In Depth

In Depth

IT risk management

• What to look for when taking out a cyber insurance policy

  We look at the steps organisations need to take when buying cyber insurance  Continue Reading

• Cyber insurance: Tips for keeping the right level of cover

  Transferring risk to an insurer doesn’t mean you are risk-free – so what is not included in your cyber insurance cover?  Continue Reading

• Cyber insurance: What does a CISO need to know?

  We look at how the market for cyber insurance is evolving and how IT security chiefs can avoid buying the wrong level of cover  Continue Reading

• The cyber security impact of Operation Russia by Anonymous

  The campaign against the Russian government by Anonymous surprised many with the depth and scale of the cyber attacks. What can we learn from this online war?  Continue Reading

• Secure everything, not just the weakest link

  The rise in cyber attacks on supply chains has expanded the role of IT security chiefs and the complexity of keeping organisations secure  Continue Reading

• What the world can learn from Saudi Arabia’s fight against industrial control system attacks

  Iran learned from attacks on its infrastructure and unleashed similar malware on Saudi Arabia. The world has now gained valuable lessons from the Saudi response  Continue Reading

• Challenges of securing a software supply chain

  The US president has issued an executive order to improve cyber security, which has ramifications across the software development supply chain  Continue Reading

• What the EU’s content-filtering rules could mean for UK tech

  EU proposals to clamp down on child sexual abuse material will have a material impact on the UK’s technology sector  Continue Reading

• IT departments need holistic circular economies to fight climate change

  With sustainability moving up the boardroom agenda, IT managers should revamp procurement strategies to align with the principles of the circular economy, but what does this mean for managing the IT lifecycle?  Continue Reading

• Attack of the clones: the rise of identity theft on social media

  The proliferation of social media has resulted in the rise of identity theft on these platforms, with accounts copied for fraudulent or malicious purposes. What can be done to mitigate it?  Continue Reading

• How to retain cyber talent in the Great Resignation

  The cyber security industry is experiencing alarming rates of resignations, leaving organisations vulnerable to cyber attacks. How can we better retain cyber talent?  Continue Reading

• Recruitment risks: Avoiding the dangers of fraudulent candidates

  Tech companies are seeing an increase in fraudulent job applications, with associated impacts on risk and cyber security. So how can organisations protect themselves from fraudulent applicants while ensuring they recruit the best talent?  Continue Reading

• How APAC organisations can mitigate edge security threats

  The move to the edge expands an organisation’s attack surface. Here are some measures that organisations can take to minimise their edge security risks  Continue Reading

• Define RPO and RTO tiers for storage and data protection strategy

  We look at RPO and RTO in defining data protection and disaster recovery strategies and how to specify tiers that reflect the importance of different systems in your organisation  Continue Reading

• It takes a village: Protecting kids online is everyone’s responsibility

  The rapid uptake of smartphones among children has contributed to the increasing number of cases of cyber bullying and online grooming. Is this an educational issue or a cultural problem, and can modern enterprise help?  Continue Reading

• What neurodivergent people really think of working in cyber security

  Many firms are filling cyber security skills gaps by hiring neurodivergent talent – but more support is needed for neurodivergent cyber security professionals, writes autistic tech journalist Nicholas Fearn  Continue Reading

• Navigating PIPL: European businesses plot their next steps into China

  How does China’s strict new Personal Information Protection Law impact European businesses?  Continue Reading

• Cloud-era disaster recovery planning: Assessing risk and business impact

  In the first in a series on cloud-era disaster recovery, we provide a step-by-step guide to building firm foundations for the disaster recovery plan, with risk assessment and business impact analysis  Continue Reading

• Is the IT sector beset by fear-mongering?

