News

Regulatory compliance and standard requirements

• April 11, 2023 11 Apr'23

  KFC, Pizza Hut data stolen in January ransomware attack

  Yum!, the parent organisation behind KFC and Pizza Hut in the UK, has disclosed that employee data was accessed and exfiltrated in a January 2023 ransomware attack

• April 06, 2023 06 Apr'23

  IBM's Nataraj Nagaratnam on the cyber challenges facing cloud services

  Governments are introducing increasingly prescriptive data protection policies, but with organisations becoming ever more reliant on multiple cloud service platforms for essential business needs, how can they ensure they meet regulatory requirements?

• April 06, 2023 06 Apr'23

  Prioritise automated hardening over traditional cyber controls, says report

  A report from strategic risk specialist Marsh McLennan advises security buyers to funnel their budgets towards automated cyber security hardening techniques, saying they have a much better chance of reducing risk in a meaningful way

• April 05, 2023 05 Apr'23

  Italy’s ChatGPT ban: Sober precaution or chilling overreaction?

  Italy’s data protection authority issued a temporary ban on ChatGPT citing data protection concerns and alleged breaches of the GDPR. Is this a reasonable precaution, or a chilling restriction on personal freedoms?

• April 04, 2023 04 Apr'23

  TikTok fined in UK over unlawful use of children’s data

  The ICO has fined TikTok £12.7m for breaches of data protection law, including unlawfully collecting data on children under 13

• April 04, 2023 04 Apr'23

  National Cyber Force carrying out daily hacking operations to disrupt hostile threats

  Government discloses details about the National Cyber Force’s disruption activities against terrorists, organised criminals and nation states – and names first NCF chief as James Babbage

• April 03, 2023 03 Apr'23

  Australia’s media and telecoms sector saw most data breaches in 2022

  The media and telecoms industry accounted for the bulk of stolen credentials in Australia in 2022, underscoring the need to shore up the country’s cyber security posture

• March 30, 2023 30 Mar'23

  NCSC issues revised security Board Toolkit for business leaders

  National Cyber Security Centre calls on CEOs and senior business leaders to take a more hands-on approach to cyber resilience with the launch of revised board-level tools

• March 29, 2023 29 Mar'23

  How organisations can weaponise data privacy

  Organisations should turn data privacy into a competitive advantage and look beyond regulatory compliance to build a privacy programme that aligns with business targets, says Gartner

• March 28, 2023 28 Mar'23

  Europol warns cops to prep for malicious AI abuse

  In a report looking at how large language models can be used by criminals, Europol’s Innovation Lab calls on law enforcement agencies to prepare themselves for wide-ranging impacts on their work

• March 28, 2023 28 Mar'23

  Ethical hackers urged to respond to Computer Misuse Act reform proposals

  The deadline for submissions to the government’s consultation on reform of the Computer Misuse Act is fast approaching, and ethical hackers and security experts need to make their voices heard, says Bugcrowd

• March 27, 2023 27 Mar'23

  France latest to ban TikTok on government devices

  Following bans in the UK and US, France has moved to enact restrictions on TikTok, and other social media apps, on government devices

• March 22, 2023 22 Mar'23

  Why Veeam thinks ransomware warranty payouts are unlikely

  Veeam Data Platform v12 offers a financial guarantee to customers that can’t restore after ransomware attacks, but the backup supplier is convinced it won’t be making many payouts

• March 21, 2023 21 Mar'23

  Nordics move towards common cyber defence strategy

  Nordic countries agree to work together to improve their cyber defences amid increasing threat

• March 17, 2023 17 Mar'23

  UK TikTok ban gives us all cause to consider social media security

  The UK government’s ban on TikTok should give all organisations cause to look into what information social media platforms are collecting on us, and what they are using it for

• March 17, 2023 17 Mar'23

  UK government to create code of practice for generative AI firms

  The code will look to strike a balance between copyright holders and generative AI firms so that both parties can benefit from the use of copyrighted material in training data

