Opinion
Opinion
IT governance
-
What charities should know about ransomware and reputational threats
The NCSC recently called for charities to elevate their cyber security practice. Find out why charities are a soft target for cyber criminals, and what they can do to fight back Continue Reading
-
How to protect your business from fraud during a recession
This winter, the chilly winds of a global recession have fraudsters turning up the heat. PJ Rohall of SEON Fraud Fighters shares some guidance on how to bundle up against fraud Continue Reading
-
What’s the technology talent and recruitment outlook for 2023?
Despite layoffs from technology companies demand for IT staff in 2023 is expected to be robust, but organisations may turn towards contractors and off-shoring Continue Reading
-
Security Think Tank: Poor training is worse than no training at all
Bad security training is a betrayal of users, a security risk, and ultimately a waste of money, but there are some reasons to be optimistic about the future, say Mike Gillespie and Ellie Hurst of Advent IM Continue Reading
-
Security Think Tank: In 2023, we need a new way to cultivate better habits
Regular, small adjustments to behaviour offer a better way to keep employees on track and cultivate a corporate culture of cyber awareness, writes Elastic’s Mandy Andress Continue Reading
-
Tips on improving cyber training for home workers
How better security training can help firms tackle new cyber threats facing remote workers Continue Reading
-
Three outsourcing trends to look out for in 2023
ISG's Andreas Fahr outlines three IT sourcing trends to look out for in the coming year. Continue Reading
-
The rise of fraud in pop culture is impacting consumers’ digital trust
Shows such as The Tinder Swindler and Inventing Anna were big money-earners for Netflix in 2022, but Onfido’s Mike Tuchen says their popularity risks damaging consumer trust Continue Reading
-
Europe’s cyber security strategy must be clear about open source
Europe’s cyber security policy on open source is lagging behind the US, and despite growing government awareness of the issues, that poses a problem Continue Reading
-
How does red teaming test the ultimate limits of cyber security?
An expert ethical hacker reveals how he goes about carrying out a red team exercise Continue Reading
-
Post-Brexit cyber dynamics in the UK and Europe: diverging paradigms?
The UK faces a choice in terms of its ongoing cyber security relationship with the EU – to preserve its collaboration with the EU by adopting an aligned approach or to adopt a divergent approach Continue Reading
-
Security Think Tank: 2022 brought plenty of learning opportunities in cyber
At the end of another busy 12 months, Turnkey Consulting’s Andrew Morris sums up some of the most important takeaways for cyber pros Continue Reading
-
Security Think Tank: How much digital trust can you place on zero-trust?
The events of the past couple of years have highlighted many considerations that should be taken into consideration when pursuing a zero-trust strategy, says ISACA’s Steven Sim Kok Leong Continue Reading
-
Security Think Tank: Embrace prioritisation, people, imperfections
Security and IT professionals should try to make peace with their imperfections in 2023, says Nominet CISO Paul Lewis Continue Reading
-
Security Think Tank: 2022 changed how we thought about resilience
Increasing cyber resilience is at the heart of the people-processes-technology triangle, and 2022 saw shifts in all three of these aspects, says PA Consulting’s Sharon Shochat Continue Reading
-
Security Think Tank: As cyber pros, we need to articulate our needs better
There is always a lot to learn about security, but one of the most important lessons may not relate to technology at all, says Petra Wenham Continue Reading
-
Think technology, process, human risk to manage ransomware
Effective ransomware handling boils down to three core areas – technology, process and human risk Continue Reading
-
Chartered status and aligned standards are crucial for the UK's cyber sector
As the UK moves closer to ushering in the world’s first chartered cyber professionals, the UK Cyber Security Council’s Simon Hepburn outlines the sector’s defining moment Continue Reading
-
Your staff are the frontline in your ransomware fight
As part of a solid cyber defence plan, the CISO must make sure that the frontline within the organisation is prepared for an attack, says Theodore Wiggins of Airbus Protect Continue Reading
-
Gartner: Three key tasks needed to decommission applications
A guide to slimming down a full portfolio of applications that are expensive to maintain and difficult to adapt to business needs Continue Reading
-
Security Think Tank: Ransomware defences: An extended to-do list
Strategies to extend ransomware protection beyond backups and intrusion detection must centre dark web monitoring, among other things Continue Reading
-
Security Think Tank: Let’s be transparent about ransomware
Greater transparency regarding ransomware attacks, including details about attack methods used and what kinds of assets were compromised, would likely help the community prevent future attacks Continue Reading
-
Cyber insurance: The good, the bad and the ugly
Most cyber insurance contracts are innately flawed because they exclude losses arising from state-backed cyber attacks, and this will make proper attribution even more important in the future, says Cisco Talos’ Martin Lee Continue Reading
-
Security Think Tank: To stop ransomware, preparation is the best medicine
You can’t ‘stop’ ransomware, but you can do a lot to keep yourself from becoming ensnared when it strikes Continue Reading
-
All means all when it comes to encryption
Nigel Thorpe, technical director at SecureAge, makes the case for encrypting everything all of the time when it comes to protecting data Continue Reading
-
Security Think Tank: Anti-ransomware strategies should be as easy as ABC
