Opinion
Opinion
IT for retail and logistics
-
How can we adapt work practices to protect CISO mental health?
Cyber leaders are finding it harder to keep up with security requirements than just two years ago, risking a domino effect of dissatisfaction, burnout and eventually, resignation Continue Reading
-
Security Think Tank: The phishing forecast for 2024
Egress' Jack Chapman and James Dyer explore how phishing attacks are set to grow in their scope and sophistication this year, with generative AI playing a big role Continue Reading
-
Paula Vennells fails to practice what she preaches in Post Office scandal
Reverend Richard Coles tells Computer Weekly how a recent ITV drama ‘moved and enraged’ a public that had missed the unfolding of the biggest miscarriage of justice in modern history, in front of their noses Continue Reading
-
The human toll of ransomware: how IT pros suffer during incidents
Any ransomware attack causes significant challenges for a business or organisation going through such incident. But ransomware attacks also have tremendous impact on the staff – especially IT teams – working on mitigating the attack’s effect Continue Reading
-
Trauma and fear means victims of the Post Office scandal are suffering in silence
Just like victims of child abuse, it is likely that issues of trauma, fear, feelings of shame and a complete loss of trust in authority are some of the powerful inhibitors preventing victims of the Post Office scandal from coming forward Continue Reading
-
Beyond the office walls: Safeguarding remote workers from attack
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
Zero-trust principles: Your gateway to securing remote workers
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
Evolving best practice: What next for securing remote work?
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
Security Think Tank: Testing to improve remote worker security
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
Security Think Tank: Anytime, anywhere access is achievable
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
How to solve the computer evidence problem
The Law Commission is in disgrace for its historic misrepresentations of IT experts when pushing a change to the law on the use of computer evidence through Parliament. Continue Reading
-
Law Commission misrepresented experts when it changed rule on computer evidence
The Law Commission repeatedly quoted vague, arm-waving, un-evidenced comments by judges who offered no insight into anything beyond their own technical ignorance. The law change made miscarriages of justice inevitable. Continue Reading
-
The cause of the Post Office Horizon scandal? The Law Commission? Judges? Lawyers?
The appropriateness of the current law on the use of computer evidence in court is under the spotlight following Post Office scandal revelations Continue Reading
-
AI vs software outsourcing: An opportunity or a threat?
While artificial intelligence offers unprecedented opportunities for growth, efficiency and automation, it also raises pertinent questions about the future of software outsourcing Continue Reading
-
The most important law you’ve never heard of - the Electronic Trade Documents Act
The UK's Electronic Trade Documents Act has come into force, and it promises to make international trading easier, cheaper, faster and greener - but only if companies and government adopt its measures Continue Reading
-
Ending the online fraud epidemic
A different approach to managing personal data across the web is possible - and it could minimise online fraud, boost e-commerce, and help make the web more secure. So why isn't the government doing it? Continue Reading
-
Post Office scandal inquiry phase four: Here come the lawyers…
The Post Office scandal was triggered by computer errors, but the cover-up and miscarriages of justice implicate the Post Office, government and lawyers, as professor of law and ethics Richard Moorhead explains Continue Reading
-
Security Think Tank: Adopt a coherent framework for ID first security
With IAM central to enabling appropriate access to cloud-based services, identity first security is becoming a key trend for IAM in the cloud. Continue Reading
-
Security Think Tank: Training can no longer be a compliance exercise
Historically, security training has tended to take a compliance-based focus, a ‘tick-box’ exercise using generic, off-the-shelf courses. This needs to change, says Hayley Watson of Turnkey Consulting. Continue Reading
-
Cyber training in 2023 needs to drive measurable change
2023 will see more focus on security training programmes that not only provide employees with an understanding of the risks they face but more importantly drive measurable behavioural change, says PA Consulting’s Richard Allen Continue Reading
-
Cyber security training: Insights for future professionals
Future cyber security professionals need soft skills as well as technical ones, says security educator Sudeep Subramanian Continue Reading
-
Security Think Tank: New trends and drivers in cyber security training
Self-paced, interactive, bite-sized learning is becoming the optimum path for cyber security training in the workplace, says John Tolbert of KuppingerCole Continue Reading
-
How to protect your business from fraud during a recession
This winter, the chilly winds of a global recession have fraudsters turning up the heat. PJ Rohall of SEON Fraud Fighters shares some guidance on how to bundle up against fraud Continue Reading
-
Security Think Tank: Poor training is worse than no training at all
Bad security training is a betrayal of users, a security risk, and ultimately a waste of money, but there are some reasons to be optimistic about the future, say Mike Gillespie and Ellie Hurst of Advent IM Continue Reading
-
Security Think Tank: In 2023, we need a new way to cultivate better habits
Regular, small adjustments to behaviour offer a better way to keep employees on track and cultivate a corporate culture of cyber awareness, writes Elastic’s Mandy Andress Continue Reading
-
Security Think Tank: Getting the training and development mix right
Rob Dartnall, CEO at SecAlliance and chair of Crest’s UK Council, describes the need for formal, varied and continuous development in the cyber security sector Continue Reading
-
The rise of fraud in pop culture is impacting consumers’ digital trust
Shows such as The Tinder Swindler and Inventing Anna were big money-earners for Netflix in 2022, but Onfido’s Mike Tuchen says their popularity risks damaging consumer trust Continue Reading
-
How does red teaming test the ultimate limits of cyber security?
