A House Of Cards

Uploaded on 2023-06-08 in NEWS-Cybersecurity News, FREE TO VIEW

The 2023 Capita hacks have caused ripples throughout the industry, affecting hundreds of organisations that use the outsourcing giant to administer pension funds. With incidents coming to light in both March and May of this year, the ramifications have left not only Capita customers but thousands of their clients dealing with the repercussions of having their data breached. 

As arguably the most high-profile cyber incident we’ve seen this year, affecting a range of providers within financial services and beyond, the events of the past few months create significant concerns for Capita customers and pose serious questions as to how we should be protecting the valuable data that firms hold. Why did these incidents occur in the first place? More importantly, how can they be prevented in the future?

Uncovering The Damage

Taking a glance back at the initial attack, Capita’s systems were compromised in March, causing a several-day service outage for many of their customers. At first, Capita denied that their customer data has been affected. However, this was quickly proved to not be the case, with reports released stating that as many as 350 UK retirement schemes had been affected. Leaked samples of the stolen data online showed that bank account details, passport photos and driver’s licenses had been accessed. 

Fast forward to May, and a second Capita incident comes to light – this time, involving the long-term exposure of confidential data. This was attributed to Capital having failed to properly configure an Amazon Web Services (AWS) storage bucket.

Consumer Trust At Risk

With Capita’s systems used to administer pensions for several large and prominent organisations, including Royal Mail, Axa, Unilever, Marks and Spencer and a selection of local councils, the fallout from these two data breaches has been catastrophic. 

Financially, Capita will be expecting losses of up to £20 million, after having to spend a large amount on specialist fees, recovery processes and remediation costs. However, the financial impact may be the least of their worries, with the brand now experiencing significant reputational damage.

Colchester Council is just one of the affected organisations that have expressed visible disappointment with Capita, stating that the outsourcer had “failed to maintain the necessary standards for data protection”.

This loss of customer trust is not only felt by Capita but by the pension schemes and financial organisations that they provide services to. The fact that a third party or supplier was the origin of the hack will do nothing to soften the blow for end customers, especially when their personal data is on the line. Ultimately, each business is accountable for the security of their customers’ information. 

Why Cybersecurity Can’t Be The Last Priority 

Digital transformation strategies have been front and centre for many organisations in the past few years, with each business looking to improve customer experiences and increase business efficiency. Consumers are increasingly demanding improved and frictionless customer experiences but any goodwill or advantage gained for firms will be lost if consumers don’t feel their data is secure. 

The lesson that Capita teaches us is clear - digitising services cannot come at the cost of security. Cybersecurity has to be a core element within your digital transformation strategy, with organisations needing to proactively implement sufficient cybersecurity measures and practices to mitigate risk and safeguard customer data, rather than waiting for an incident to occur and cleaning up the mess.

For businesses that fail to afford cybersecurity the attention it needs and deserves, it’s only a matter of time until one weak element brings all the benefits crashing down, and a business loses the reputation they have built over years, in mere days. 

Paul Holland is CEO at Beyond Encryption 

You Might Also Read:

Who Foots the Bill For A Data Breach?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Ransomware Trends In The Aviation & Maritime Industries
More Than 340 Million User Accounts Breached So Far This Year »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Landry & Associates

Landry & Associates

Landry & Associates is a multidisciplinary firm specializing in risk management, performance and technology management.

Wisegate

Wisegate

Wisegate is a community of IT experts providing advisory services on all areas of IT including security.

Voyager Networks

Voyager Networks

Voyager Networks is an IT solutions business with a focus on Enterprise Networks, Security and Collaborative Communications.

Genua

Genua

Genua is a specialist in IT security services and solutions ranging from network and infrastructure security to encrypted comms and industrial automation.

Communications Security Establishment (CSE)

Communications Security Establishment (CSE)

CSE is Canada's national cryptologic agency, providing the Government of Canada with IT Security and foreign signals intelligence (SIGINT) services.

Fair Isaac Corporation (FICO)

Fair Isaac Corporation (FICO)

FICO provides analytics software and tools used across multiple industries to manage risk, fight fraud, optimize operations and meet strict government regulations.

i-Sprint Innovations

i-Sprint Innovations

i-Sprint is a leader in Securing Identity and Transactions in the Cyber World for industries that are security sensitive.

Evanston Technology Partners (ETP)

Evanston Technology Partners (ETP)

ETP provides services and solutions to enable and transform businesses in the areas of cybersecurity, data protection, and efficient operations practices.

HARMAN International

HARMAN International

HARMAN designs and engineers connected products and solutions for automakers, consumers, and enterprises worldwide.

KanREN

KanREN

KanREN is a member based consortium offering custom, world-class network services and support for researchers, educators, and public service institutions in the state of Kansas.

SAM Seamless Network

SAM Seamless Network

SAM Seamless Network is a cybersecurity technology platform that protects the connected home, by tackling cyber security threats at the source.

Intelligent Technical Solutions (ITS)

Intelligent Technical Solutions (ITS)

We help businesses manage their technology. Intelligent Technical Solutions provide you with the right technical solution, so you can get back to running your business.

Cyber Octet

Cyber Octet

Cyber Octet is an IT Solution, Security, Training and Services company. We provide training and services from Web Application Security to ISO 27001 implementation.

Cipher Net Shield

Cipher Net Shield

Cipher Net Shield specializes in secure E-wallet solutions with a strong focus on blockchain and cybersecurity, prioritizing both transaction security and the recovery of lost capital.

Cork

Cork

Cork is a purpose-built cyber warranty company for managed service providers (MSPs) serving small businesses (SMBs) and the software solutions they manage.

CyFox

CyFox

CYFOX is at the forefront of cybersecurity innovation, specializing in providing cutting-edge AI-driven solutions tailored for any businesses.