Opinion

Opinion

IT security

• Security Think Tank: Now is the time to think about cyber insurance

  Many IT leaders shy away from cyber insurance, but new, innovative developments in the market can help organisations take an approach that suits their needs  Continue Reading

• Assessment and knowledge: Your key tools to secure suppliers

  There is no silver bullet that will resolve all the issues arising from today’s interconnected businesses and complex supply chains, but there are some key tools at your disposal  Continue Reading

• Finding the balance between innovation and data security in healthcare

  As the government launches its data strategy for health and social care, a fine line must be trodden between innovating through privacy-enhancing technologies, and retaining data security for patients  Continue Reading

• What will the Data Reform Bill mean for UK businesses operating in the EU?

  Following the government’s response to the Data Reform Bill consultation, Peter Galdies of DQM GRC looks at what might lie ahead for UK organisations working in the European Union  Continue Reading

• Germany – let’s stop debating data retention and start finding solutions

  Germany has the opportunity to set the democratic precedent for ending the collection and retention of everybody’s call details record and metadata in the EU. It is time find real and effective solutions to crime  Continue Reading

• Security Think Tank: Supply chain security demands systematic approach

  Supply chain security measures need to be systematic and assessed so as to minimise the complexity and cost to the business  Continue Reading

• Why the world needs tech standards for UN Sustainable Development Goals

  Chaesub Lee from the ITU argues that the world needs technology standards to address the UN’s Sustainable Development Goals  Continue Reading

• Security Think Tank: Balanced approach can detangle supply chain complexity

  Achieving an appropriate balance between people, processes and technology can help to detangle the complexities of the supply chain and create better security practices  Continue Reading

• We’re all technologists now – the powerful impact of low-code platforms

  Low-code platforms are bringing a shift in how organisations develop and use technology – and it’s the job of the CIO to let it happen in a controlled, secure and connected fashion  Continue Reading

• Supply chain security goes deep – forget this at your peril

  It may have hit the headlines as an IT issue, but supply chain security goes far deeper into an organisation than just technology  Continue Reading

• Consider governance, coordination and risk to secure supply chain

  A recent ISACA study found myriad factors that give good reason to be concerned about supply chain security. Cyber adviser Brian Fletcher recommends three areas to zero in on  Continue Reading

• Privacy-enhancing technologies – myths and misconceptions

  As the UK and US prepare to open a joint privacy-enhancing technology (PET) prize challenge, expert Ellison Anne Williams busts some myths and misconceptions around this emerging area  Continue Reading

• Security Think Tank: Best practices for boosting supply chain security

  In a highly connected world, managing the supply chain landscape requires an adaptation of the ‘traditional’ approach to managing cyber risk  Continue Reading

• Is digital ID still the missing link for the UK’s digital economy?

  While progress has been made, the government’s proposed digital ID trust framework needs more work – and the tech industry wants to have more input  Continue Reading

• Security Think Tank: Basic steps to secure your supply chain

  When it comes to supply chain security, there are some core things you should be doing – but remember, the devil is in the detail  Continue Reading

• Security Think Tank: Don’t trust the weakest link? Don’t trust any link

  Your security model shouldn’t fall apart just because a part of your business, or a partner, has weak security. This is why information-centric security is a must  Continue Reading

• What does the EU’s NIS 2 cyber directive cover?

  We run the rule over the European Union’s updated NIS2 security directive  Continue Reading

• The importance of making information security more accessible

  Robin Smith, CSO of Aston Martin Lagonda, talks about how an accessible approach to cyber is helping him to keep the organisation secure  Continue Reading

• Mobile digital transformation – from fast to deep

  The first half of 2022 has been a busy time, with much happening in the mobile industry. We consider what the rest of year might hold  Continue Reading

• Log4Shell: How friendly hackers rose to the challenge

  HackerOne CISO Chris Evans looks back at how the security community successfully rose to the challenge of Log4Shell, and saved end-user organisations millions  Continue Reading

• Strong internal foundations are key to withstanding external threats

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Consistency is key to mitigate outsourcing risk

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: Core security processes must adapt in a complex landscape

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: Understanding attack paths is a question of training

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: Yes, zero trust can help you understand attack paths

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: To follow a path, you need a good map

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: Your path to understanding attack paths

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: Identify, assess and monitor to understand attack paths

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: Defenders must get out ahead of complexity

