In Depth
In Depth
Security policy and user awareness
-
Picking the right IAM tools is based on more than today’s needs
With remote working now normal, it is important to take proactive steps in managing credentials across platforms that can be subject to multiple data protection regulations. IAM services can streamline this process, but care must be taken to ensure ... Continue Reading
-
The nation state threat to business
The SolarWinds hack shows the widespread damage possible from a nation state cyber attack. What is the threat to business and how can it be mitigated? Continue Reading
-
Security Long Reads: Cyber insiders reveal what’s to come in 2021
In this long read, we gather together the thoughts of cyber security insiders from across the industry to get their take on what will happen in 2021 Continue Reading
-
Patching: Balancing technical requirements with business considerations
With an increasing reliance on subscription models alongside the regular patching of software, updates have become an essential part of modern business practices. However, care needs to be taken to ensure the optimum patching process is implemented Continue Reading
-
Post-pandemic approaches to IAM for cloud security
Cloud technology may have saved businesses from catastrophe during the pandemic, but it has also introduced additional challenges around identity and access management. Here’s why IAM policies are crucial in the new normal Continue Reading
-
This Christmas, Covid-19 heightens retail security risks for everyone
Do you think it’s only retailers and consumers who need to consider cyber security when shopping online during the holidays? You’re dead wrong. This year, the Covid-19 pandemic and the shift to remote working has thrown a spanner in the works Continue Reading
-
How to build an effective vulnerability management programme
As cyber criminals increasingly look to exploit vulnerabilities in software and hardware, businesses must build and implement an effective vulnerability management programme to counter this growing threat Continue Reading
-
Credential stuffing: When DDoS isn’t DDoS
Ten years ago, credential stuffing attacks posed a comparatively minor threat, but with an escalating number of data breaches, the threat posed has now increased. What are the solutions to this very human problem? Continue Reading
-
Why securing the DNS layer is crucial to fight cyber crime
Domain name system security is often overlooked by organisations, but focusing on this layer could actually improve the effectiveness of cyber security strategies. We explore the latest DNS trends and best practice Continue Reading
-
Double extortion ransomware attacks and how to stop them
As ransomware attacks increase, hackers are diversifying their tactics to get victims to hand over larger sums of money. We investigate the rise of double extortion attacks Continue Reading
-
Getting physical with datacentre security
Whether it is natural disasters, terrorism or break-ins, datacentres will be vulnerable to a range of risks unless they are physically secured. Here’s how you can improve the physical security of your datacentre Continue Reading
-
APT groups’ mobile momentum finally faces resistance
State-backed APT groups are increasingly targeting mobile devices as Covid-19 puts the spotlight on remote working infrastructure security. We explore how the industry is fighting back Continue Reading
-
How to apply zero-trust models to container security
Containers have become a common fixture in software development, but they have resulted in new concerns for security teams. Is zero-trust the answer to tackling them? Continue Reading
-
Coronavirus: How to go back to the office safely and securely
Security teams should be used to supporting remote workers effectively by now, but what’s going to happen when people start returning to their offices? We look at the risks and how to address them. Continue Reading
-
GDPR at two: How far we’ve come, how far we still have to go
Marking two years of the General Data Protection Regulation, industry voices weigh in on the state of data protection and privacy, consider what has changed, and what still needs to change Continue Reading
-
What are the security priorities for the post-coronavirus world?
The Covid-19 pandemic is forcing massive change across the business world and things may never go back to normal. What does security look like in this new world, and what will buyers be prioritising? Continue Reading
-
Contact tracing: The privacy vs protection debate
The Covid-19 pandemic has necessitated extreme measures not seen in peacetime for over 100 years. Contact-tracing apps are being developed as a tool for managing the pandemic, but are they a step too far? Continue Reading
-
A carrot-and-stick approach to fixing cyber security complacency
With a majority of IT decision-makers holding the opinion that their employers are complacent when it comes to data protection, we look at what needs to be fixed, and how to fix it Continue Reading
-
Why security validation matters
FireEye’s top executives in Asia-Pacific discuss the benefits of security validation and offer their take on the region’s cyber threat landscape Continue Reading
-
The AWS bucket list: Keep your cloud secure
Misconfigured cloud installations risk billions of records being exposed, damaging organisations’ finances and reputations. Paying attention to securing AWS storage buckets is a simple matter Continue Reading
-
Coronavirus: How to implement safe and secure remote working
Find out what CIOs and CISOs need to know to enable their end-users to work remotely and stay secure during the Covid-19 coronavirus crisis, and learn how users can help themselves Continue Reading
-
Is this Netflix-style thriller the future of security training?
