Application security and coding requirements

CW Nordics: The trouble with connected things

In this issue, Finnish cyber security expert Mikko Hyppönen talks about security in the Nordics, Russia and the trouble with connected devices. Also read how Icelandic airline Wow Air averted disaster through the use of application performance monitoring software when it embarked on a major expansion. And find out how, since December 2015, anyone playing popular sandbox game Minecraft has been able to build their worlds on the actual map of Sweden. Continue Reading

Economic and political uncertainty drives organisations to rethink IT strategies

CIO job satisfaction reaches a three-year high as organisations hire more IT staff and invest in innovative digital technology Continue Reading

By

• Bill Goodwin, Computer Weekly

Security as a service on the rise in the UAE

Organisations in the United Arab Emirates are increasingly turning to security services Continue Reading

By

• Alicia Buller

Interview: F-Secure’s Mikko Hyppönen on the Nordics, Russia and the internet of insecure things

Computer Weekly sat down with Finnish cyber security expert Mikko Hyppönen to talk about security in the Nordics, Russia and the trouble with connected devices Continue Reading

By

• Eeva Haaramo

How IT can be more defensible

A renowned Google engineer calls for the IT industry to build devices capable of being defended and for enterprises to take a balance sheet approach in managing risks Continue Reading

By

• Aaron Tan, TechTarget

Threats grow in Saudi Arabia’s cyber sector

Saudi Arabia's wealth makes it an attractive target for cyber criminals, but what have been the recent trends in cyber crime? Continue Reading

By

• Triska Hamid

Making the UK fit for 5G

In this week’s Computer Weekly, we look at the government’s new 5G strategy and assess whether it’s enough to stimulate development of next generation mobile networks. We meet some of the Silicon Valley startups hoping to revolutionise big data analytics. And we examine how to prevent the move to DevOps from harming work-life balance for IT professionals. Read the issue now. Continue Reading

CW ASEAN: Raising national security standards

In this month’s CW ASEAN, we describe how Singapore is improving its cyber security defenses and preparations through a partnership with British security company BAE Systems. We also find out why the Thai military plans to recruit civilian cyber warriors and we take a look at evolving security approaches. Read the issue now. Continue Reading

Citizen Love: the story of an ordinary family's fight with the US government

Finnish documentary makers Raimo Uunila and Lauri Danska tell the behind-the-scenes story of activist Lauri Love’s battle with the US government – and the impact of the case on his family Continue Reading

By

• Bill Goodwin, Computer Weekly

Secure IoT before it kills us

Experts say more must be done to mitigate the potentially catastrophic threats presented by connected devices Continue Reading

By

• Jim Mortleman

Top 10 IT security stories of 2016

Here are Computer Weekly’s top 10 IT security stories of 2016: Continue Reading

By

• Warwick Ashford, Senior analyst

Top 10 ANZ enterprise IT stories of 2016

Here is a rundown of Computer Weekly’s most popular ANZ enterprise IT articles for 2016 Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Russian banks hit by IoT-enabled DDoS attacks

DDoS attacks on Russian banks have been linked to IoT botnets, further confirming this worrying trend and highlighting the need for IoT suppliers to improve security capabilties Continue Reading

By

• Warwick Ashford, Senior analyst

CW ASEAN: SMEs present security weakness

In this month's CW ASEAN, we look at how the cyber security defences at small and medium-sized enterprises in Southeast Asia may have some vulnerabilities, resulting in cyber security attacks on the large corporations they work with. We also consider the need to educate users of smartphones and tablets across the region as card fraud rates rise, with high use of mobile devices considered a contributing factor. Read the issue now. Continue Reading

CW ANZ: Using gamification to build cyber security skills

In this month's CW ANZ, we look at how PwC is using an online game to give its customers first-hand experience of what it means to face a cyber attack. We also look at how identity is gaining greater prominence in the security debate in Australia as the DTO takes the wraps off plans for a national identity system. Read the issue now. Continue Reading

Schneider Electric praised for positive response to ICS security flaw

Schneider Electric has patched a security flaw that highlights the vulnerability of industrial control systems to cyber attack Continue Reading

By

• Warwick Ashford, Senior analyst

Snowden: the IT analyst turned whistleblower who exposed mass surveillance

Oliver Stone's biopic on Edward Snowden reaches the heart of the ethical crisis posed by mass surveillance for the state and ordinary citizens Continue Reading

By

• Fiona O'Cleirigh

Retail websites riddled with security holes, researchers warn

Retailers urged to improve the security of their online stores amid a series of discoveries of cyber criminal campaigns to exploit vulnerabilities in retail websites Continue Reading

