In Depth

In Depth

Hackers and cybercrime prevention

• How to build an effective vulnerability management programme

  As cyber criminals increasingly look to exploit vulnerabilities in software and hardware, businesses must build and implement an effective vulnerability management programme to counter this growing threat  Continue Reading

• Credential stuffing: When DDoS isn’t DDoS

  Ten years ago, credential stuffing attacks posed a comparatively minor threat, but with an escalating number of data breaches, the threat posed has now increased. What are the solutions to this very human problem?  Continue Reading

• Why securing the DNS layer is crucial to fight cyber crime

  Domain name system security is often overlooked by organisations, but focusing on this layer could actually improve the effectiveness of cyber security strategies. We explore the latest DNS trends and best practice  Continue Reading

• Top five ways backup can protect against ransomware

  Ransomware threatens to put your data beyond reach, so the best way to prepare is to have good-quality data you can restore from backup. We look at the key things to consider  Continue Reading

• Double extortion ransomware attacks and how to stop them

  As ransomware attacks increase, hackers are diversifying their tactics to get victims to hand over larger sums of money. We investigate the rise of double extortion attacks  Continue Reading

• Getting physical with datacentre security

  Whether it is natural disasters, terrorism or break-ins, datacentres will be vulnerable to a range of risks unless they are physically secured. Here’s how you can improve the physical security of your datacentre  Continue Reading

• Intelligent ways to tackle cyber attack

  Artificial intelligence-powered security tools should enable IT security teams to achieve more with less  Continue Reading

• Automating IT security

  IT security’s battle with the hacking community has always been a game of cat and mouse, but it’s becoming increasingly automated  Continue Reading

• APT groups’ mobile momentum finally faces resistance

  State-backed APT groups are increasingly targeting mobile devices as Covid-19 puts the spotlight on remote working infrastructure security. We explore how the industry is fighting back  Continue Reading

• Coronavirus: How to go back to the office safely and securely

  Security teams should be used to supporting remote workers effectively by now, but what’s going to happen when people start returning to their offices? We look at the risks and how to address them.  Continue Reading

• Malaysia’s data protection practices still have some way to go

  Some Malaysian firms are not using data protection tools to the fullest potential, while others only think about data protection after a breach  Continue Reading

• What are the security priorities for the post-coronavirus world?

  The Covid-19 pandemic is forcing massive change across the business world and things may never go back to normal. What does security look like in this new world, and what will buyers be prioritising?  Continue Reading

• Contact tracing: The privacy vs protection debate

  The Covid-19 pandemic has necessitated extreme measures not seen in peacetime for over 100 years. Contact-tracing apps are being developed as a tool for managing the pandemic, but are they a step too far?  Continue Reading

• Why security validation matters

  FireEye’s top executives in Asia-Pacific discuss the benefits of security validation and offer their take on the region’s cyber threat landscape  Continue Reading

• The AWS bucket list: Keep your cloud secure

  Misconfigured cloud installations risk billions of records being exposed, damaging organisations’ finances and reputations. Paying attention to securing AWS storage buckets is a simple matter  Continue Reading

• Coronavirus: How to implement safe and secure remote working

  Find out what CIOs and CISOs need to know to enable their end-users to work remotely and stay secure during the Covid-19 coronavirus crisis, and learn how users can help themselves  Continue Reading

• Is this Netflix-style thriller the future of security training?

  Cyber awareness specialists at KnowBe4 reckon that bringing Netflix-style production values to corporate videos heralds a new approach to security training  Continue Reading

• Inside the SOC: the nerve centre of security operations

  Security operations centres are the bedrock of any cyber defence strategy, but operating one is increasingly challenging, with mounting workloads and a shortage of skilled personnel  Continue Reading

• Six disaster recovery pitfalls and how to avoid them

  We look at some key pitfalls in disaster recovery, such as failing to plan, not testing the plan, not protecting backups, poor communication and neglecting the human element  Continue Reading

• Whisper it… but could a cyber attack be good for your career?