  The arms race between hackers and security teams has led to a plethora of new technologies, but it can be hard to differentiate between sensible cyber purchases and those that are promoted by exaggerating risk  Continue Reading

• Digital surveillance of remote workers may increase enterprise risk

  From productivity tools to security threats, we explore how digital surveillance is forcing remote workers towards shadow IT  Continue Reading

• How to manage endpoint security in a hybrid work environment

  The future of the workplace is clearly hybrid, but this has untold implications around endpoint security. How can businesses overcome these?  Continue Reading

• Immutable snapshots aim to neutralise ransomware

  Snapshots – usually immutable anyway – get functionality to stop ransomware intruders moving or deleting snapshots, so customers know they have clean copies of data to restore from  Continue Reading

• Online Safety Bill puts user protection onus on platform providers

  The Online Safety Bill will place new duties and responsibilities on online platforms accessible from the UK, but as it currently stands, it contains several grey areas  Continue Reading

• Back on the office network: What are the risks for mobile users?

  Many people are returning to offices and bringing their mobile devices with them. What are the cyber security implications of this?  Continue Reading

• Bridging the gender gap in cyber security

  Some professional groups and companies in Asia are working hard to improve awareness of the cyber security profession and mentoring talented women in a bid to bridge the gender gap  Continue Reading

• How do SOAR and SIEM services fare in a rapidly changing cyber threat landscape?

  Given that cyber risks are rapidly growing in sophistication and number, we look at whether SIEM and SOAR security tools are still effective  Continue Reading

• Making a mark in cyber security

  Claudean Zheng’s knack for hacking landed her a career in cyber security, one that has been dotted by stints in both public and private sectors  Continue Reading

• Considerations when deciding on a new SIEM or SOAR tool

  A successful deployment of any security tool very much depends on the maturity of security processes in the organisation  Continue Reading

• When is SIEM the right choice over SOAR?

  Better instrumentation leads to better IT security but monitoring can quickly overload IT teams. Automation can help, but it may not always be needed  Continue Reading

• Five ways to ensure remote working security and compliance

  A mix of on-site and remote working has become a fact of life for many organisations. We look at five key things you should consider to ensure compliance and security  Continue Reading

• Best practices for secure printing

  The reality of a paperless office remains some way off, so printers are here to stay for a while. But their increasingly connected status means securing them should be a priority  Continue Reading

• How the pandemic changed backup

  The Covid-19 pandemic forced big changes in how people work – we look at impacts on backup, including increased reliance on the cloud, plus security and compliance vulnerabilities and ransomware  Continue Reading

• The rise and rise of supply chain attacks

  Supply chain attacks in Asia-Pacific and elsewhere have intensified as cyber threat actors look to exploit the weakest links in business and digital supply chains  Continue Reading

• What the Telecommunications (Security) Bill means for UK industry

  The Telecommunications (Security) Bill is intended to reinforce the security of the UK telecommunications infrastructure, but what are the implications for industry?  Continue Reading

• How do I get my users to pay attention to security training?

  As cyber security risks grow daily, businesses must educate staff about these through cyber awareness training. But how can they ensure this is taken seriously by employees?  Continue Reading

• How GCHQ proposes to implement and use ethical AI

  The rise of cyber crime and the escalating threat vectors facing the UK have led GCHQ to invest in automated threat detection and response systems to meet this challenge, as well as liaising with the private sector for the first time  Continue Reading

• Ecolabels and data sanitisation key to recycling and reusing IT assets

  Ecolabels on hardware and data sanitisation of devices are key to recycling and reusing old IT equipment respectively, helping enterprises avoid unnecessary asset destruction and contributing to increasingly high levels of electronic waste globally  Continue Reading

• Backup appliances the hot topic for Pas-de-Calais fire brigade

  With requirements for strict, long-duration backup and archiving, French fire brigade set out to replace optical media with a StorageCraft appliance and disaster-proof storage  Continue Reading

• How to choose the right email security service for your organisation

  With email security threats growing rapidly, businesses can quickly identify and block these by using a top email security service. Here’s how to select the right provider  Continue Reading

• Anti-money laundering technology must operate in a collaborative ecosystem

  With new technologies making it easier for banks to spot money laundering activity, we look at why the problem persists at scale, finding that ecosystems and collaborative processes need to be built  Continue Reading

• Does email security need a human solution or a tech solution?