By

• Warwick Ashford, Senior analyst

Gary McKinnon: Why Lauri Love should be spared the nightmare of extradition

Computer activist Lauri Love should be spared a life sentence in a US jail, says former hacker Gary McKinnon Continue Reading

By

• Gary McKinnon

Computer Weekly 50th anniversary special

It’s been 50 years since Computer Weekly's launch on 22 September 1966. To mark this achievement, we have compiled a special edition of the magazine to reflect on how much the British technology industry has contributed over that time – and, of course, to celebrate our role in keeping IT professionals in touch with those developments – week-in, week-out, for half a century. Read this 100-page anniversary special now. Continue Reading

Alleged hacker Lauri Love can be extradited to the US, court rules

Westminster Magistrates’ Court has ruled that alleged hacker, Lauri Love, can be extradited to the US, where he could face a 99-year prison sentence Continue Reading

By

• Fiona O'Cleirigh

Lauri Love: the student accused of hacking the US

How did a brilliant but fragile computer science student from a rural English town end up facing life imprisonment in the US? Computer Weekly speaks to Lauri Love Continue Reading

By

• Bill Goodwin and Niels Ladefoged

IBM sets up security centre in Canberra

IBM leads the charge as large private businesses invest heavily in security resources across Australia in an attempt to close the security gap Continue Reading

By

• Beverley Head

CW ASEAN: July 2016

Lessons from the Philippine government hack: In this issue we ask why a hack on the Philippine Commission on the Elections (Comelec) was allowed to happen and what organisations in Southeast Asia can learn from this breach of security. Retailers in the region are concerned – read how the theft of customer data is their biggest worry. Continue Reading

CW ANZ: July 2016

Australia knows it has a cyber security problem, but not the scale. In this month’s CW ANZ we describe how Australia's $230m security strategy serves as a wake-up call to enterprises. We also reveal the techniques and technologies being used to protect one Australian school, as well as a more general look at the main cyber threats to orgainsations in Australia. Read the issue now. Continue Reading

Lower average cost of Australian data breaches is not a sign of comfort

The average cost of a data breach to Australian organisations dropped in 2015, according to research Continue Reading

By

• Beverley Head

Philippines government data breach is a warning to Asean region

Security is a rising concern in the Asean region, with fears fuelled by incidents such as the recent hacking incident in Manila Continue Reading

By

• Zafar Anjum

Cyber security in Belgium will gain prominence after terror attacks

Belgium’s physical security has been branded inadequate, so how does the country’s cyber security measure up? Continue Reading

By

• Stef Gyssels

NCA attempts 'back door' access to obtain activist Lauri Love’s passwords

Court told that use of civil proceedings to force disclosure of alleged hacker Lauri Love's passwords is disproportionate and would breach human rights law Continue Reading

By

• Bill Goodwin, Computer Weekly

Adwind at centre of cyber attack on Singapore bank

Kaspersky Lab has revealed that the Adwind malware-as-a-service platform was at the centre of an attack on a Singapore bank Continue Reading

By

• Zafar Anjum

Gov.uk Verify not secure enough for NHS, says HSCIC

The government’s Verify identity verification platform isn’t secure enough for the NHS, so Liverpool Clinical Commissioning Group and HSCIC are working to add extra levels of security Continue Reading

By

• Lis Evenstad

The problem with passwords: how to make it easier for employees to stay secure

An organisation’s IT security can be compromised if staff do not follow a strict policy of using strong passwords to access internal systems Continue Reading

By

• Jeremy Bergsman, CEB

HSBC online services hit by DDoS attack

HSBC was hit by a distributed denial of service (DDoS) attack, which targeted its online personal banking services. Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Top 10 IT security stories of 2015

Computer Weekly looks back at the most significant stories on IT security in the past 12 months Continue Reading

By

• Warwick Ashford, Senior analyst

Cyber attacks an increasing concern for Asean countries

Organisations in the Association of Southeast Asian Nations are increasingly the targets for cyber criminals, according to a report focused on the region Continue Reading

By

• Zafar Anjum

Veracode finds most web apps fail Owasp security check list

The findings of a report on critical vulnerabilities in most web applications is raising concerns over potential security vulnerabilities in millions of websites Continue Reading

By

• Warwick Ashford, Senior analyst

The true cost of a cyber security breach in Australia

The costs of cyber security breaches can quickly add up with fines, reputational damage and overhauls to network security all hitting the coffers. The case of one Australian firm shows why paying a ransom to a hacker might be tempting. Continue Reading