  All too often it’s the CISO who carries the can for an enterprise security failure, but this might not be a bad thing. There’s lots of evidence to suggest that falling victim to a cyber attack may actually enhance your CV  Continue Reading

• Can the UK government’s efforts solve the cyber skills gap?

  There has been an active effort by the UK government to tackle the lack of skills in the cyber security space – but is it enough?  Continue Reading

• What the EU’s decision on Facebook means for social media

  Recent ruling by the Court of Justice of the European Union will have global implications for social media companies and any organisations that host online content  Continue Reading

• Taking responsibility for security in the cloud

  From accidental leaks to full-on data breaches, maintaining security across cloud services is becoming a headache for enterprises. What questions should organisations be asking of their cloud service provider and, ultimately, whose responsibility is...  Continue Reading

• How to mitigate IoT security risks to tap business benefits

  Security concerns are preventing many businesses from adopting IoT-based technologies, but with a bit of planning, the business benefits can be realised by mitigating the risk  Continue Reading

• Mitigating social engineering attacks with MFA

  The growing frequency of social engineering attacks highlights the increasing need for organisations to take steps to mitigate the effects of phishing  Continue Reading

• How to bolster IAM strategies using automation

  Identity and access management processes and technologies play an important role in security strategies, but organisations and IT professionals need to ensure these strategies are robust enough to deal with new threats  Continue Reading

• Developing innovative security analytics approaches in the digital age

  With security threats growing in scale and complexity, security analytics provide a way for IT teams to stay one step ahead of cyber attackers. The challenge is to ensure this technology continues to be effective in the face of new security ...  Continue Reading

• How IT pros are building resilience against email security threats

  For most people, emails are an easy and harmless way to communicate in the workplace, but they could also be a security disaster waiting to happen  Continue Reading

• How facial recognition technology threatens basic privacy rights

  As adoption of facial recognition systems continues to grow worldwide, there is increasing concern that this technology could undermine fundamental privacy rights and how it can be kept in check  Continue Reading

• Disaster planning: How to expect the unexpected

  Focusing too much on specific disasters rather than considering an organisation’s data protection, network security and process requirements, can lead to unpredicted vulnerabilities  Continue Reading

• Vulnerability assessment done. Now what?

  Vulnerability assessment establishes the current state of an organisation’s cyber security, but to meet industry best practices, companies should go beyond that to achieve continuous improvement  Continue Reading

• Debugging bug bounty programmes

  Bug bounty programmes have recently become a popular method of vulnerability management, but poor programme management can lead to development teams becoming overwhelmed and bugs being missed  Continue Reading

• How botnets pose a threat to the IoT ecosystem

  While connected devices are transforming our personal and working lives in a multitude of ways, they are also a growing security risk – attackers are hijacking these devices and turning them into internet of things botnets  Continue Reading

• Using simulated disaster management to tackle the security skills gap

  With the increasing need for cyber security professionals, organisations are turning to new ways to address the skills gap facing the security sector  Continue Reading

• Collaborative security approaches underpin container success

  Containers are helping organisations to accelerate age-old software development approaches, but success is underpinned by a constant and team-wide attention to security  Continue Reading

• A guide to choosing cloud-based security services

  Cloud-based security services can help organisations with a growing cloud footprint to reduce cost and address the manpower crunch in cyber security  Continue Reading

• The rise of DevSecOps

  The increasing complexity of security threats facing enterprises is leading to DevSecOps approaches, which combine operations and development with security, so that all business units are involved in security operations  Continue Reading

• The future of network-connected device security

  The proliferation of poorly secured network-connected devices has prompted the UK government to publish new best practice guidelines. Do these go far enough?  Continue Reading

• IBM pushes boundaries of AI, but insists companies take an ethical approach

  Researchers at IBM are pushing the boundaries of what artificial intelligence and machine learning can do, but remain wary of the ethical implications that accompany the proliferation of this technology  Continue Reading