When developing and implementing ransomware protection strategies, the importance of paying thorough attention to security measures you might consider elementary cannot be understated Continue Reading
-
To fight ransomware, we must treat digital infrastructure as critical
Ransomware defence is failing because we don’t view our digital infrastructure in the same way as our physical infrastructure, argues Elastic’s Mandy Andress Continue Reading
-
Security Think Tank: Ransomware and CISOs’ balancing act
Ransomware has the potential to cause irreversible business damage, so CISOs should consider not only protection but also response and recovery Continue Reading
-
Security Think Tank: Know your networks, know your suppliers
To combat the ransomware scourge, we must work harder to monitor and learn from the increasingly complex threat environment, keep a closer eye on supply chains, and share our insights Continue Reading
-
How to build consumer trust with a privacy-by-design approach
Undertaken with the right mindset and technology, privacy by design delivers value to consumers and builds trust for the long term Continue Reading
-
The risk of losing our EU data adequacy agreement is real
While some may welcome the government’s ambition to shake up the UK’s data protection regime, Westminster should be wary of drifting too far from the path charted by our US and European partners Continue Reading
-
Security Think Tank: Container security: why so different?
Done well, container security can be a model for securing the enterprise, and businesses that focus their teams on solving it can help accelerate positive change in other areas Continue Reading
-
How has container security changed since 2020, and have we taken it too far?
While containers are now one of the most popular ways to deploy applications, it is fair to say that the adoption and implementation of security best practice to govern their use has not kept up Continue Reading
-
The Conservatives are laughing at cyber security pros
If causing a security breach is a resigning matter, then you shouldn’t expect to get your old job back a week later. Unless you’re a Conservative home secretary, apparently Continue Reading
-
Reducing the cyber stack with API security
Budgets are tight, making it difficult to secure spend, but is there an argument for jettisoning fragmented approaches to securing APIs in favour of a dedicated end-to-end approach? Doubling down on API security could help businesses not just reduce... Continue Reading
-
Security Think Tank: Design security in to reap container benefits
Provided container security basics are built into your development and runtime environment from the start, containerised services and applications can provide rapid – and secure – achievement of business objectives Continue Reading
-
Use site reliability engineering to address cloud instability
How do you prepare for a worst-case scenario, when the public cloud hosting critical components of your IT infrastructure fails? Continue Reading
-
Security Think Tank: Three steps to a solid DevSecOps strategy
Read about how buyers can manage third-party risk when procuring applications, how to secure the software development process, and even how to affect cultural change among developers not used to thinking cyber first Continue Reading
-
It’s time for engineering teams to own DevSecOps
It may seem counterintuitive, but maybe organisations should consider delegating responsibility for DevSecOps to engineering teams, not security teams, argues Elastic’s Mandy Andress Continue Reading
-
Security Think Tank: Adding trust to AppSec and DevSecOps
When building in trust and assurance into app development through standards, it is critically important not to stifle innovation Continue Reading
-
Security Think Tank: Creating a DevSecOps-friendly cyber strategy
When slowing down is not an option, you need to find a security strategy that is DevSecOps friendly, says Airbus Protect’s Olivier Allaire Continue Reading
-
Security Think Tank: The many dimensions of DevSecOps
It is imperative to make our colleagues and customers know that when we talk DevSecOps, we are facing a multiphase challenge that starts at the very beginning of DevOps, and one that never ends Continue Reading
-
Security Think Tank: Good procurement practices pave the way to app security
Application security is as much a question of good procurement practice as it is good development practice, says Petra Wenham of the BCS Continue Reading
-
Security Think Tank: Effective DevSecOps requires collaboration
Application security and effective DevSecOps can only be achieved through collaboration with the business – the ultimate goal is to make it safer to do business, which requires considering integrated risk management and identity and access ... Continue Reading
-
Why you should start your post-quantum encryption migration now
Some say we have the best part of a decade to prepare for the security risks that quantum computing presents to current encryption tech, but PA Consulting experts believe that timeframe is shrinking dramatically Continue Reading
-
The dangers of the UK’s illogical war on encryption
The unintended consequences of the Online Safety Bill will have a dramatic effect on our ability to communicate securely, including in Ukraine, where it is needed most Continue Reading
-
Reimagining ethical digital technology
With ever-increasing digitisation leading to greater dependence on a range of digital technologies, enterprises need to urgently look at how they can incorporate ethical and social considerations into the tech they develop Continue Reading
-
Security Think Tank: Don’t rely on insurance alone
Cyber insurance is a useful addition to the cyber protection toolbox. However, it cannot be regarded as a replacement for the controls that should be in operation, says Turnkey Consulting’s Tom Venables Continue Reading
-
Cyber insurance: An effective use of your scant security budget?