By

• Beverley Head

Public-private co-operation in the Nordics tackles growing cyber crime threat

Nordic governments and businesses are putting cyber security at the centre of their planning as threats increase Continue Reading

By

• Eeva Haaramo

Security vulnerability management more than patching, warns Secunia

Keeping track of what makes an IT environment vulnerable is an ongoing and complex task, according to Secunia Continue Reading

By

• Warwick Ashford, Senior analyst

Commercial software more secure than open source, finds report

A study has found that commercial code is more compliant than open source code with security compliance standards, such as the Owasp top 10 and the CWE top 25 Continue Reading

By

• Warwick Ashford, Senior analyst

Computer Weekly European User Awards 2015 winners revealed

The winners have been announced for the Computer Weekly European User Awards 2015. See who made the top spots Continue Reading

By

• Kayleigh Bateman, Computer Weekly

IT professionals give Windows 10 Start button the thumbs up

A survey of European and North American IT professionals has found that the return of the Start button is the most enticing feature in Microsoft's latest operating system Continue Reading

By

• Cliff Saran, Managing Editor

Pharmaceutical companies use BPM to cut cost of clinical trial drugs

Pharmaceutical companies have developed an IT system to secure the supply of medicines they need for clinical studies, saving hundreds of thousands on their drugs bill in the process Continue Reading

By

• Bill Goodwin, Computer Weekly

NATS failure down to bug from the 90s and redundant code

A bug present in Nats since 1990s has been identified as the root cause of the five-hour outage of UK air traffic control on 12 December 2014 Continue Reading

By

• Cliff Saran, Managing Editor

Whitehall technology chiefs vetoed new Windows XP support deal

Government technology chiefs vetoed a new deal with Microsoft to continue Windows XP support to force laggards to move off the OS Continue Reading

By

• Bryan Glick, Editor in chief

IoT benefits and privacy not mutually exclusive, says industry expert

It is possible to mitigate the privacy and security risks of the internet of things (IoT) without losing its benefits, according to an industry expert Continue Reading

By

• Warwick Ashford, Senior analyst

Case study: Norwegian insurer invests in Darktrace machine-learning cyber defence

Shipping insurance company DNK hopes to inspire the rest of the shipping industry to adopt Darktrace’s cyber defence system Continue Reading

By

• Jenny Stadigs

PrivDog SSL compromise potentially worse than Superfish

Some versions of PrivDog software designed to block online ads compromise internet security in a similar way to Superfish Continue Reading

By

• Warwick Ashford, Senior analyst

Why we need cyber war games

In this week’s Computer Weekly, the UK and US are starting a cyber war on each other – all in the name of testing each other’s defences. We look at why the cyber war games are needed. We examine what IT managers can learn from the car industry to improve supplier relationship management. And we find out why innovation should be top of the IT agenda in 2015. Read the issue now. Continue Reading

Google under fire over Windows zero-day disclosure

Google has come under fire for publishing a proof-of-concept attack exploiting a flaw in Windows 8.1 before Microsoft had released a security update Continue Reading

By

• Warwick Ashford, Senior analyst

CW Europe – January 2015 Edition

As we start another new year we look back at what technology has been playing a vital role in keeping Europe safe. Headlines are regularly filled with threats about cyber wars and attacks which, although are important to bring to light, can sometimes overshadow the role technology plays in keeping us safe. Continue Reading

Cabinet Office begins procurement for next stage of Gov.uk Verify

The Cabinet Office has submitted a tender notice for a £150m three-year framework for the provision of identity assurance services Continue Reading

By

• Caroline Baldwin, Freelance editor and journalist

US interception in the EU faces new legal challenges

US government orders against Microsoft to hand over email data 'infringes privacy legislation' in other countries Continue Reading

By

• Fiona O’Cleirigh

CGI secures communications between pilots and air traffic control

Satellite communications firm Inmarsat has outsourced the provision of security IT and services to CGI Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

How the development of standards will affect the internet of things

As the internet of things (IoT) grows, so will the number of applications developed to control internet-connected devices and objects Continue Reading

By

• Clare McDonald, Business Editor

WordPress most attacked application

Websites that run the WordPress content management system are attacked 24% more often than those using other systems Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Malware being used to steal cash from ATMs

Criminals are using malware to steal cash from ATMs without debit and credit cards Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