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to better understand ...  Continue Reading

• Security Think Tank: Solving for complexity in the network

  The modern-day abundance of IT platforms, apps and tools gives the bad guys ample opportunity to move rapidly through the network to hit critical assets. Security teams must understand these attack pathways better in order to fight back  Continue Reading

• Totting up a decade of ones and zeros at the ODI

  As the Open Data Institute turns 10, managing director Louise Burke reflects on its first decade and what comes next  Continue Reading

• We must target a broad church to fill vacant cyber roles

  The security industry focuses a lot on cyber-specific specialisms and technical skills, but it could really benefit from widening its search. Take it from a social anthropologist  Continue Reading

• Online Safety Bill: Collaborating to make the internet safer for all

  The UK government's plan to regulate the internet and social media includes some positive and progressive measures – but by working with industry, a lot more could be achieved  Continue Reading

• Revised scope of UK security strategy reflects digitised society

  The omission of the word ‘security’ from the title of the UK government’s new National Cyber Strategy is a telling one, reflecting our increasingly digitised society, say Maximillian Brook and Arunoshi Singh of the ISF  Continue Reading

• How 2022’s most significant data privacy trends affect your organisation

  Data privacy and protection are now core responsibilities for most, but as we all know by now, compliance is a moving target. Here, expert Alan Calder looks ahead at what to expect in the coming months  Continue Reading

• UK Cyber Strategy a welcome injection of progress

  The National Cyber Strategy should be seen as a welcome injection of both focus and investment in bettering cyber defence for everyone, says Turnkey Consulting senior consultant Louise Barber  Continue Reading

• National Cyber Strategy will enhance UK’s cyber power status

  The UK punches above its weight when it comes to wielding cyber power around the world, but challenges to this status are clear. The National Cyber Strategy has a clear role to play in maintaining and enhancing this status, writes Paddy Francis of ...  Continue Reading

• How cyber security teams can conquer the four-day working week

  The four-day week may be an idea whose time has come, but for always-on cyber security professionals, the impact of squeezing more work into fewer days is a tricky proposition  Continue Reading

• Achieving agility, collaboration and data control in the cloud

  Organisations have historically had to make a trade-off between the proven benefits of the cloud and maintaining full control of their data, but with the right strategy it is possible to have both  Continue Reading

• Encryption myths versus realities of Online Safety Bill

  The UK government can’t legislate the impossible – a safer society depends on encryption, not breaking it  Continue Reading

• National Cyber Strategy misses the mark in one important way

  The National Cyber Strategy is full of fine words, says Petra Wenham, but as the old expression goes, fine words butter no parsnips, and it misses the mark in one very important way  Continue Reading

• Security Think Tank: Building the cyber workforce we need

  The UK’s new National Cyber Strategy is clear in its ambitions, but to fulfil them, we must double down on appropriate skills development, says ISACA director Mike Hughes  Continue Reading

• When more is too much in security

  The view that more security tools equals better protection still persists, but security researcher Etay Maor argues that success in cyber lies in simplicity  Continue Reading

• When to pull the plug on an ecommerce site

  Distributed denial of service and other attacks on websites have the potential to leak personally identifiable information  Continue Reading

• Assessing the aims of the Government Cyber Security Strategy

  The clear aims of the Government Cyber Security Strategy are welcome, but are they realistic or achievable?  Continue Reading

• Universities need better protection from email-based cyber attacks

  The need to educate university staff and students on avoiding email-based cyber attacks is more acute than ever, says Proofpoint’s Adenike Cosgrove  Continue Reading

• The UK’s cyber security sector is thriving, but our work has only just begun

  The government’s Annual Cyber Sector Report painted a positive picture of the UK security industry. CIISec’s Amanda Finch thinks we can go further in developing cyber talent and opening up the sector  Continue Reading

• Security Think Tank: Good training is all about context

  In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service?  Continue Reading

• Phishing tests are a useful exercise, but don’t overdo it

  The vast majority of cyber attacks start with a phish, so it’s not surprising that phishing tests form part of cyber training plans. But sometimes these tests go too far. Cyberis’ Gemma Moore looks at how to avoid the pitfalls  Continue Reading

• Five key tech trends for digital leaders in 2022

  The past two years have seen a surge in investment that will bring new challenges to digital leaders over the next year  Continue Reading

• Security Think Tank: How to build a human firewall

  In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service?  Continue Reading