• March 16, 2023 16 Mar'23

  TikTok banned on UK government devices

  The UK government has followed in the footsteps of its US and European counterparts and banned the use of Chinese social media app TikTok on official devices

• March 13, 2023 13 Mar'23

  MI5 to oversee new National Protective Security Authority

  The new National Protective Security Authority will address various national security threats including state-sponsored cyber espionage against UK targets

• March 10, 2023 10 Mar'23

  Technology minister Michelle Donelan defends data reforms

  Secretary of state Michelle Donelan has defended the government’s new data reforms as providing certainty for businesses while simultaneously retaining high standards of data protection, but industry figures are having mixed reactions

• March 08, 2023 08 Mar'23

  How ForgeRock is tackling identity management

  ForgeRock CEO Fran Rosch has set the identity and access management software supplier on a path to deliver a frictionless identity experience without compromising security or privacy

• March 07, 2023 07 Mar'23

  Nine in 10 enterprises fell victim to successful phishing in 2022

  Egress annual email security risk report breaks down impacts of email-based phishing attacks and data loss, and the effect these can have on organisations in terms of staff retention and morale

• March 07, 2023 07 Mar'23

  Dutch hospitals underestimate impact of cyber attack

  IT failures in acute care organisations in the Netherlands have increased considerably since 2010, affecting patient care and stressing the need to improve IT security in hospitals

• March 03, 2023 03 Mar'23

  White House unveils National Cybersecurity Strategy

  The strategy will focus on ensuring closer collaboration on cyber security between government and industry, while giving software and other tech companies a bigger role in combatting threats due to their resources and expertise

• March 02, 2023 02 Mar'23

  AI interview: Michael Osborne, professor of machine learning

  Artificial intelligence researcher speaks with Computer Weekly about the implications of a market-driven AI arms race and the overwhelming dominance of the private sector over the technology

• March 01, 2023 01 Mar'23

  Data breaches in Australia on the rise, says OAIC

  Cyber security incidents were the cause of most data breaches, which rose by 26% in the second half of 2022, according to the Office of the Australian Information Commissioner

• February 27, 2023 27 Feb'23

  Scotland launches data strategy for health and social care

  The five-year strategy aims to make it easier for people to access their own health and social care data, improve data flows between organisations, and transform the way data is used to enhance services

• February 24, 2023 24 Feb'23

  UK police have ‘culture of retention’ around biometric data

  A culture of retention around biometric data in UK policing is damaging public trust, says UK biometrics commissioner, who is calling for clear regulation to govern police use of biometric technologies

• February 14, 2023 14 Feb'23

  UK authorities clamp down on illegal crypto ATMs

  The Financial Conduct Authority and West Yorkshire Police have disrupted a number of illegal crypto ATMs

• February 14, 2023 14 Feb'23

  OSC&R framework to stop supply chain attacks in the wild

  The backers of a new MITRE ATT&CK style framework called OSC&R hope to help organisations get to grips with threats to their software supply chains

• February 14, 2023 14 Feb'23

  Researcher exposes crypto scam network exploiting YouTube

  A massive network of fake YouTube videos promoted by automated sock puppet accounts is reeling in hundreds of cryptocurrency enthusiasts and persuading them to hand over their money, WithSecure researchers found

• February 13, 2023 13 Feb'23

  Investigatory Powers Act: Home Office proposes rethink of safeguards on bulk data collection

  David Anderson KC will review the safeguards on intelligence service and police use of bulk datasets following a Home Office assessment that they are 'disproportionate'.

• February 08, 2023 08 Feb'23

  Campaigners lament lack of movement on Computer Misuse Act reform

  Westminster has opened a new consultation on proposed reforms to the Computer Misuse Act of 1990, but campaigners who want the law changed to protect cyber professionals have been left disappointed

• February 07, 2023 07 Feb'23

  APP fraud reimbursement proposal is ‘fundamentally flawed’, say MPs

  MPs claim the involvement of a bank-sponsored organisation in reimbursing victims of APP fraud would be a conflict of interest

• February 06, 2023 06 Feb'23

  Cops make arrests and seize drugs after hacking Exclu encrypted messaging app

  Police in the Netherlands, Belgium and Poland raided 80 addresses after covertly intercepting messages from the Exclu encrypted messaging app

• February 06, 2023 06 Feb'23

  Online banks still riddled with cyber security flaws, report says

  Online bank Virgin Money was found to have the weakest online and application security measures in a Which? study but Nationwide, TSB and The Co-Operative Bank all failed on multiple points, too.

