Cloud security

How Mimecast thinks differently about email security

Mimecast CEO Peter Bauer believes the company’s comprehensive approach towards email security has enabled it to remain relevant to customers for two decades Continue Reading

Half A Rack In Half A Day: Building A Private Cloud

Having entered my 39th (gulp!) year in IT, it’s fair to say I’ve had to endure more than my fair share of IT hype and BS. Many are the times at live events I’ve done a tally chart on the number of ... Continue Reading

How Zscaler is cracking APAC’s cloud security market

Zscaler’s head in Asia-Pacific and Japan, Scott Robertson, talks up the company’s growth momentum in the region and what it is doing to address areas where it can do better Continue Reading

Top 30 incident response interview questions

Job interviews are nerve-wracking, but preparation can help minimize jitters and position you to land the role. Get started with these incident response interview questions. Continue Reading

Podcast: 2023 compliance and storage outlook

Geopolitical instability casts its shadow as organisations must think about cyber attacks, data location and what to do if things change quickly. We talk to Mathieu Gorge, CEO of Vigitrust Continue Reading

LastPass attack saw employee’s home computer hacked

The ongoing investigation into a series of linked security incidents at LastPass has found that the attacker was successfully able to compromise a developer’s home PC using a vulnerability in a media software package Continue Reading

Building an incident response framework for your enterprise

Understanding incident response framework standards and how to build the best framework for your organization is essential to prevent threats and mitigate cyber incidents. Continue Reading

How to create a CSIRT: 10 best practices

The time to organize and train a CSIRT is long before a security incident occurs. Certain steps should be followed to create an effective, cross-functional team. Continue Reading

Top incident response service providers, vendors and software

Get help deciding between using in-house incident response software or outsourcing to an incident response service provider, and review a list of leading vendor options. Continue Reading

Top incident response tools: How to choose and use them

The OODA loop can help organizations throughout the incident response process, giving insight into which tools are needed to detect and respond to security events. Continue Reading

Singapore organisations struggle to operationalise threat intelligence

Organisations in the city-state were satisfied with the quality of their threat intelligence, but they struggled to operationalise the information due to talent shortages and other challenges Continue Reading

How to tame the identity sprawl

Organisations should find a comprehensive way to gain full visibility into their digital identities and leverage automation to tame the identify sprawl Continue Reading

Where next for NHS IT?

In this week’s Computer Weekly, as NHS Digital is folded into NHS England, we consider what the merger could mean for the future of NHS IT. We find out how data science and analytics has become an increasingly important function for the John Lewis Partnership. And we examine the importance of building empathy into metaverse applications. Read the issue now. Continue Reading

Akamai eyes cloud market with Connected Cloud

Akamai marks foray into cloud computing with a distributed cloud computing platform that is touted to make it easier for enterprises to get applications and data closer to their customers Continue Reading

How to become an incident responder: Requirements and more

Incident response is a growth field that provides career growth options and a good salary. Here's an in-depth look at job requirements, salaries and available certifications. Continue Reading

How Check Point is keeping pace with the cyber security landscape

Check Point Software CEO Gil Shwed talks up the company’s growth areas, its approach to cloud security and the impact of generative AI on cyber security Continue Reading

Incident response: How to implement a communication plan

Communication is critical to an effective incident response plan. Here are five best practices organizations can use to gather and share information. Continue Reading

Top 10 types of information security threats for IT teams

Common security threats range from insider threats to advanced persistent threats, and they can bring an organization to its knees unless its in-house security team is aware of them and ready to respond. Continue Reading

APAC buyer’s guide to SASE

In this buyer’s guide on secure access service edge services, we look at the benefits of the technology, key considerations and the market landscape Continue Reading

10 types of security incidents and how to handle them

Cyberattacks are more varied than ever. Learn the key symptoms that signal a problem and how to respond to keep systems and data safe. Continue Reading

Ransomware operator turns their fire on two-year-old VMware bug

A vulnerability in VMware ESXi servers that users should have patched in 2021 is now being exploited to spread ransomware Continue Reading

Australian organisations underinvesting in cyber security

Over half of Australian organisations failed to invest enough in cyber security over past three years, though awareness is improving in aftermath of high-profile data breaches Continue Reading

How to build an incident response plan, with examples, template

With cyber threats and security incidents growing by the day, every organization needs a solid incident response plan. Learn how to create one for your company. Continue Reading

Cloud security top risk to enterprises in 2023, says study

A PwC study finds senior executives expect cyber attacks on cloud services to increase significantly this year Continue Reading

ATO renews major Macquarie deal

The contract renewal will enable the Australian Tax Office to tap Macquarie’s security operations centre, among other services, to secure its IT environment and protect sensitive data Continue Reading

Zero-trust implementations remain work in progress

Just one in 10 large enterprises are expected to have mature and measurable zero-trust programmes in place by 2026, study finds Continue Reading

