On Friday March 31, Capita, a leading provider of business process services, experienced a cyber incident primarily impacting access to internal applications. This caused disruption to some services provided to individual clients, though the majority of its client services remained in operation.
A statement on the company’s website reads: ‘Our IT security monitoring capabilities swiftly alerted us to the incident and we quickly invoked our established and practised technical crisis management protocols. Immediate steps were taken to successfully isolate and contain the issue. The issue was limited to parts of the Capita network and there is no evidence of customer, supplier or colleague data having been compromised.’
The company said that by working in collaboration with its specialist technical partners, including the team of leading cybersecurity experts at Microsoft Incident Response, it has managed to restore Capita colleague access to various systems and is making good progress restoring remaining client services in a secure and controlled manner.
Rob Bolton, VP EMEA at Versa Networks, commented on the news: “Over the last couple of years, service disruption through the supply chain has become an extremely popular method for cybercriminals. Even though Capita IT was able to limit the impact on services, this should be a stark warning to all public services about the impact of a cyberattack.
“Disrupting any public service is extremely serious and can result in nationwide social and economic impacts. In more critical industries such as healthcare, disruption can impact the ability to deliver patient care, and in extremely rare cases, even result in fatalities. For example, last year’s attack on software supplier, Advanced, resulted in the 111 phone service outage.
“This attack should be a warning to all public service organisations about the importance of being proactive and implementing technologies such as unified SASE (Secure Access Service Edge). With SASE, security teams have complete visibility across their entire network and can implement security controls such as network segmentation, to limit the movement of malware and mitigate the impact of attacks.”
Click below to share this article