CW Europe - October 2014 Edition

BYOD policies: What’s allowed and what’s banned? As IT departments still try to come to terms with the notion of BYOD, CW Europe takes a look at what policies are being implemented to keep security under control. Continue Reading

Hacking IT from the inside

In this week’s Computer Weekly, car giant Daimler talks about its IT security strategy and the benefits of having its own in-house hacking team. App developers are under fire for collecting too much personal data – we examine the latest best practice. Our new buyer’s guide looks at virtualisation backup. And our review of Microsoft’s Surface Pro 3 tablet asks whether it can replace the laptop. Read the issue now. Continue Reading

KPMG: IoT, 3D printing and healthcare IT to have most impact

Internet of things (IoT), 3D printing and biotech or healthcare IT are among the IT trends that will change the way people work and live Continue Reading

By

• Archana Venkatraman, Datacentre Editor

Salesforce issues advice on avoiding Dyreza attack

Salesforce has issued a set of guidelines on tightening security after a number of its customers were targeted by the Dyreza email virus Continue Reading

By

• Cliff Saran, Managing Editor

Security experts identify top 10 software design flaws

The IEEE Center for Secure Design has published a report on how to avoid the top 10 software security design flaws Continue Reading

By

• Warwick Ashford, Senior analyst

Can national security and privacy co-exist?

In this week’s Computer Weekly, we talk to NSA whistleblower Bill Binney about the often-conflicting needs of security and privacy. We find out how Google is using artificial intelligence to improve datacentre energy efficiency. And we look at a project to use wearable technology and big data to help tackle Parkinson’s disease. Read the issue now Continue Reading

The internet of things is coming: Is your datacentre ready?

Gartner estimates the IoT will see 26 billion units installed by 2020 – channelling huge volumes of data traffic into datacentres Continue Reading

By

• Clive Longbottom

USB-connected devices present cyber vulnerabilities

Connecting devices to computers using a USB port could lead to security breaches, say Berlin-based researchers Continue Reading

By

• Caroline Baldwin, Freelance editor and journalist

Barclays passes government’s ‘internet-born threat’ test

Barclays Bank has been awarded the government’s cyber security certificate for digital banking services after independent tests of services such as Pingit Continue Reading

Netflix releases its AWS monitoring tool Security Monkey into the wild

Netflix has made Security Monkey, the AWS tracker tool it built for itself, freely available to other Amazon cloud users Continue Reading

By

• Archana Venkatraman, Datacentre Editor

Supporting Apple in the enterprise

In this week’s Computer Weekly, our latest buyer’s guide takes an in-depth look at how to support Apple products in an enterprise IT infrastructure. We find out how eBay built its own Openstack private cloud. And the chief of the government’s G-Cloud programme talks about changing public sector IT procurement. Read the issue now. Continue Reading

Heartbleed prompts tech firms to pledge open-source support

Top tech firms have joined forces to support open-source software to help prevent future bugs like Heartbleed Continue Reading

By

• Warwick Ashford, Senior analyst

Datacentre lessons learnt from Heartbleed bug

The Heartbleed bug, an OpenSSL flaw affecting millions of websites, has some lessons for datacentre providers and operators Continue Reading

By

• Archana Venkatraman, Datacentre Editor

The Cyber Security Challenge UK 2014

The Cyber Security Challenge UK is a series of events designed to test the ability of thousands of amateur applicants who have skills in the cyber security space. Continue Reading

By

• Clare McDonald, Business Editor

Hacktivism: good or evil?

IT lawyer Dai Davis looks at the rise of hacktivism and its impact on business and international politics Continue Reading

By

• Dai Davis, Percy Crow Davis & Co

Governance, Risk Management and Compliance (GRC)

Ensuring that all the stakeholders' information needs are met requires a holistic approach to managing information – the creation of a GRC platform, say analysts Clive Longbottom and Rob Bamforth. Continue Reading

Employee mobiles expose firms to attack, says Webroot

Employees mobile devices expose companies to malicious applications and attacks, according to the latest mobile threat report from Webroot Continue Reading

By

• Warwick Ashford, Senior analyst

Bank of England publishes Waking Shark II cyber security exercise results

Bank of England publishes the results of its Waking Shark II security exercise, which tested financial institutions' contingency plans for cyber attack Continue Reading

By

• Caroline Baldwin, Freelance editor and journalist

US startup aims to turn tables on hackers

US startup Shape Security is turning the tables against hackers by using one of their own techniques against them Continue Reading

By

• Warwick Ashford, Senior analyst

More than 1,100 DWP workers disciplined over benefits snooping

More than 1,100 employees at the Department for Work and Pensions have received official warnings since 2008 for prying into benefits records Continue Reading