• Trusted nodes: The next generation in quantum key distribution

  QKD is a form of protection against interception by quantum computers, but cost and technical limitations have made the technology impractical. Could trusted nodes make all the difference?  Continue Reading

• Prepare now for quantum computers, QKD and post-quantum encryption

  The predicted processing power of quantum computers is likely to make existing encryption algorithms obsolete. Quantum key distribution (QKD) is a possible solution - we investigate whether QKD is viable  Continue Reading

• Outcomes-based security is the way forward

  Every security technology is effective for a limited time, but understanding data assets and their value to attackers is key to effective cyber defence, according to an industry veteran of 20 years’ experience  Continue Reading

• Inside DevOps, containers and enterprise security

  Global corporates are waking up to containers and orchestrated containerisation for software development that is fast and safe. Computer Weekly looks at the best approach to ensure security is not compromised along the way  Continue Reading

• An insider’s look into the dark web

  A principal research scientist at Sophos offers a glimpse into the abysses of the dark web in a bid to uncover what cyber crooks are up to  Continue Reading

• Matching disaster recovery to cyber threats

  While it is important to take steps to prevent cyber attacks, they can still happen. That is why disaster recovery practices are equally critical  Continue Reading

• An exciting time to be in cyber security innovation

  Cyber security innovation has received a £1.35m shot in the arm from the UK government with the opening of a new innovation centre in London. Computer Weekly looks at why now is a good time to be working and innovating in this industry  Continue Reading

• Cyber crime: why business should report it as soon as possible

  Cyber crime is affecting a growing number of businesses, yet few are reporting it. Computer Weekly lifts the veil on cyber crime reporting, looking at the who, what, when, where, how and why  Continue Reading

• How Australia is keeping pace with ICS threats

  Besides bridging the security gap between IT and operational technology teams, Australia is driving efforts to bolster the security of IoT devices  Continue Reading

• Application security more important than ever

  Applications have an increasingly crucial role in our lives, yet they are also a real security threat, with hackers always finding new ways to bypass security defences. Computer Weekly looks at how organisations are responding to the challenge  Continue Reading

• Cyber resilience key to securing industrial control systems

  Operators of industrial control systems can build greater cyber resilience by getting IT and operational technology teams to work more closely together and improving the visibility of their infrastructure, among other security measures  Continue Reading

• Application and device security under the spotlight

  The security of internet-connected devices and associated applications has become a significant concern, prompting suggestions legislation may be required, while the UK government’s recent Secure by Design review suggests several solutions, ...  Continue Reading

• Data protection is critical for all businesses

  Companies that misuse data or fall victim to breaches not only risk financial loss, but also reputational damage. There are many reasons good data practice is essential  Continue Reading

• Network security in the digital transformation era

  Network security has always been a core focus for CISOs and IT security managers, but in an era of digital transformation, we examine if network security strategies are keeping up with new and emerging cyber threats  Continue Reading

• Network security in the age of the internet of things

  Wireless devices and smart technologies are increasingly being brought into the workplace, and pose a growing risk to company data  Continue Reading

• Businesses need to take cryptojacking seriously

  Organisations must pay attention to cyber criminals hijacking computing resources to mine cryptocurrencies, because nearly half are affected and the impact is greater than many realise  Continue Reading

• Getting a handle on mobile security in your enterprise

  Everyone now has a mobile device at work, so how can enterprises ensure they are secure?  Continue Reading

• How AI will underpin cyber security in the next few years

  Cyber security risks are growing in complexity and volume, but artificial intelligence techniques can help businesses track and fight them in real time  Continue Reading

• Navigating ASEAN’s patchy cyber security landscape

  Cyber resilience remains low across Southeast Asia, a regional economic powerhouse that is increasingly susceptible to cyber threats as its digital economy grows  Continue Reading

• How secure are smart energy grids?

