A House Of Cards

Uploaded on 2023-06-08 in NEWS-Cybersecurity News, FREE TO VIEW

The 2023 Capita hacks have caused ripples throughout the industry, affecting hundreds of organisations that use the outsourcing giant to administer pension funds. With incidents coming to light in both March and May of this year, the ramifications have left not only Capita customers but thousands of their clients dealing with the repercussions of having their data breached. 

As arguably the most high-profile cyber incident we’ve seen this year, affecting a range of providers within financial services and beyond, the events of the past few months create significant concerns for Capita customers and pose serious questions as to how we should be protecting the valuable data that firms hold. Why did these incidents occur in the first place? More importantly, how can they be prevented in the future?

Uncovering The Damage

Taking a glance back at the initial attack, Capita’s systems were compromised in March, causing a several-day service outage for many of their customers. At first, Capita denied that their customer data has been affected. However, this was quickly proved to not be the case, with reports released stating that as many as 350 UK retirement schemes had been affected. Leaked samples of the stolen data online showed that bank account details, passport photos and driver’s licenses had been accessed. 

Fast forward to May, and a second Capita incident comes to light – this time, involving the long-term exposure of confidential data. This was attributed to Capital having failed to properly configure an Amazon Web Services (AWS) storage bucket.

Consumer Trust At Risk

With Capita’s systems used to administer pensions for several large and prominent organisations, including Royal Mail, Axa, Unilever, Marks and Spencer and a selection of local councils, the fallout from these two data breaches has been catastrophic. 

Financially, Capita will be expecting losses of up to £20 million, after having to spend a large amount on specialist fees, recovery processes and remediation costs. However, the financial impact may be the least of their worries, with the brand now experiencing significant reputational damage.

Colchester Council is just one of the affected organisations that have expressed visible disappointment with Capita, stating that the outsourcer had “failed to maintain the necessary standards for data protection”.

This loss of customer trust is not only felt by Capita but by the pension schemes and financial organisations that they provide services to. The fact that a third party or supplier was the origin of the hack will do nothing to soften the blow for end customers, especially when their personal data is on the line. Ultimately, each business is accountable for the security of their customers’ information. 

Why Cybersecurity Can’t Be The Last Priority 

Digital transformation strategies have been front and centre for many organisations in the past few years, with each business looking to improve customer experiences and increase business efficiency. Consumers are increasingly demanding improved and frictionless customer experiences but any goodwill or advantage gained for firms will be lost if consumers don’t feel their data is secure. 

The lesson that Capita teaches us is clear - digitising services cannot come at the cost of security. Cybersecurity has to be a core element within your digital transformation strategy, with organisations needing to proactively implement sufficient cybersecurity measures and practices to mitigate risk and safeguard customer data, rather than waiting for an incident to occur and cleaning up the mess.

For businesses that fail to afford cybersecurity the attention it needs and deserves, it’s only a matter of time until one weak element brings all the benefits crashing down, and a business loses the reputation they have built over years, in mere days. 

Paul Holland is CEO at Beyond Encryption 

You Might Also Read:

Who Foots the Bill For A Data Breach?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Ransomware Trends In The Aviation & Maritime Industries
More Than 340 Million User Accounts Breached So Far This Year »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ACME Communications

ACME Communications

ACME Communications specialises in the field of data centre, implementation, maintenance & operation and all aspects of other IT service.

SAMATE

SAMATE

The Software Assurance Metrics And Tool Evaluation project is an inter-agency project between the US Department of Homeland Security and NIST.

Secure Recruiting International (SRI)

Secure Recruiting International (SRI)

SRI is an industry leader in Information Security , Networking, Wireless and Storage recruitment.

ADF Solutions

ADF Solutions

ADF Solutions is a leading provider of digital forensic and media storage exploitation tools.

INCIBE-CERT

INCIBE-CERT

INCIBE-CERT is the reference security incident response center for citizens and private law entities in Spain

Logsign

Logsign

Logsign is a Security Orchestration, Automation and Response (SOAR) platform with next-gen Security Information and Event Management (SIEM) solution.

ANIS

ANIS

ANIS represents the interests of Romanian IT companies and supports the development of the software and services industry.

ISA Global Cybersecurity Alliance (ISAGCA)

ISA Global Cybersecurity Alliance (ISAGCA)

Objectives of the ISA Global Cybersecurity Alliance include the acceleration and expansion of standards, certification, education programs, advocacy efforts, and thought leadership.

Rede Nacional CSIRT

Rede Nacional CSIRT

Rede Nacional CSIRT is a national network of CSIRTs in Portugal aimed at cooperation and mutual assistance in the handling of incidents and in the sharing of good security practices.

tru.ID

tru.ID

We’re tru.ID, and we're reimagining mobile authentication, one API at a time.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.

Schillings

Schillings

Shillings defends your rights to privacy, reuptation and security. We fight passionately against breaches of your privacy, attacks on your reputation and threats to your security.

StarLink

StarLink

StarLink is an acclaimed Value-Added Distributor across the Middle East, Turkey and Africa regions with on-the-ground presence in 20 countries including UK and USA.

Trustack

Trustack

Trustack services cover connectivity, infrastructure services, security, unified comms, agile working and more. Our team of consultants deliver customised solutions tailored to your needs.

Eclypses

Eclypses

Eclypses has a disrupting cyber technology, offering organizations an advanced data security solution called MicroToken Exchange (MTE).

QualySec

QualySec

QualySec is a leading cybersecurity firm specializing in comprehensive penetration testing and risk assessment services.