An expert ethical hacker reveals how he goes about carrying out a red team exercise Continue Reading
-
Security Think Tank: 2022 brought plenty of learning opportunities in cyber
At the end of another busy 12 months, Turnkey Consulting’s Andrew Morris sums up some of the most important takeaways for cyber pros Continue Reading
-
Security Think Tank: Embrace prioritisation, people, imperfections
Security and IT professionals should try to make peace with their imperfections in 2023, says Nominet CISO Paul Lewis Continue Reading
-
Security Think Tank: 2022 changed how we thought about resilience
Increasing cyber resilience is at the heart of the people-processes-technology triangle, and 2022 saw shifts in all three of these aspects, says PA Consulting’s Sharon Shochat Continue Reading
-
Security Think Tank: As cyber pros, we need to articulate our needs better
There is always a lot to learn about security, but one of the most important lessons may not relate to technology at all, says Petra Wenham Continue Reading
-
Ransomware: Is there hope beyond the overhyped?
Up-and-coming cyber concepts attack surface management and security mesh architectures seem to hold some promise in tackling ransomware, but they are a little way off maturity Continue Reading
-
Think technology, process, human risk to manage ransomware
Effective ransomware handling boils down to three core areas – technology, process and human risk Continue Reading
-
Your staff are the frontline in your ransomware fight
As part of a solid cyber defence plan, the CISO must make sure that the frontline within the organisation is prepared for an attack, says Theodore Wiggins of Airbus Protect Continue Reading
-
Security Think Tank: Ransomware defences: An extended to-do list
Strategies to extend ransomware protection beyond backups and intrusion detection must centre dark web monitoring, among other things Continue Reading
-
Security Think Tank: Let’s be transparent about ransomware
Greater transparency regarding ransomware attacks, including details about attack methods used and what kinds of assets were compromised, would likely help the community prevent future attacks Continue Reading
-
Cyber insurance: The good, the bad and the ugly
Most cyber insurance contracts are innately flawed because they exclude losses arising from state-backed cyber attacks, and this will make proper attribution even more important in the future, says Cisco Talos’ Martin Lee Continue Reading
-
Security Think Tank: To stop ransomware, preparation is the best medicine
You can’t ‘stop’ ransomware, but you can do a lot to keep yourself from becoming ensnared when it strikes Continue Reading
-
Security Think Tank: Anti-ransomware strategies should be as easy as ABC
When developing and implementing ransomware protection strategies, the importance of paying thorough attention to security measures you might consider elementary cannot be understated Continue Reading
-
To fight ransomware, we must treat digital infrastructure as critical
Ransomware defence is failing because we don’t view our digital infrastructure in the same way as our physical infrastructure, argues Elastic’s Mandy Andress Continue Reading
-
Security Think Tank: Ransomware and CISOs’ balancing act
Ransomware has the potential to cause irreversible business damage, so CISOs should consider not only protection but also response and recovery Continue Reading
-
Security Think Tank: Know your networks, know your suppliers
To combat the ransomware scourge, we must work harder to monitor and learn from the increasingly complex threat environment, keep a closer eye on supply chains, and share our insights Continue Reading
-
Security Think Tank: Container security: why so different?
Done well, container security can be a model for securing the enterprise, and businesses that focus their teams on solving it can help accelerate positive change in other areas Continue Reading
-
How has container security changed since 2020, and have we taken it too far?
While containers are now one of the most popular ways to deploy applications, it is fair to say that the adoption and implementation of security best practice to govern their use has not kept up Continue Reading
-
Security Think Tank: Effective DevSecOps requires collaboration
Application security and effective DevSecOps can only be achieved through collaboration with the business – the ultimate goal is to make it safer to do business, which requires considering integrated risk management and identity and access ... Continue Reading
-
IT Sustainability Think Tank: How collaboration and partnerships enable a circular economy
It takes a village to build a credible and robust IT sustainability strategy, so who should enterprise leaders be collaborating with to make their organisation’s green IT goals a reality? Continue Reading
-
Security Think Tank: Don’t rely on insurance alone
Cyber insurance is a useful addition to the cyber protection toolbox. However, it cannot be regarded as a replacement for the controls that should be in operation, says Turnkey Consulting’s Tom Venables Continue Reading
-
Cyber insurance: An effective use of your scant security budget?