Cyber awareness specialists at KnowBe4 reckon that bringing Netflix-style production values to corporate videos heralds a new approach to security training Continue Reading
-
Startup uses machine learning to support GDPR’s right to be forgotten
Non-intrusive algorithms enable users to track which companies hold their data, so they can take it back Continue Reading
-
Whisper it… but could a cyber attack be good for your career?
All too often it’s the CISO who carries the can for an enterprise security failure, but this might not be a bad thing. There’s lots of evidence to suggest that falling victim to a cyber attack may actually enhance your CV Continue Reading
-
Human factors are critical to securing digital transformation
Sourcing the latest cyber security technology to support digital transformation projects is all well and good, but it’s meaningless if you fail to address your organisational culture and the people within it Continue Reading
-
Get ready for CCPA: Implications for UK businesses
The California Consumer Privacy Act, a wide-ranging data privacy and consumer protection law, comes into effect on 1 January 2020. How does CCPA differ from the EU GDPR regulations and what are the responsibilities for UK businesses operating in the... Continue Reading
-
Taking responsibility for security in the cloud
From accidental leaks to full-on data breaches, maintaining security across cloud services is becoming a headache for enterprises. What questions should organisations be asking of their cloud service provider and, ultimately, whose responsibility is... Continue Reading
-
Security puzzle calls for some joined-up thinking
The age of digitisation brings new risks to organisations, so security needs to be more integrated Continue Reading
-
McAfee’s push for secure cloud adoption
Organisations must do more to secure their cloud environments as malicious actors increasingly focus their attention on exploiting cloud vulnerabilities, says McAfee Continue Reading
-
Data management strategies are evolving – so must enterprises
A growing number of data-driven initiatives, alongside heightened demand for security in governance, data management and compliance, has led to the rise of a more holistic approach – integrated risk management Continue Reading
-
Mitigating social engineering attacks with MFA
The growing frequency of social engineering attacks highlights the increasing need for organisations to take steps to mitigate the effects of phishing Continue Reading
-
How IT pros are building resilience against email security threats
For most people, emails are an easy and harmless way to communicate in the workplace, but they could also be a security disaster waiting to happen Continue Reading
-
Facebook’s privacy game – how Zuckerberg backtracked on promises to protect personal data
Facebook promised its users privacy then quietly abandoned its promises in pursuit of profits. Now it faces antitrust regulation Continue Reading
-
A guide to choosing cloud-based security services
Cloud-based security services can help organisations with a growing cloud footprint to reduce cost and address the manpower crunch in cyber security Continue Reading
-
The rise of DevSecOps
The increasing complexity of security threats facing enterprises is leading to DevSecOps approaches, which combine operations and development with security, so that all business units are involved in security operations Continue Reading
-
The future of network-connected device security
The proliferation of poorly secured network-connected devices has prompted the UK government to publish new best practice guidelines. Do these go far enough? Continue Reading
-
Securing the SD-WAN: The next network challenge
Every time an enterprise weighs up whether or not to try SD-WAN, security is an essential part of the picture Continue Reading
-
Getting a handle on mobile security in your enterprise
Everyone now has a mobile device at work, so how can enterprises ensure they are secure? Continue Reading
-
Why GDPR is great for SMEs
SME laggards facing potential fines for non-compliance should wake up and smell the tasty carrot of a leaner, smarter business post-GDPR Continue Reading
-
Getting threat intelligence right
Threat intelligence feeds provide valuable information to help identify incidents quickly, but only if they are part of an intelligence-driven security programme Continue Reading
-
Australia’s cyber security strategy bearing fruit
The national blueprint has been a catalyst for improvements in cyber security across the country, but its long-term impact remains to be seen Continue Reading
-
Cloud, AI and security driving network monitoring industry
We explore the latest developments and trends in enterprise network monitoring and management Continue Reading
-
What it takes for Singapore’s digital ID system to succeed
Strong data protection measures and private sector collaboration will be instrumental to the success of Singapore’s upcoming national digital identification system Continue Reading
-
How UK organisations are leaving themselves open for cyber attack
UK organisations are leaving themselves wide open to cyber attack despite huge investments in cyber security systems, according to two former hackers now working in cyber defence Continue Reading
-
Q&A: Navigating the APAC cyber threat landscape
LogRhythm CEO Andy Grolnick calls for more investments in cyber security technology and processes in APAC amid growing cyber threats in the region Continue Reading
-
The cyber threats lurking within every company
Insider threats have been around for a long time, but it is only recently that people have begun to acknowledge the true danger they pose Continue Reading
-
Juggling a diverse user infrastructure
CISOs are facing an increasingly fluid workplace and control of modern IT systems needs to reflect this dynamism Continue Reading
-
Don’t leave yourself vulnerable to insider attack
Recent research has highlighted key weaknesses that leave organisations vulnerable to insider cyber security threats Continue Reading
-
Interview: James Bamford on surveillance, Snowden and technology companies
Investigative journalist and documentary maker James Bamford was among the first to uncover the secrets of the US National Security Agency and its global surveillance Continue Reading
-
The true cost of a cyber security breach in Australia
The costs of cyber security breaches can quickly add up with fines, reputational damage and overhauls to network security all hitting the coffers. The case of one Australian firm shows why paying a ransom to a hacker might be tempting. Continue Reading
-
The security dangers of home networks
Most companies take reasonable steps to protect their networks from virus attacks, but one area of vulnerability that is often overlooked is infection from employees’ home networks Continue Reading
-
How to ensure strong passwords and better authentication
Five steps to ensure stronger passwords and better authentication to reduce the threat of business data theft Continue Reading
-
Mobile security -- what works and what doesn't?