  People spend a lot of time using email systems, but many do not realise that this makes them attractive targets for cyber criminals. With education and technology, businesses can tackle this problem head-on  Continue Reading

• Dealing with the challenge of beg bounties

  The rise of so-called beg bounties is becoming a challenge for security teams, and can be a drain on time and resources. But what is a beg bounty, and how does it differ from a bug bounty?  Continue Reading

• Is it time to ban ransomware insurance payments?

  The former head of the NCSC recently called for a dialogue over whether or not it is time to ban insurers from covering ransomware payments. Is he on the right track?  Continue Reading

• How can healthcare organisations fight increased cyber crime in 2021?

  As the Covid-19 pandemic enters what may be its most dangerous phase, we explore how healthcare organisations can ward off cyber threats while preserving their ability to deliver critical care  Continue Reading

• Picking the right IAM tools is based on more than today’s needs

  With remote working now normal, it is important to take proactive steps in managing credentials across platforms that can be subject to multiple data protection regulations. IAM services can streamline this process, but care must be taken to ensure ...  Continue Reading

• The nation state threat to business

  The SolarWinds hack shows the widespread damage possible from a nation state cyber attack. What is the threat to business and how can it be mitigated?  Continue Reading

• Security Long Reads: Cyber insiders reveal what’s to come in 2021

  In this long read, we gather together the thoughts of cyber security insiders from across the industry to get their take on what will happen in 2021  Continue Reading

• Patching: Balancing technical requirements with business considerations

  With an increasing reliance on subscription models alongside the regular patching of software, updates have become an essential part of modern business practices. However, care needs to be taken to ensure the optimum patching process is implemented  Continue Reading

• Post-pandemic approaches to IAM for cloud security

  Cloud technology may have saved businesses from catastrophe during the pandemic, but it has also introduced additional challenges around identity and access management. Here’s why IAM policies are crucial in the new normal  Continue Reading

• This Christmas, Covid-19 heightens retail security risks for everyone

  Do you think it’s only retailers and consumers who need to consider cyber security when shopping online during the holidays? You’re dead wrong. This year, the Covid-19 pandemic and the shift to remote working has thrown a spanner in the works  Continue Reading

• How to build an effective vulnerability management programme

  As cyber criminals increasingly look to exploit vulnerabilities in software and hardware, businesses must build and implement an effective vulnerability management programme to counter this growing threat  Continue Reading

• DDoS mitigation strategies needed to maintain availability during pandemic

  The growing prevalence of DDoS attacks combined with the increased reliance on internet connectivity during the pandemic means enterprises can no longer afford to ignore the threat of DDoS attacks. Computer Weekly explores organisations’ perceptions...  Continue Reading

• Why securing the DNS layer is crucial to fight cyber crime

  Domain name system security is often overlooked by organisations, but focusing on this layer could actually improve the effectiveness of cyber security strategies. We explore the latest DNS trends and best practice  Continue Reading

• Double extortion ransomware attacks and how to stop them

  As ransomware attacks increase, hackers are diversifying their tactics to get victims to hand over larger sums of money. We investigate the rise of double extortion attacks  Continue Reading

• Getting physical with datacentre security

  Whether it is natural disasters, terrorism or break-ins, datacentres will be vulnerable to a range of risks unless they are physically secured. Here’s how you can improve the physical security of your datacentre  Continue Reading

• How to achieve resilience – the modern uptime trinity

  IT leaders can take responsibility for ensuring their organisations are resilient during times of crisis. There are no quick fixes, but if you think it is expensive to ensure resilience in your IT systems, try frequent failure instead  Continue Reading

• Intelligent ways to tackle cyber attack

  Artificial intelligence-powered security tools should enable IT security teams to achieve more with less  Continue Reading

• Black Lives Matter, but do bots know that?

