Capita Cyber Incident
It has been reported that a cyber incident at Capita during March has led to compromised data. Capita is a leading provider of business process services and has numerous contracts with the UK government including the NHS.
Capita reported that there is evidence of “limited data exfiltration” from the servers that were compromised.
Data exfiltration is also known as data extrusion or data exportation and is essentially data theft. It is the intentional and unauthorised transfer of data from a computer or other device.
Data exfiltration can be carried out manually internally or externally by a malicious actor or it can be done automatically with malware.
Certain types of data are targeted and usually include:
Usernames and passwords
Cryptographic keys
Personal financial information
Personally identifiable information (PII)
Email addresses
Backups
There are several measures that can help to defend a network against data exfiltration.
Preventive – access controls, deception techniques, and encryption of data in process, in transit, and at rest, DLP prevention tools, data download limits, user training and documented procedures, data owner approvals.
Detective – implement intrusion detection and prevention systems, monitoring channels of data leakage e.g. email, file transfers, mobile and portable storage devices.
Investigative – forensics actions, counter intelligence and auditing.
Data leakage prevention (DLP) tools are designed to identify data, monitor data usage and movement, and take actions to prevent data from leaking (e.g. alerting users to their potentially risky behaviour and blocking the transfer of data, preventing copy and paste etc).
Data leakage prevention inherently involves monitoring personnel’s communications and online activities and there is a variety of legislation relating to privacy, data protection, employment, interception of data and telecommunications that is applicable to monitoring and data processing in the context of data leakage prevention which organisations need to be aware of when deploying DLP software.
Contact Romano Security Consulting today and let us help to put you on the right track to secure your network and your data.