The ISF’s Paul Watts asks if cyber insurance is a must-have item, an expensive luxury, or the emperor’s new clothes Continue Reading
-
Lots to consider when buying cyber insurance, so do your homework
When considering implementing a cyber insurance policy, due diligence should be your watchword, says Paddy Francis of Airbus CyberSecurity Continue Reading
-
Security Think Tank: Cyber insurance – A nice safety blanket, but don’t count on it
In the second instalment of this month’s Security Think Tank, Mike Gillespie argues that cyber insurance should be thought of like car insurance – you don’t start driving recklessly because you’re covered Continue Reading
-
Security Think Tank: Now is the time to think about cyber insurance
Many IT leaders shy away from cyber insurance, but new, innovative developments in the market can help organisations take an approach that suits their needs Continue Reading
-
Assessment and knowledge: Your key tools to secure suppliers
There is no silver bullet that will resolve all the issues arising from today’s interconnected businesses and complex supply chains, but there are some key tools at your disposal Continue Reading
-
What will the Data Reform Bill mean for UK businesses operating in the EU?
Following the government’s response to the Data Reform Bill consultation, Peter Galdies of DQM GRC looks at what might lie ahead for UK organisations working in the European Union Continue Reading
-
Security Think Tank: Supply chain security demands systematic approach
Supply chain security measures need to be systematic and assessed so as to minimise the complexity and cost to the business Continue Reading
-
Security Think Tank: Balanced approach can detangle supply chain complexity
Achieving an appropriate balance between people, processes and technology can help to detangle the complexities of the supply chain and create better security practices Continue Reading
-
Supply chain security goes deep – forget this at your peril
It may have hit the headlines as an IT issue, but supply chain security goes far deeper into an organisation than just technology Continue Reading
-
Consider governance, coordination and risk to secure supply chain
A recent ISACA study found myriad factors that give good reason to be concerned about supply chain security. Cyber adviser Brian Fletcher recommends three areas to zero in on Continue Reading
-
Security Think Tank: Best practices for boosting supply chain security
In a highly connected world, managing the supply chain landscape requires an adaptation of the ‘traditional’ approach to managing cyber risk Continue Reading
-
Security Think Tank: Basic steps to secure your supply chain
When it comes to supply chain security, there are some core things you should be doing – but remember, the devil is in the detail Continue Reading
-
Security Think Tank: Don’t trust the weakest link? Don’t trust any link
Your security model shouldn’t fall apart just because a part of your business, or a partner, has weak security. This is why information-centric security is a must Continue Reading
-
Government wrong to pass the buck on computer evidence reform
IT expert James Christie tells Computer Weekly why he is disappointed that the government has no plans to change the rules on the use of computer evidence in court Continue Reading
-
Naivety of computer evidence leaves door ajar for more miscarriages of justice
Barrister Paul Marshall explains why the government’s lack of action on reforming the legal rules around computer evidence, which presume it is correct, mean the Post Office Horizon scandal could be the tip of a miscarriages of justice iceberg Continue Reading
-
Mobile digital transformation – from fast to deep
The first half of 2022 has been a busy time, with much happening in the mobile industry. We consider what the rest of year might hold Continue Reading
-
Strong internal foundations are key to withstanding external threats
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ... Continue Reading
-
Security Think Tank: To follow a path, you need a good map
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ... Continue Reading
-
Why diversity in AI remains a challenge and how to fix it
With artificial intelligence set for a global economic explosion, its development must put diversity at its core to avoid discriminating systems Continue Reading
-
Revised scope of UK security strategy reflects digitised society
The omission of the word ‘security’ from the title of the UK government’s new National Cyber Strategy is a telling one, reflecting our increasingly digitised society, say Maximillian Brook and Arunoshi Singh of the ISF Continue Reading
-
UK Cyber Strategy a welcome injection of progress
The National Cyber Strategy should be seen as a welcome injection of both focus and investment in bettering cyber defence for everyone, says Turnkey Consulting senior consultant Louise Barber Continue Reading
-
National Cyber Strategy will enhance UK’s cyber power status
The UK punches above its weight when it comes to wielding cyber power around the world, but challenges to this status are clear. The National Cyber Strategy has a clear role to play in maintaining and enhancing this status, writes Paddy Francis of ... Continue Reading
-
How cyber security teams can conquer the four-day working week
The four-day week may be an idea whose time has come, but for always-on cyber security professionals, the impact of squeezing more work into fewer days is a tricky proposition Continue Reading
-
Five tips to help you deploy a successful AI initiative