  The volume of content generated each day necessitates automated moderation to curate everything as it is published, ensuring offensive and objectionable material is blocked. But this only works if systems are adequately configured and reviewed  Continue Reading

• APT groups’ mobile momentum finally faces resistance

  State-backed APT groups are increasingly targeting mobile devices as Covid-19 puts the spotlight on remote working infrastructure security. We explore how the industry is fighting back  Continue Reading

• How to apply zero-trust models to container security

  Containers have become a common fixture in software development, but they have resulted in new concerns for security teams. Is zero-trust the answer to tackling them?  Continue Reading

• Coronavirus: How to go back to the office safely and securely

  Security teams should be used to supporting remote workers effectively by now, but what’s going to happen when people start returning to their offices? We look at the risks and how to address them.  Continue Reading

• GDPR at two: How far we’ve come, how far we still have to go

  Marking two years of the General Data Protection Regulation, industry voices weigh in on the state of data protection and privacy, consider what has changed, and what still needs to change  Continue Reading

• Malaysia’s data protection practices still have some way to go

  Some Malaysian firms are not using data protection tools to the fullest potential, while others only think about data protection after a breach  Continue Reading

• What are the security priorities for the post-coronavirus world?

  The Covid-19 pandemic is forcing massive change across the business world and things may never go back to normal. What does security look like in this new world, and what will buyers be prioritising?  Continue Reading

• Contact tracing: The privacy vs protection debate

  The Covid-19 pandemic has necessitated extreme measures not seen in peacetime for over 100 years. Contact-tracing apps are being developed as a tool for managing the pandemic, but are they a step too far?  Continue Reading

• A carrot-and-stick approach to fixing cyber security complacency

  With a majority of IT decision-makers holding the opinion that their employers are complacent when it comes to data protection, we look at what needs to be fixed, and how to fix it  Continue Reading

• How APAC firms are coping with the Covid-19 outbreak

  The air of change looms large in companies operating in the Asia-Pacific region, with some doing better than others in keeping the lights on amid the coronavirus pandemic  Continue Reading

• Malaysia’s business continuity planning readiness a mixed bag

  Larger Malaysian enterprises have BCP in place, but SMEs lag behind and will find it harder to weather the Covid-19 storm  Continue Reading

• Why security validation matters

  FireEye’s top executives in Asia-Pacific discuss the benefits of security validation and offer their take on the region’s cyber threat landscape  Continue Reading

• The AWS bucket list: Keep your cloud secure

  Misconfigured cloud installations risk billions of records being exposed, damaging organisations’ finances and reputations. Paying attention to securing AWS storage buckets is a simple matter  Continue Reading

• Coronavirus: How to implement safe and secure remote working

  Find out what CIOs and CISOs need to know to enable their end-users to work remotely and stay secure during the Covid-19 coronavirus crisis, and learn how users can help themselves  Continue Reading

• Is this Netflix-style thriller the future of security training?

  Cyber awareness specialists at KnowBe4 reckon that bringing Netflix-style production values to corporate videos heralds a new approach to security training  Continue Reading

• Inside the SOC: the nerve centre of security operations

  Security operations centres are the bedrock of any cyber defence strategy, but operating one is increasingly challenging, with mounting workloads and a shortage of skilled personnel  Continue Reading

• Choosing the right disaster recovery for your business

  We look at the various options available when implementing disaster recovery, and how much they’re worth  Continue Reading

• DRaaS decisions: Key choices in disaster recovery as a service

  We examine the key decisions when considering DRaaS. Whether to go full self-service, assisted or managed will depend on what you need to protect and your in-house resources  Continue Reading

• Whisper it… but could a cyber attack be good for your career?

  All too often it’s the CISO who carries the can for an enterprise security failure, but this might not be a bad thing. There’s lots of evidence to suggest that falling victim to a cyber attack may actually enhance your CV  Continue Reading

• Human factors are critical to securing digital transformation

  Sourcing the latest cyber security technology to support digital transformation projects is all well and good, but it’s meaningless if you fail to address your organisational culture and the people within it  Continue Reading

• Get ready for CCPA: Implications for UK businesses

  The California Consumer Privacy Act, a wide-ranging data privacy and consumer protection law, comes into effect on 1 January 2020. How does CCPA differ from the EU GDPR regulations and what are the responsibilities for UK businesses operating in the...  Continue Reading