The ISF’s Paul Watts asks if cyber insurance is a must-have item, an expensive luxury, or the emperor’s new clothes Continue Reading
-
Lots to consider when buying cyber insurance, so do your homework
When considering implementing a cyber insurance policy, due diligence should be your watchword, says Paddy Francis of Airbus CyberSecurity Continue Reading
-
Security Think Tank: Cyber insurance – A nice safety blanket, but don’t count on it
In the second instalment of this month’s Security Think Tank, Mike Gillespie argues that cyber insurance should be thought of like car insurance – you don’t start driving recklessly because you’re covered Continue Reading
-
Security Think Tank: Now is the time to think about cyber insurance
Many IT leaders shy away from cyber insurance, but new, innovative developments in the market can help organisations take an approach that suits their needs Continue Reading
-
Assessment and knowledge: Your key tools to secure suppliers
There is no silver bullet that will resolve all the issues arising from today’s interconnected businesses and complex supply chains, but there are some key tools at your disposal Continue Reading
-
What will the Data Reform Bill mean for UK businesses operating in the EU?
Following the government’s response to the Data Reform Bill consultation, Peter Galdies of DQM GRC looks at what might lie ahead for UK organisations working in the European Union Continue Reading
-
Security Think Tank: Supply chain security demands systematic approach
Supply chain security measures need to be systematic and assessed so as to minimise the complexity and cost to the business Continue Reading
-
Security Think Tank: Balanced approach can detangle supply chain complexity
Achieving an appropriate balance between people, processes and technology can help to detangle the complexities of the supply chain and create better security practices Continue Reading
-
Supply chain security goes deep – forget this at your peril
It may have hit the headlines as an IT issue, but supply chain security goes far deeper into an organisation than just technology Continue Reading
-
Governance and progression of AI in the UK
Artificial intelligence and machine learning are essential to growth in the global digital economy, and the UK has ambitions to lead the way Continue Reading
-
Security Think Tank: Don’t trust the weakest link? Don’t trust any link
Your security model shouldn’t fall apart just because a part of your business, or a partner, has weak security. This is why information-centric security is a must Continue Reading
-
Government wrong to pass the buck on computer evidence reform
IT expert James Christie tells Computer Weekly why he is disappointed that the government has no plans to change the rules on the use of computer evidence in court Continue Reading
-
What does the EU’s NIS 2 cyber directive cover?