Experts told the CW500 Security Club how mobility brings new challenges to security departments and an opportunity to go beyond building walls around the enterprise Continue Reading
-
Asean organizations braced for cyber attack
As an emerging economic power bloc, Asean is bracing itself for an influx of cyber crimes as hackers look for lucrative targets Continue Reading
-
Australian businesses under cyber attack
What are the cyber security risks facing businesses in Australia and New Zealand and how are organisations addressing them? Continue Reading
-
Keeping European datacentres safe from cyber attacks
European datacentre operators must take a proactive approach to preventing cyber attacks as hackers increasingly target their facilities Continue Reading
-
Death, taxes and data security audits
According to Benjamin Franklin, nothing can be said to be certain, except death and taxes. In the business world, audits could easily be added to this list Continue Reading
-
Anatomy of a cyber attack – the risks facing small businesses
A small business owner tells the story of how a cyber attacker nearly brought down her firm, and the expert who helped her highlights the lessons learned Continue Reading
-
How to reduce the risk of social engineering attacks
Implement simple checks to reduce the risk of the main types of social engineering attacks Continue Reading
-
Top tips for remote and mobile workers to improve their cyber security
Steps remote and mobile workers can take to improve cyber security on mobile devices, using public Wi-Fi and computers, and handling USB devices Continue Reading
-
Bill Binney, the ‘original’ NSA whistleblower, on Snowden, 9/11 and illegal surveillance
Always a patriot: Computer Weekly talks to Bill Binney, the senior NSA official who blew the whistle before Edward Snowden Continue Reading
-
How to secure the SDN infrastructure
As more enterprises look to deploy software-defined networking, the need for security from the ground up should not be underestimated Continue Reading
-
Companies must act quickly to tackle cyber crime
With cyber attacks becoming more sophisticated and widespread, companies must take stronger measures to prevent and tackle them Continue Reading
-
Companies must act quickly to combat cyber crime
With cyber attacks becoming more sophisticated and widespread, companies must take stronger measures to prevent and tackle them Continue Reading
-
Interview: Fujitsu CTO Joseph Reger on human-centric innovation
Joseph Reger, Fujitsu's EMEIA CTO, discusses human-centric innovation and the need for responsible attitudes to technology Continue Reading
-
Companies driving growth of cloud
Companies and organisations are increasingly adopting cloud services for more secure and efficient device management Continue Reading
-
BYOD security is no longer optional
Attacks on data through mobile devices mean organisations can no longer consider mobile and BYOD security optional. Continue Reading
-
CW 500 Security Club: Securing the end point: a key challenge for business
With multitudes of devices connecting businesses and their customers to interlinking systems, securing the end point has never been more vital Continue Reading
-
Businesses are beginning to adopt context-based security
It is more than 10 years since context-aware security was proposed. We look at how the technology has evolved. Continue Reading
-
Hacktivism: good or evil?