• Taking responsibility for security in the cloud

  From accidental leaks to full-on data breaches, maintaining security across cloud services is becoming a headache for enterprises. What questions should organisations be asking of their cloud service provider and, ultimately, whose responsibility is...  Continue Reading

• Making the case for integrated risk management

  Security experts discuss how an integrated approach to risk and governance can be effectively managed  Continue Reading

• Security puzzle calls for some joined-up thinking

  The age of digitisation brings new risks to organisations, so security needs to be more integrated  Continue Reading

• Data management strategies are evolving – so must enterprises

  A growing number of data-driven initiatives, alongside heightened demand for security in governance, data management and compliance, has led to the rise of a more holistic approach – integrated risk management  Continue Reading

• Inside blockchain and its various applications

  We explore the technology around blockchain shaping how businesses use data  Continue Reading

• How to mitigate IoT security risks to tap business benefits

  Security concerns are preventing many businesses from adopting IoT-based technologies, but with a bit of planning, the business benefits can be realised by mitigating the risk  Continue Reading

• Mitigating social engineering attacks with MFA

  The growing frequency of social engineering attacks highlights the increasing need for organisations to take steps to mitigate the effects of phishing  Continue Reading

• How to bolster IAM strategies using automation

  Identity and access management processes and technologies play an important role in security strategies, but organisations and IT professionals need to ensure these strategies are robust enough to deal with new threats  Continue Reading

• Enhancing business purpose with privacy compliance

  Computer Weekly looks at the importance of building on basic GDPR compliance and making privacy a key foundation of business culture  Continue Reading

• Developing innovative security analytics approaches in the digital age

  With security threats growing in scale and complexity, security analytics provide a way for IT teams to stay one step ahead of cyber attackers. The challenge is to ensure this technology continues to be effective in the face of new security ...  Continue Reading

• Think beyond tick-box compliance

  A year on since GDPR, many organisations are yet to stop fretting over fines and focus instead on business value  Continue Reading

• How IT pros are building resilience against email security threats

  For most people, emails are an easy and harmless way to communicate in the workplace, but they could also be a security disaster waiting to happen  Continue Reading

• APAC IoT adoption improves amid challenges

  More enterprises across the region are using the internet of things to track fleet vehicles and improve operations, but technology integration and security concerns are still holding back widespread adoption  Continue Reading

• Facebook’s privacy game – how Zuckerberg backtracked on promises to protect personal data

  Facebook promised its users privacy then quietly abandoned its promises in pursuit of profits. Now it faces antitrust regulation  Continue Reading

• How to get the basics of mobile device management right the first time

  When adopting mobile device management, there are often fears around implementation and whether or not the strategy is even required  Continue Reading

• How facial recognition technology threatens basic privacy rights

  As adoption of facial recognition systems continues to grow worldwide, there is increasing concern that this technology could undermine fundamental privacy rights and how it can be kept in check  Continue Reading

• Disaster planning: How to expect the unexpected

  Focusing too much on specific disasters rather than considering an organisation’s data protection, network security and process requirements, can lead to unpredicted vulnerabilities  Continue Reading

• Data governance: The importance of getting it right

  With ever-increasing storage capacity, organisations are needing to take more control of their file management systems with thorough data governance policies. Otherwise, they run the risk of project data being exposed  Continue Reading

• Vulnerability assessment done. Now what?

  Vulnerability assessment establishes the current state of an organisation’s cyber security, but to meet industry best practices, companies should go beyond that to achieve continuous improvement  Continue Reading

• Debugging bug bounty programmes

  Bug bounty programmes have recently become a popular method of vulnerability management, but poor programme management can lead to development teams becoming overwhelmed and bugs being missed  Continue Reading

• Protecting your digital assets: Why it pays to invest in cyber insurance

  Cyber insurance offers financial protection against the worst happening to a company’s data and digital assets, and is something few businesses can afford to be without  Continue Reading

• How botnets pose a threat to the IoT ecosystem

  While connected devices are transforming our personal and working lives in a multitude of ways, they are also a growing security risk – attackers are hijacking these devices and turning them into internet of things botnets  Continue Reading