• February 06, 2023 06 Feb'23

  The Security Interviews: How to overcome data protection compliance challenges

  Complying with the vast swathe of data protection legislation around the world is complex, especially for smaller organisations without the necessary expertise. Could the compliance process be simplified, and if so, how?

• February 03, 2023 03 Feb'23

  FCA cracks down on misleading promos by social media influencers

  Social media is becoming a major part of the FCA’s work in clamping down on misleading financial advertising and promotions, with multiple influencers rapped for their behaviour

• February 01, 2023 01 Feb'23

  Innovative Technology deploys age estimation tech in shops and pubs

  A company involved in Home Office-led trials of biometric age estimation technologies has begun rolling out its hardware to UK shops and pubs so they can use its facial recognition algorithm to assure customers’ ages

• February 01, 2023 01 Feb'23

  UK Cyber Council and ISACA launch audit, assurance programme

  The UK Cyber Security Council has teamed up with ISACA to partner on a new audit and assurance programme for security pros

• January 31, 2023 31 Jan'23

  Cyber training firm launches £20k data protection scholarship

  Training specialist Freevacy has launched a £20,000 scholarship fund to train data privacy and protection professionals

• January 31, 2023 31 Jan'23

  MI5 unlawfully collected and held millions of people’s data

  Secretive court finds MI5 knowingly acted unlawfully in use of bulk surveillance warrants, and the Home Office continued granting warrants despite information the agency was operating outside the law

• January 30, 2023 30 Jan'23

  Data of 10 million JD Sports customers accessed in cyber attack

  Data on 10 million people who shopped online at JD Sports over a two-year period was accessed and potentially stolen in a cyber attack

• January 25, 2023 25 Jan'23

  Boards struggle to resolve cyber risk in digital supply chains

  Accelerated digitisation of supply chains is introducing more cyber risk for which many organisations seem unprepared, according to the BSI’s annual report on supply chain risk

• January 23, 2023 23 Jan'23

  NCSC warning over cyber risk to charity sector

  Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC

• January 20, 2023 20 Jan'23

  Veeam survey finds ransomware blocks digital transformation

  Annual report shows secular trend to the cloud and increased use of containers, but prevalence of ransomware attacks means digital transformation is hindered

• January 20, 2023 20 Jan'23

  WhatsApp’s £4.8m fine raises questions for organisations using behavioural advertising

  The Irish Data Protection Commissioner has fined WhatsApp, owned by Meta, in a case that will raise questions for organisations that rely on contracts rather than consent to comply with GDPR when offering behavioural advertising

• January 19, 2023 19 Jan'23

  Fraudsters and cyber criminals stole more than £4bn in the UK through 2022

  The amount of money stolen by fraudsters and cybercriminals in the UK saw a huge increase in 2022

• January 19, 2023 19 Jan'23

  Newham Council rejects use of live facial-recognition tech by police

  Live facial-recognition technology should not be used by police in Newham until biometric and anti-discrimination safeguards are in place, according to a motion passed unanimously by the council, but the Met Police and the Home Office have indicated...

• January 19, 2023 19 Jan'23

  Outdated IT infrastructure poses growing risk to UK Security Vetting

  Delays to UKSV’s important work in safeguarding the country’s national security are in part down to a legacy IT estate in dire need of modernisation, says the NAO

• January 18, 2023 18 Jan'23

  David Anderson KC to review UK surveillance laws

  Home Office commissions independent review of the Investigatory Powers Act, known as the snoopers’ charter. It will include a review of bulk datasets and government access to internet connection records held by phone and internet companies