• Understand your cyber training ‘need’ before committing to a programme

  In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training-as-a-service?  Continue Reading

• Security Think Tank: Focus on ‘nudging’ to build effective cyber training

  In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training-as-a-service?  Continue Reading

• Security Think Tank: Cyber training is useless without staff empowerment

  In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service?  Continue Reading

• Vulnerabilities to fraud are increasing across the board

  As the pandemic continues to affect how we work, socialise, shop and conduct business, so it has increased opportunities for digital fraud and cyber crime. Jason Lane-Sellers explores the latest LexisNexis Risk Solutions ‘Cybercrime report’  Continue Reading

• How can you balance security with growth?

  As businesses focus on recovery and growth, CISOs must deal with today’s challenges while also planning for tomorrow - how can they achieve both safety and success?  Continue Reading

• Security Think Tank: Reframing CISO-boardroom relations

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months  Continue Reading

• Security Think Tank: When will they ever learn?

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months  Continue Reading

• Enabling secure remote working is once again a top priority

  The pandemic has bought many new security risks, particularly around remote working. As the UK government once again urges people to work from home under its Plan B restrictions, these risks must be tackled as a priority  Continue Reading

• Security Think Tank: Get to know your personal threat landscape

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months  Continue Reading

• Security Think Tank: We are failing to get the cyber message across to users

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months  Continue Reading

• Security Think Tank: There’s much more to do to secure hybrid workers

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months  Continue Reading

• Security Think Tank: Good documentation could save your bacon

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months  Continue Reading

• Security Think Tank: Attackers leveraging the supply chain

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they have taken away from the past 12 months  Continue Reading

• Security Think Tank: Think people, processes and systems

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months  Continue Reading

• A ‘whole of society’ approach to cyber may be on the horizon

  Nominet Cyber managing director David Carroll reflects on the NCSC’s latest annual review amid 2021’s fast-evolving threat landscape  Continue Reading

• The way we talk and think about tech is crucial to helping solve the skills shortage crisis

  Companies are looking to short-term fixes to find IT specialists, but there is still a need for long-term solutions  Continue Reading

• Security Think Tank: In the cloud, anti-human approaches set us up to fail

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months  Continue Reading

• Security Think Tank: Dissecting the true value of SASE is a challenge

  As a relatively nascent technology that is getting a lot of publicity, dissecting the true value of SASE is still a difficult proposition, for now  Continue Reading

• Computing at the edge: Let’s get on board

  With the increasing complexity of networks today, whether it’s hybrid cloud infrastructure or time-sliced 5G, somehow we’ve got to manage it  Continue Reading

• Security Think Tank: SASE will become operational reality

  While still considered very much a buzzword, the pace of change in corporate networks and operational technology means secure access service edge (SASE) is becoming reality for many  Continue Reading

• Back to the past with government identity

  The UK government plans to spend up to £400m developing yet another digital identity system – why is taxpayer money going into a time warp when there is surely a better and cheaper way?  Continue Reading

• Security Think Tank: SASE – more than the sum of its parts?

  Airbus Cybersecurity’s Paddy Francis asks what makes an integration of the various components of SASE more the sum of their parts, and what are the benefits and pitfalls?  Continue Reading

• Security Think Tank: What to find out before investing in SASE

  Petra Wenham of the BCS shares her thoughts on what organisations need to consider as they investigate whether or not to invest in secure access service edge technology  Continue Reading

• The ICO is right to push back against government meddling

  Some criticisms of the ICO are justified, but the answer to that is not to give Whitehall more oversight over the data protection regulator, argues legal expert Edward Machin  Continue Reading

• Zero trust: Now is the time

  The cyber security industry has been talking about a zero-trust approach to security for just over a decade, but now it’s time to move towards full implementation because it is more appropriate than ever, and it is rapidly gaining support from ...  Continue Reading

• The Secret IR Insider’s Diary – this is not a fashion show

  In the latest pages taken from their diary, the Secret IR Insider reveals why organisations should be worried about every threat, not just the latest and greatest  Continue Reading

• Watching me, watching you – challenging the rise of digital surveillance at work

  Unprecedented levels of digital monitoring at work is embedding a culture of surveillance, despite workers’ opposition to the practices, says Prospect Union  Continue Reading

• Security Think Tank: SASE – marketing buzz or the future of security?