  The improved efficiency of smart grids need to be weighed against the cost of security - presenting a unique opportunity for the tech sector and a new market for security companies  Continue Reading

• Australian organisations unprepared for GDPR

  Faced with the double whammy of complying with Australia’s upcoming data breach notification requirement and Europe’s new data protection regime, Australian firms are behind where they need to be in their compliance efforts  Continue Reading

• Steal a march on cyber criminals through security by deception

  Security by obscurity, although a common and tempting practice, is generally not recommended, but security by deception offers a way for defenders to make it more difficult for attackers to succeed and easier for defenders to catch them  Continue Reading

• Content filtering a potential challenge in digital single market

  The proposed digital single market directive is intended to harmonise e-commerce and copyright throughout the European Union, but concerns have been raised over the technological impact this would have on UK industry  Continue Reading

• UK sale of surveillance equipment to Macedonia raises questions over export licence policy

  The UK approved an export licence for the sale of surveillance equipment to Macedonia – while the country was engaged in an illegal surveillance programme against its citizens. A senior minister was consulted on the decision  Continue Reading

• Where the device hits the network – a mobile device management update

  As business becomes increasingly mobile, we look at the latest trends in mobile device management to give businesses the edge  Continue Reading

• Firms look to security analytics to keep pace with cyber threats

  Traditional approaches to cyber security no longer enable organisations to keep up with cyber threats, but security analytics is an increasingly popular addition to the cyber arsenal  Continue Reading

• How to improve security against email attacks and for GDPR compliance

  About 200 billion emails are sent every day, but because of its importance email is constantly exploited by attackers, and yet is often overlooked in cyber security strategies  Continue Reading

• Staying ahead in the cyber arms race

  Darktrace’s Asia-Pacific managing director, Sanjay Aurora, offers insights on what organisations can do to reverse the odds against them in combatting cyber threats  Continue Reading

• How Wales has evolved into a hotspot for cyber security

  Wales may be a small country but, in just a few years, it has become a global hotspot for cyber security innovation  Continue Reading

• How to use threat intelligence in your business

  Threat intelligence can be very handy, but just how useful and appropriate it will be depends largely on the security maturity of an organisation  Continue Reading

• Why immutable buckets are a worthy risk management tool

  Immutable buckets offer businesses benefits in terms of data compliance, backup, archiving and security  Continue Reading

• The Macedonian surveillance scandal that brought down a government

  Macedonia has been accused of using surveillance technology for covert spying - the subsequent political protests were instrumental in the ruling party losing power after 10 years  Continue Reading

• Getting threat intelligence right

  Threat intelligence feeds provide valuable information to help identify incidents quickly, but only if they are part of an intelligence-driven security programme  Continue Reading

• Organised crime exploiting new technology

  European law enforcement is to focus on collaborating with industry around cyber crime as organised crime groups increasingly exploit new technologies, according to a regional crime threat report  Continue Reading

• Australia’s cyber security strategy bearing fruit

  The national blueprint has been a catalyst for improvements in cyber security across the country, but its long-term impact remains to be seen  Continue Reading

• How UK organisations are leaving themselves open for cyber attack

  UK organisations are leaving themselves wide open to cyber attack despite huge investments in cyber security systems, according to two former hackers now working in cyber defence  Continue Reading

• Q&A: Navigating the APAC cyber threat landscape

  LogRhythm CEO Andy Grolnick calls for more investments in cyber security technology and processes in APAC amid growing cyber threats in the region  Continue Reading

• The rise of the machines

  Artificial intelligence in various forms is not a panacea for every problem, but it can help enterprises fend off cyber attacks and get better at what they do  Continue Reading

• APAC banks warming up to big data

  Financial institutions in the APAC region fear they may be left behind if they don’t embrace big data  Continue Reading

• How information security professionals can help business understand cyber risk

  Information security is continually moving up business and board agendas, but information security professionals find it challenging to help business leaders to understand fully the cyber risks across increasingly digital businesses.  Continue Reading