Former H&M head of AI, Errol Koolmeister, discusses an approach to delivering successful artificial intelligence projects Continue Reading
-
National Cyber Strategy misses the mark in one important way
The National Cyber Strategy is full of fine words, says Petra Wenham, but as the old expression goes, fine words butter no parsnips, and it misses the mark in one very important way Continue Reading
-
Subpostmasters won their David and Goliath battle, but initial goal still not reached
Despite exposing the Post Office Horizon scandal, Alan Bates, the former subpostmaster who drove the campaign for the truth, says the goal of repaying people what they lost has not yet been achieved Continue Reading
-
When to pull the plug on an ecommerce site
Distributed denial of service and other attacks on websites have the potential to leak personally identifiable information Continue Reading
-
Security Think Tank: Good training is all about context
In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service? Continue Reading
-
Phishing tests are a useful exercise, but don’t overdo it
The vast majority of cyber attacks start with a phish, so it’s not surprising that phishing tests form part of cyber training plans. But sometimes these tests go too far. Cyberis’ Gemma Moore looks at how to avoid the pitfalls Continue Reading
-
Security Think Tank: How to build a human firewall
In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service? Continue Reading
-
Understand your cyber training ‘need’ before committing to a programme
In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training-as-a-service? Continue Reading
-
Security Think Tank: Focus on ‘nudging’ to build effective cyber training
In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training-as-a-service? Continue Reading
-
Vulnerabilities to fraud are increasing across the board
As the pandemic continues to affect how we work, socialise, shop and conduct business, so it has increased opportunities for digital fraud and cyber crime. Jason Lane-Sellers explores the latest LexisNexis Risk Solutions ‘Cybercrime report’ Continue Reading
-
A trial relying on computer evidence should start with a trial of the computer evidence
Learning from the Post Office Horizon scandal - the most widespread miscarriage of justice in recent British legal history Continue Reading
-
Security Think Tank: Reframing CISO-boardroom relations
Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months Continue Reading
-
Security Think Tank: Attackers leveraging the supply chain
Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they have taken away from the past 12 months Continue Reading
-
Security Think Tank: Think people, processes and systems
Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months Continue Reading
-
How can specialist retailers get closer to their customers?
In many cases, a customer needs more than just picking an item off the shelf or opening a box left on the doorstep – they need domain expertise Continue Reading
-
Security Think Tank: SASE – marketing buzz or the future of security?
SASE architectures promise to prevent multiple types of cyber attacks, but deciding whether SASE is right for your organisation will require understanding whether SASE is a fit for your use cases in IT Continue Reading
-
Security Think Tank: Consider cyber policies and procedures as you welcome employees back
With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect ... Continue Reading
-
Security Think Tank: Reopening is an opportunity to reassess wider security posture
With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect ... Continue Reading
-
Post Office scandal: The rise of computers and the decline of English justice
The Post Office prosecuted its subpostmasters up and down the country with a zeal that would not have embarrassed the Inquisition Continue Reading
-
Why new EU rules around artificial intelligence are vital to the development of the sector
Shawn Tan, CEO of global AI ecosystem builder Skymind, explains why the European Union’s new rules on artificial intelligence are a good thing Continue Reading
-
Why the Post Office Horizon scandal kept me awake at night
Reverend Richard Coles tells Computer Weekly why there needs to be a statutory public inquiry into the Post Office Horizon scandal Continue Reading
-
IR35 private sector reforms: What firms need to do now the start date has passed
While the start date for the onset of the IR35 private sector reforms may have passed, firms in-scope of the revamped tax avoidance legislation may find themselves still with plenty of compliance work still to do Continue Reading
-
Post Office’s full and final settlement with Horizon scandal victims in plain English
The legal settlement with subpostmaster victims of the Horizon scandal that the government and the Post Office say is “full and final” is anything but Continue Reading
-
Security Think Tank: Vaccine passports must be secure by design
What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind? Continue Reading
-
Security Think Tank: Evolving threats, tech, leaves CNI exposed
In light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading
-
Security Think Tank: Attacks on CNI – an evolving frontier in warfare
In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading
-
Security Think Tank: Take a realistic perspective on CNI cyber attacks
In light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading
-
Security Think Tank: CNI operators must focus on core issues
In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading
-
Security Think Tank: CNI operators are in an unenviable position
In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading