licenses had been accessed. 

Fast forward to May, and a second Capita incident comes to light – this time, involving the long-term exposure of confidential data. This was attributed to Capital having failed to properly configure an Amazon Web Services (AWS) storage bucket.

Consumer Trust At Risk

With Capita’s systems used to administer pensions for several large and prominent organisations, including Royal Mail, Axa, Unilever, Marks and Spencer and a selection of local councils, the fallout from these two data breaches has been catastrophic. 

Financially, Capita will be expecting losses of up to £20 million, after having to spend a large amount on specialist fees, recovery processes and remediation costs. However, the financial impact may be the least of their worries, with the brand now experiencing significant reputational damage.

Colchester Council is just one of the affected organisations that have expressed visible disappointment with Capita, stating that the outsourcer had “failed to maintain the necessary standards for data protection”.

This loss of customer trust is not only felt by Capita but by the pension schemes and financial organisations that they provide services to. The fact that a third party or supplier was the origin of the hack will do nothing to soften the blow for end customers, especially when their personal data is on the line. Ultimately, each business is accountable for the security of their customers’ information. 

Why Cybersecurity Can’t Be The Last Priority 

Digital transformation strategies have been front and centre for many organisations in the past few years, with each business looking to improve customer experiences and increase business efficiency. Consumers are increasingly demanding improved and frictionless customer experiences but any goodwill or advantage gained for firms will be lost if consumers don’t feel their data is secure. 

The lesson that Capita teaches us is clear - digitising services cannot come at the cost of security. Cybersecurity has to be a core element within your digital transformation strategy, with organisations needing to proactively implement sufficient cybersecurity measures and practices to mitigate risk and safeguard customer data, rather than waiting for an incident to occur and cleaning up the mess.

For businesses that fail to afford cybersecurity the attention it needs and deserves, it’s only a matter of time until one weak element brings all the benefits crashing down, and a business loses the reputation they have built over years, in mere days. 

Paul Holland is CEO at Beyond Encryption 

You Might Also Read:

Who Foots the Bill For A Data Breach?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Ransomware Trends In The Aviation & Maritime Industries
More Than 340 Million User Accounts Breached So Far This Year »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

C2B2 Consulting

C2B2 Consulting

C2B2 are experts in middleware support and consultancy. We specialise in ensuring scalability, performance and security of large scale systems.

Mocana

Mocana

Mocana provides a software platform that allows you to develop, test and distribute more secure IoT devices and services.

Organization for Security and Co-operation in Europe (OSCE)

Organization for Security and Co-operation in Europe (OSCE)

OSCE is the world's largest security-oriented intergovernmental organization. Areas of activity include Cyber/ICT security.

CloudCodes Software

CloudCodes Software

CloudCodes is a cloud security solutions provider focused on providing cloud security solutions to enterprise customers.

MSAB

MSAB

MSAB is a pioneer in forensic technology for mobile device examination.

DataSunrise

DataSunrise

DataSunrise Data-Centric high-performance security software protects the sensitive data in real-time in cloud or on premises, and helps organizations to stay compliant.

Seqrite

Seqrite

Seqrite offers a highly advanced range of enterprise and IT security solutions to protect your organization's most critical data.

BELAC

BELAC

BELAC is the national accreditation body for Belgium.

Veritas Technologies

Veritas Technologies

Veritas provide industry-leading solutions that cover all platforms with backup and recovery, business continuity, software-defined storage and information governance.

Cyber Intelligence House (CIH)

Cyber Intelligence House (CIH)

Cyber Intelligence House provides risk exposure solutions for a wide range of audiences including companies, government agencies, regulators, investors, law enforcement and consumers.

RedLegg

RedLegg

RedLegg is a master provider of information security services, a boutique, nimble, old-fashioned customer service company that enjoys the technology battlefield.

Xceptional

Xceptional

Xceptional is a multi-award-winning technology services firm that celebrates the unique strengths of people with autism.

Klaatu IT Security (KITS)

Klaatu IT Security (KITS)

Klaatu IT Security is a boutique provider of cyber security services, empowering our clients to prioritise and reduce their cyber risk.

Strategic Technology Solutions (STS)

Strategic Technology Solutions (STS)

Strategic Technology Solutions specialize in providing Cybersecurity and Managed IT Services to the legal industry.

OryxLabs

OryxLabs

OryxLabs provide advanced enterprise digital risk protection solutions. Learn more about how 24x7 continuous assessment, monitoring, and improvement can secure your network.

Aegis Cyber Defense Systems

Aegis Cyber Defense Systems

AEGIS is a powerful cybersecurity tool that can help protect your devices and networks from cyber threats, and increase performance.