We run the rule over the European Union’s updated NIS2 security directive Continue Reading
-
The importance of making information security more accessible
Robin Smith, CSO of Aston Martin Lagonda, talks about how an accessible approach to cyber is helping him to keep the organisation secure Continue Reading
-
How cryptocurrency is bringing humanitarian value to Ukraine
Web3 technology has great significance as a form of charitable giving, and in providing permanent records for the government Continue Reading
-
Log4Shell: How friendly hackers rose to the challenge
HackerOne CISO Chris Evans looks back at how the security community successfully rose to the challenge of Log4Shell, and saved end-user organisations millions Continue Reading
-
Strong internal foundations are key to withstanding external threats
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ... Continue Reading
-
Consistency is key to mitigate outsourcing risk
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ... Continue Reading
-
Security Think Tank: Core security processes must adapt in a complex landscape
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ... Continue Reading
-
Security Think Tank: Understanding attack paths is a question of training
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ... Continue Reading
-
Security Think Tank: Yes, zero trust can help you understand attack paths
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ... Continue Reading
-
Security Think Tank: To follow a path, you need a good map
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ... Continue Reading
-
Security Think Tank: Your path to understanding attack paths
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ... Continue Reading
-
Security Think Tank: Identify, assess and monitor to understand attack paths
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ... Continue Reading
-
Security Think Tank: Defenders must get out ahead of complexity
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to better understand ... Continue Reading
-
Security Think Tank: Solving for complexity in the network
The modern-day abundance of IT platforms, apps and tools gives the bad guys ample opportunity to move rapidly through the network to hit critical assets. Security teams must understand these attack pathways better in order to fight back Continue Reading
-
Revised scope of UK security strategy reflects digitised society
The omission of the word ‘security’ from the title of the UK government’s new National Cyber Strategy is a telling one, reflecting our increasingly digitised society, say Maximillian Brook and Arunoshi Singh of the ISF Continue Reading
-
How 2022’s most significant data privacy trends affect your organisation
Data privacy and protection are now core responsibilities for most, but as we all know by now, compliance is a moving target. Here, expert Alan Calder looks ahead at what to expect in the coming months Continue Reading
-
UK Cyber Strategy a welcome injection of progress
The National Cyber Strategy should be seen as a welcome injection of both focus and investment in bettering cyber defence for everyone, says Turnkey Consulting senior consultant Louise Barber Continue Reading
-
National Cyber Strategy will enhance UK’s cyber power status
The UK punches above its weight when it comes to wielding cyber power around the world, but challenges to this status are clear. The National Cyber Strategy has a clear role to play in maintaining and enhancing this status, writes Paddy Francis of ... Continue Reading
-
How cyber security teams can conquer the four-day working week
The four-day week may be an idea whose time has come, but for always-on cyber security professionals, the impact of squeezing more work into fewer days is a tricky proposition Continue Reading
-
Achieving agility, collaboration and data control in the cloud
Organisations have historically had to make a trade-off between the proven benefits of the cloud and maintaining full control of their data, but with the right strategy it is possible to have both Continue Reading
-
National Cyber Strategy misses the mark in one important way
The National Cyber Strategy is full of fine words, says Petra Wenham, but as the old expression goes, fine words butter no parsnips, and it misses the mark in one very important way Continue Reading
-
Security Think Tank: Building the cyber workforce we need
The UK’s new National Cyber Strategy is clear in its ambitions, but to fulfil them, we must double down on appropriate skills development, says ISACA director Mike Hughes Continue Reading
-
Assessing the aims of the Government Cyber Security Strategy
The clear aims of the Government Cyber Security Strategy are welcome, but are they realistic or achievable? Continue Reading
-
The UK’s cyber security sector is thriving, but our work has only just begun
The government’s Annual Cyber Sector Report painted a positive picture of the UK security industry. CIISec’s Amanda Finch thinks we can go further in developing cyber talent and opening up the sector Continue Reading
-
Security Think Tank: Good training is all about context
In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service? Continue Reading
-
Why culture is critical for data integration
For data integration to succeed, the business needs to foster a culture of data sharing and collaboration Continue Reading
-
Five key tech trends for digital leaders in 2022
The past two years have seen a surge in investment that will bring new challenges to digital leaders over the next year Continue Reading
-
Security Think Tank: How to build a human firewall
In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service? Continue Reading
-
Security Think Tank: Focus on ‘nudging’ to build effective cyber training
In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training-as-a-service? Continue Reading
-
Security Think Tank: Cyber training is useless without staff empowerment
In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service? Continue Reading
-
Vulnerabilities to fraud are increasing across the board
As the pandemic continues to affect how we work, socialise, shop and conduct business, so it has increased opportunities for digital fraud and cyber crime. Jason Lane-Sellers explores the latest LexisNexis Risk Solutions ‘Cybercrime report’ Continue Reading
-
A trial relying on computer evidence should start with a trial of the computer evidence
Learning from the Post Office Horizon scandal - the most widespread miscarriage of justice in recent British legal history Continue Reading
-
Security Think Tank: Reframing CISO-boardroom relations
Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months Continue Reading
-
Security Think Tank: When will they ever learn?
Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months Continue Reading
-
Enabling secure remote working is once again a top priority
The pandemic has bought many new security risks, particularly around remote working. As the UK government once again urges people to work from home under its Plan B restrictions, these risks must be tackled as a priority Continue Reading
-
Security Think Tank: Get to know your personal threat landscape
Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months Continue Reading
-
Security Think Tank: There’s much more to do to secure hybrid workers
Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months Continue Reading
-
The power of AI can be unleashed with a focus on ethics
An EY survey reveals the public’s concerns around the growing use of artificial intelligence – but also the opportunities for organisations that take the right ethical approach Continue Reading
-
Security Think Tank: Good documentation could save your bacon
Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months Continue Reading
-
Security Think Tank: Think people, processes and systems
Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months Continue Reading