Japan researchers develop new data encryption method

Researchers from Tokyo University of Science have combined the best of homomorphic encryption and secret sharing in a new method to handle encrypted data Continue Reading

Veeam survey finds ransomware blocks digital transformation

Annual report shows secular trend to the cloud and increased use of containers, but prevalence of ransomware attacks means digital transformation is hindered Continue Reading

Alibaba: Generative AI among top tech trends in 2023

Alibaba’s research arm Damo Academy has recently published a list of top trends that are likely to shape the technology landscape this year. Chief among them is the rise of generative AI, which ... Continue Reading

Cyber gang abused free trials to exploit public cloud CPU resources

A South Africa-based cyber crime gang exploited free trials and introductory offers to run cryptominers via public cloud services, then did a runner without paying Continue Reading

Securing low Earth orbit represents the new space race

The barriers to launching satellites into low Earth orbit are falling fast, and that brings new cyber security challenges Continue Reading

Cyber security professionals share their biggest lessons of 2022

In the run-up to 2023, cyber security professionals are taking the time to reflect on the past few months and share their biggest lessons of 2022 Continue Reading

Top 10 ASEAN IT stories of 2022

Despite the challenges over the past year, ASEAN businesses have taken things in stride as they press on with digital transformation, whether it is empowering citizen developers or building cloud-native applications Continue Reading

Mitiga researchers disclose AWS Elastic IP hijacking vulnerability

Cloud incident response supplier Mitiga has said a new AWS feature has led to a vulnerability that could allow hackers to access and steal Elastic IP addresses and gain control over AWS accounts Continue Reading

Top 10 cyber security stories of 2022

The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides Continue Reading

Security Think Tank: 2022 brought plenty of learning opportunities in cyber

At the end of another busy 12 months, Turnkey Consulting’s Andrew Morris sums up some of the most important takeaways for cyber pros Continue Reading

New cyber approaches ease Registers of Scotland’s AWS migration

As the holder of the oldest national public land register in the world, Registers of Scotland has a storied history dating back centuries. Find out how Palo Alto Networks is keeping its processes and data secure as it goes all-in on Amazon Web Services Continue Reading

Finnish government launches information security voucher scheme

Finland’s government is offering businesses financial support to help them improve their cyber security Continue Reading

Cloud-based fingerprint system for UK police nears completion

Police Digital Service announces that a new cloud-based fingerprint system developed under its Transforming Forensics programme is nearly complete, but data protection concerns around the use of US-based cloud providers remain Continue Reading

How Zscaler is cracking APAC’s cloud security market

Zscaler’s head in Asia-Pacific and Japan talks up the company’s growth momentum in the region and what it is doing to address areas where it can do better Continue Reading

Security Think Tank: 2022 changed how we thought about resilience

Increasing cyber resilience is at the heart of the people-processes-technology triangle, and 2022 saw shifts in all three of these aspects, says PA Consulting’s Sharon Shochat Continue Reading

Apple to tap third party for physical security keys

Apple is launching a number of new security protections, including the addition of third-party-provided hardware security keys Continue Reading

Australia to develop new cyber security strategy

New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals Continue Reading

Security Think Tank: The more you buy, the less you protect

The most important lesson learned this year is that the more controls you have in place, the less secure you become, argues 2-sec’s Tim Holman Continue Reading

Microsoft 365 banned in German schools over privacy concerns

German schools cannot legally use Microsoft Office 365 over lack of clarity about how data is collected, shared and used, as well as the potential for unlawful transfer of European citizens’ personal data to the US Continue Reading

NIS regulations to be extended to cover MSPs

The UK government is moving ahead with plans to update the Network and Information Systems regulations to bring outsourcers and MSPs into scope Continue Reading

Panzura partners with AWS on ransomware counter-measures

Panzura might have slipped beneath the waves, but it’s come back reinvigorated, and now boasts integration with AWS with ransomware protection and Outposts hardware Continue Reading

Plexal inducts six into cyber leadership scheme

Tech innovation hub Plexal is expanding its Cyber Runway programme with a new Ignite strand dedicated to supporting high-potential security leaders Continue Reading

Not-for-profit aims to encourage 1,300 girls into cyber careers

CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber Continue Reading

Global network fragmentation a source of increasing risk

Risk consultancy’s report says the weaponisation of cyber space and geopolitical clashes herald a breakdown of global networks into distinct regional or national architectures Continue Reading

How Google and Mandiant are forging synergies in cyber security

Google’s AI smarts and Mandiant’s intelligence on new and emerging threats could lay the foundation of proactive security Continue Reading

MoD recruits Immersive Labs to bolster cyber resilience

UK’s Ministry of Defence will run cyber drills and address its security talent gap with Immersive Labs’ CyberPro, Cyber Crisis Simulator and Application Security products Continue Reading