IT lawyer Dai Davis looks at the rise of hacktivism and its impact on business and international politics Continue Reading
-
How NSA spying disclosures influence security strategies
How have whistleblower Edward Snowden’s exposés affected the ways organisations deal with internal and external security threats? Continue Reading
-
Putting software security in the hands of the buyer
For far too long, businesses have been at the mercy of software suppliers for ensuring that critical applications are secure Continue Reading
-
CIO Interview: James Thomas, UCLH
James Thomas, director of ICT at UCLH, talks about branching out into new mobile devices and embracing MDM and apps Continue Reading
-
Top 10 Android security tips
As Android becomes more prevalent in the enterprise, Computer Weekly gives you 10 top tips for keeping your devices secure Continue Reading
-
Big data journalism exposes offshore tax dodgers
How journalists harnessed big data to challenge offshore financial secrecy Continue Reading
-
Securing Android for business
As more Google Android devices enter the workplace, Computer Weekly looks at the best ways of securing the mobile operating system Continue Reading
-
IT security leaders debate their cyber threat challenges
Information security leaders met at a roundtable hosted by Computer Weekly, in association with Trend Micro, to discuss cyber threats they face Continue Reading
-
How to create a good information security policy
Information security policies provide vital support to security professionals, yet few organisations take the time to create decent policies Continue Reading
-
How to find out who is doing what to your data systems
Context-aware security cannot replace point technologies, but it can tell you when an attack is imminent and what form it will take. Continue Reading
-
Putting security in context
How should organisations approach context-aware security technologies and what business benefits can they deliver? Continue Reading
-
CW500: Why security professionals need to rethink their role
Security professionals need to think less about technology and more about the business needs of their organisation Continue Reading
-
How to find the most vulnerable systems on your internal network
Most corporate networks share common vulnerabilities, but many could be mitigated with education in “hacker thinking” for technical staff Continue Reading
-
Social media: A security challenge and opportunity
Generation Y workers are posing increasing security challenges to their employers as they share data unreservedly Continue Reading
-
CW500: Inside the government's CloudStore
The government's cloud store means an end to the big four to five-year IT projects of the past, says the CloudStore lead of the G-Cloud programme Continue Reading
-
CW500: Managing the mobile workforce (part 1)
Mobile working has transformed Colt Telecommunications beyond recognition over the past three years Continue Reading
-
CW500 Security Club: Dealing with attacks inside networks
Perimeter defences are no longer enough to keep data safe, experts told IT security leaders at the CW500 Security Club Continue Reading
-
Opinion: Firms can’t or won’t address social networking security risks
It's a common refrain: Even companies that are aware of social networking security risks don't do anything about them. Continue Reading
-
Looking a little closer at the winners of the SC Magazine Awards
2011 marks the third year SC Magazine has incorporated a number of technology awards into the AusCERT gala conference and presentation. Awards receive nominations from across the industry and a panel of thirteen highly experienced security ... Continue Reading
-
Patient confidentiality policy for UK electronic health records
While electronic health records could provide valuable information in an emergency, they present patient confidentiality concerns. This Royal Holloway thesis examines the issue. Continue Reading
-
Ministry of Defence security: IT information assurance in the MoD
The MoD should update its information assurance policy, argues Paul Shanes and Chez Ciechanowicz in this Royal Hollo2way MSc thesis article. Continue Reading
-
Security trends 2011: Making sense of predictions
While vendors have never been known to underestimate security threats, the job of the information security pro is, nevertheless, getting harder, says UK Bureau Chief Ron Condon. Continue Reading
-
Risk metrics: Measuring the effectiveness of an IT security control
In this article, based on an MSc thesis by Jonathan Pagett and Siaw-Lynn Ng, learn how to use risk metrics to gauge the effectiveness of IT security controls. Continue Reading
-
A new approach to fighting varied types of cybercrime cases
Fighting cybercrime may seem like a losing battle considering the enemy is so well resourced. In a Royal Holloway University of London master's thesis, Anna Cevidalli and John Austen explore new approaches in the battle against cybercrime. Continue Reading
-
2010 Royal Holloway information security thesis series
In this series of nine articles, recent MSc graduates from Royal Holloway University of London explain their information security research. Continue Reading
-
Employee security training for Data Protection Act compliance
Data Protection Act compliance can be difficult to manage, but if employees have no awareness of how to handle sensitive information, it becomes impossible. In this excerpt from Data Protection Compliance in the UK -- A Pocket Guide, learn ... Continue Reading
-
Creating an enterprise security awareness campaign
Security awareness programmes work better when everyone is involved in the process Continue Reading
-
Making security awareness programmes more effective
Geordie Stewart and John Austen believe we could learn a great deal by looking at marketing and psychology disciplines when setting up a security awareness programme. Continue Reading
-
Infosecurity Europe 2009: News, interviews and updates
Infosecurity Europe 2009 has begun. SearchSecurity.co.uk is on the conference floor, providing the latest news and updates from London. Continue Reading