  SASE architectures promise to prevent multiple types of cyber attacks, but deciding whether SASE is right for your organisation will require understanding whether SASE is a fit for your use cases in IT  Continue Reading

• Is SASE mere vendor hype? It’s more nuanced than that

  There’s no doubt that SASE is being overhyped, but nevertheless the concept holds value that security teams should not discount, according to PA Consulting analysts  Continue Reading

• Changing the rules against cyber attacks

  UKRI’s John Goodacre reveals how projects supported by the Digital Security by Design Challenge aim to improve cyber security resilience, beginning with the very fundamentals of computing  Continue Reading

• No easy fix for vulnerability exploitation, so be prepared

  Vulnerability management and disclosure is a tricky business with ethical and business ramifications for software vendors, CISOs and ethical hackers alike – and CISOs sit right in the middle of this  Continue Reading

• Doing the right thing: How CISOs should approach responsible disclosure

  Owen Wright, responsible for penetration testing and adversary simulation at Context, part of Accenture Security, advises how CISOs should approach responsible disclosure  Continue Reading

• Encryption protects the marginalised – and it’s under threat

  Encryption keeps marginalised groups connected and safe, but new regulatory attempts to break it put them at risk  Continue Reading

• Addressing the backup dilemma to ransomware recovery

  Everyone knows good backups are essential if one is to recover from a ransomware attack, but using them effectively poses challenges that IT teams need to know about  Continue Reading

• Security Think Tank: Responsible vulnerability disclosure is a joint effort

  By working hand-in-hand, developers and security researchers can both play a vital role in ensuring newly-discovered vulnerabilities are addressed appropriately, writes Paddy Francis of Airbus CyberSecurity  Continue Reading

• New strategies needed to close the cyber security skills gap

  Teaching cyber security in schools is a long-term solution to a present-day problem  Continue Reading

• Invest in cyber security with confidence using a structured approach

  Cyber security has never been more challenging or important in rapidly changing business, regulatory, IT and threat environments. There is a need for a more structured approach to investment  Continue Reading

• Keeping the UK in the global race to adopt digital identity

  The UK government’s proposed digital ID trust framework is a step in the right direction, but more is needed to ensure the successful adoption of digital identity across the economy  Continue Reading

• ICO cookie consent: How will the plan affect businesses?

  A data privacy and compliance expert considers what the ICO’s proposals for an overhaul of cookie consent procedures could mean for businesses  Continue Reading

• Security Think Tank: Embracing vulnerability management for the greater good

  When it comes to vulnerability management, CISOs should define a responsible disclosure policy so that they can receive and manage identified vulnerabilities transparently, practically and collaboratively, says Paul Watts of the ISF  Continue Reading

• Facial recognition cannot be a standalone authentication method

  As more organisations look to facial recognition to improve their digital identity practices, they must remember that it cannot stand in isolation  Continue Reading

• UK data plans aim to boost growth but will they isolate the UK from its international friends?

  The UK government has made strong statements about the nation’s post-Brexit data strategy but must be careful not to undermine its global credibility  Continue Reading

• Managing cyber risk through integrated supply chains

  High-profile supply chain cyber attacks have caused huge disruption this year. PA Consulting’s Carl Nightingale considers key questions business leaders should be asking of their organisations  Continue Reading

• Security Think Tank: Optimising privacy, post-GDPR

  Airbus CyberSecurity CTO Paddy Francis explores the impact of regulation on data protection, and how it has changed how one goes about optimising data privacy in the enterprise  Continue Reading

• Security Think Tank: A response to planned data protection changes

  The ISF’s Emma Bickerstaffe assesses how organisations might respond to proposed changes to the UK’s data protection regime  Continue Reading

• The rise of the chief risk officer

  The impact of the Covid-19 pandemic has seen chief risk officers take their rightful place in the boardroom  Continue Reading

• UK’s new data protection strategy risks costing business more than it gains

  The apparent business benefits of pursuing data adequacy agreements around the world may not be as enticing as they at first appear  Continue Reading

• Protecting children in the digital playground

  The ICO’s Age Appropriate Design Code ushers in a new set of standards that advance children’s rights in the digital age  Continue Reading

• Security Think Tank: Managing data securely throughout its lifecycle

  Managing data in a secure manner is key to ensuring its integrity and therefore its value to the organisation, as well as reducing risk from breaches and misinformation  Continue Reading