• Meet IoT security challenges head-on

  Securing internet-connected devices should be a priority for IT leaders. We pinpoints the key areas that need to be targeted  Continue Reading

• The cyber threats lurking within every company

  Insider threats have been around for a long time, but it is only recently that people have begun to acknowledge the true danger they pose  Continue Reading

• Lauri Love: the student accused of hacking the US

  How did a brilliant but fragile computer science student from a rural English town end up facing life imprisonment in the US? Computer Weekly speaks to Lauri Love  Continue Reading

• European law enforcement seeking smart ways to fight cyber crime

  Cyber crime continues to increase in volume and sophistication, but European law enforcement is fighting back, using collaboration and industry partnerships to compensate for a lack of resources  Continue Reading

• Cost-effective managed IPS for small businesses

  Small businesses typically struggle to afford cyber intrusion prevention systems, but the introduction of a service tailored for this market could change that  Continue Reading

• The problem of passwords and how to deal with it

  Security experts have long recognised passwords as inadequate, but finally technology is offering some viable alternative authentication methods that businesses can explore to keep their data safe  Continue Reading

• Europe fires starting gun for dash to GDPR compliance

  A last dash for compliance with the general data protection regulation (GDPR) has begun across Europe and, despite the two-year warning, some organisations will fall short and for UK firms Brexit is no excuse  Continue Reading

• CW@50: Fertile British breeding grounds for information security innovation

  Computer Weekly is marking its 50th anniversary this year with a series of articles celebrating 50 years of British technology innovation. In this article, we look at the evolution of information security threats and some of the British innovation ...  Continue Reading

• Hunters: a rare but essential breed of enterprise cyber defenders

  They wait, they watch, they search the outer reaches of networks and the darkest corners of the web, setting traps, crafting tools, collecting evidence and going in pursuit: they are the hunters  Continue Reading

• DDoS attack threat cannot be ignored

  Criminal activity has become the top motivation for distributed denial of service attacks as the average attack become strong enough to down most businesses – so taking no action is not an option  Continue Reading

• Don’t leave yourself vulnerable to insider attack

  Recent research has highlighted key weaknesses that leave organisations vulnerable to insider cyber security threats  Continue Reading

• What the EU’s cyber security bill means for UK industry

  Coming European legislation on network and information security could have cost and organisational implications for a range of UK companies  Continue Reading

• Interview: James Bamford on surveillance, Snowden and technology companies

  Investigative journalist and documentary maker James Bamford was among the first to uncover the secrets of the US National Security Agency and its global surveillance  Continue Reading

• How to deal with the aftermath of a data breach

  Considering that a data breach could happen to any company, at any time, a plan of action is the best tactic  Continue Reading

• The next stage in quantum key distribution

  Authentication schemes based on quantum physics are emerging to address the growing number of ways to compromise data traffic  Continue Reading

• UK immigration rules fly in the face of cyber security skills shortage

  Despite the UK’s shortage of cyber security skills, recent changes to immigration rules make it no less difficult to hire skilled workers from outside the European Union  Continue Reading

• How to avoid being caught out by ransomware

  Businesses are still getting caught by ransomware, despite the fact that there are fairly straightforward methods to avoid it  Continue Reading

• What the Investigatory Powers Bill means for the telecommunications industry

  The draft Investigatory Powers Bill could have major implications for telecommunication companies operating in the UK  Continue Reading

• The true cost of a cyber security breach in Australia

  The costs of cyber security breaches can quickly add up with fines, reputational damage and overhauls to network security all hitting the coffers. The case of one Australian firm shows why paying a ransom to a hacker might be tempting.  Continue Reading

• The security dangers of home networks

  Most companies take reasonable steps to protect their networks from virus attacks, but one area of vulnerability that is often overlooked is infection from employees’ home networks  Continue Reading

• How to ensure strong passwords and better authentication

  Five steps to ensure stronger passwords and better authentication to reduce the threat of business data theft  Continue Reading