By

• Caroline Baldwin, Freelance editor and journalist

Security considerations for UK enterprises

This Research Snapshot from Vanson Bourne looks at IT security spending trends, awareness of cyber-threats, and the factors perceived as the biggest security risks for organisations. Continue Reading

UK citizen sues Microsoft over Prism private data leak to NSA

A court action brought in the UK will test Microsoft's legal right to disclose private data on UK citizens to US intelligence services Continue Reading

By

• Fiona O’Cleirigh

Cybercrime and warfare: All that matters

Peter Warren and Michael Streeter assess the history, scale and importance of cyber crime in this chapter from their book, Cybercrime and warfare: All That Matters. Continue Reading

Optimising performance and security of web-based software

On-demand applications are often talked about in terms of how suppliers should be adapting the way their software is provisioned to customers. Continue Reading

By

• Bob Tarzey

Global profiles of the fraudster

Computers, rather than conmen, are set to be the future face of fraud, as criminals turn to robotics in an effort to avoid detection, this report from KPMG reveals. Continue Reading

Why agile development races ahead of traditional testing

Traditional testing practices optimise large, centralised testing but struggle to support the rapid delivery of agile development. Continue Reading

By

• Diego Lo Giudice

Identity assurance system moves into beta test phase

The Government Digital Service has started testing of a key system to support plans for citizens to securely prove their identity when accessing online public services Continue Reading

By

• Bryan Glick, Editor in chief

Windows 2012 Server Network Security

This book chapter offers an introduction to Windows 8 and Windows Server 2012 network security and IPv6. It includes a 30% discount code for Computer Weekly readers. Continue Reading

Windows Server 2012 Security from End to Edge and Beyond

This extract from the book Windows Server 2012 Security from End to Edge and Beyond shows you how to plan your platform security requirements and gives you the critical questions to ask. Continue Reading

Printing: a false sense of security?

Louella Fernandes and Bob Tarzey show how secure printing technology can provide authentication, authorisation and accounting capabilities, helping businesses improve document security and meet compliance regulations. Continue Reading

Box.com forges new cloud security model

Service providers and consumers need to move to a security model better suited to the cloud computing, says Box.com Continue Reading

By

• Warwick Ashford, Senior analyst

Targeted attacks and how to defend against them

Analysts Bob Tarzey and Louella Fernandes assess the scale and real impact of targeted attacks the measures being taken to defend against them. Continue Reading

Facebook to acquire UK startup Monoidics

Facebook is to acquire UK startup Monoidics, which makes code verification and analysis tools and specialises in detecting coding errors Continue Reading

By

• Warwick Ashford, Senior analyst

IT security case studies

Four critical IT security case-studies selected from the winners of Computer Weekly's European User Awards for security Continue Reading

Needle in a Datastack: The rise of big security data

This research from McAfee investigates how well organisations are positioned to address the challenges of managing security in a world of ever increasing amounts and types of data. Continue Reading

IT Security Case Studies

Warwick Ashford presents 4 essential IT security case-studies selected from the winners of Computer Weekly's European User Awards. Continue Reading

Black market for software security flaws reaches new highs

The black market in previously undiscovered vulnerabilities in commercial software is so established that the average flaw sells for up to $160,000 Continue Reading

By

• Warwick Ashford, Senior analyst

Telefonica Digital forms security group Eleven Paths

The business division of mobile operator Telefonica launches Eleven Paths, an independent company working on security issues in the workplace Continue Reading

By

• Jennifer Scott, TechTarget

Microsoft declares conformance with ISO 27034-1

Microsoft has declared conformance with ISO 27034-1, the first part of an international standard for secure software development Continue Reading

By

• Warwick Ashford, Senior analyst

Cyber criminals hack Washington court system

Hackers gain access to the personal data of 160,000 US citizens after compromising Washington State court service servers Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

CW buyer's guide: context-aware security

This 11-page Computer Weekly buyer's guide looks at how organisations should approach context-aware security technologies and what business benefits they can deliver. Continue Reading

CW Special Report on CSC

This 16-page report from Computer Weekly analyses the challenges facing CSC, its financial performance, the services it offers, its place in the IT market and its future strategy. Continue Reading

US jails LulzSec hacker Cody Kretsinger

The US has jailed a member of hacktivist group LulzSec for a year for his role in breaching computer systems at Sony Pictures Entertainment in 2011 Continue Reading

By

• Warwick Ashford, Senior analyst