CW Benelux: Heineken finds the right brew for digital

Heineken’s data management director has revealed some of the ways the company is using information technology to transform digitally. Also read how a PhD student in the Netherlands is detecting hidden messages on the internet by exploring the practice of steganography. Continue Reading

How the US-China chip war will affect IT leaders

In this week’s Computer Weekly, as the US ramps up semiconductor sanctions on China, we examine the ramifications across the tech sector. Cyber criminals are turning to new forms of encryption – we talk to the Dutch researchers trying to catch them. And we look at what cloud providers need to do to improve customer experience. Read the issue now. Continue Reading

Microsoft: Nation-state cyber attacks became increasingly destructive in 2022

The willingness of nation-state actors to conduct destructive cyber attacks is a source of grave concern, as Microsoft’s latest annual Digital Defence Report lays bare Continue Reading

The Security Interviews: Building trust online

Consumer reviews website Trustpilot has built and scaled its IT security team and is now turning to agile methods and DevSecOps to further enhance its cyber capabilities Continue Reading

Dropbox code compromised in phishing attack

Cloud storage service says malicious actors successfully accessed some of its code within GitHub, but insists customer data is secure Continue Reading

OpenSSL vulnerabilities ‘not as bad as feared’

As previously trailed, OpenSSL patched two buffer overflow vulnerabilities, neither of them as impactful as had been feared Continue Reading

Why Supply Chain Security Attacks Are So Damaging

Commonly in cyber security-related conversations, strategic references to the edge, boundary, endpoint, cloud etc are commonplace as potential areas of vulnerability. However, in several recent ... Continue Reading

Prepare today for potentially high-impact OpenSSL bug

OpenSSL trailed a critical vulnerability patch last week, which will be only the second such flaw ever found in the open source encryption project. Unfortunately, the first was Heartbleed Continue Reading

Security Think Tank: Container security: why so different?

Done well, container security can be a model for securing the enterprise, and businesses that focus their teams on solving it can help accelerate positive change in other areas Continue Reading

How has container security changed since 2020, and have we taken it too far?

While containers are now one of the most popular ways to deploy applications, it is fair to say that the adoption and implementation of security best practice to govern their use has not kept up Continue Reading

Microsoft slams external researchers over its own data leak

Microsoft inadvertently leaked customer data after misconfiguring an Azure Blob, but has hit out at the organisation that discovered its error, claiming it is exaggerating the scope of the issue Continue Reading

Gartner: Remote work, zero trust, cloud still driving cyber spend

Security leaders are eager to spend on categories including remote and hybrid cyber offerings, zero-trust network access, and cloud Continue Reading

How Cloudflare is staying ahead of the curve

Cloudflare co-founder and CEO Matthew Prince talks up what has changed since the company’s first business plan was written in 2009 and how it keeps pace with the fast-moving network security landscape Continue Reading

Security Think Tank: Design security in to reap container benefits

Provided container security basics are built into your development and runtime environment from the start, containerised services and applications can provide rapid – and secure – achievement of business objectives Continue Reading

Air gaps for backup and how they help against ransomware

The air gap is a basic of backups and storage. We look at what’s meant by an air gap, the rise of the logical air gap, and its place in the fight against ransomware Continue Reading

Inside Dell Technologies’ zero-trust approach

Dell Technologies’ zero-trust reference model starts with defining business controls and having a central control plane that manages all the security aspects of an organisation’s infrastructure Continue Reading

Most hackers exfiltrate data within five hours of gaining access

Insights from more than 300 sanctioned adversaries, otherwise known as ‘ethical’ hackers, reveal that around two-thirds are able to collect and exfiltrate data within just five hours of gaining access Continue Reading

Threat actors abused lack of MFA, OAuth in spam campaign

Microsoft threat researchers have reported on a series of cyber attacks in which enterprises with lax IAM policies had their systems hijacked to conduct spam email campaigns Continue Reading

Nordic private equity firms pursue cyber security acquisitions

Increasing interest in the security sector from Nordic private equity firms is a reflection of growing threats and increasing enterprise security budgets Continue Reading

Cloudflare: Our network is our product

Cloudflare’s chief product officer explains why its network is its product and how it protects organisations against cyber threats. Continue Reading

Microsoft patches 64 vulnerabilities on September Patch Tuesday

Microsoft drops fixes for five critical vulnerabilities and one zero-day in its latest monthly update Continue Reading

Cloud compromise a doddle for threat actors as victims attest

Two separate studies into the state of public cloud security reveal insight into the ease with which threat actors can compromise vast numbers of targets, and some of the challenges security teams are facing in the cloud Continue Reading

Users warned over Azure Active Directory authentication flaw

Secureworks researchers found what they say is a serious vulnerability in an Azure Active Directory authentication method, but Microsoft says it should not pose a serious risk to users Continue Reading

How data security posture management complements CSPM

Data security posture management can provide comprehensive defense-in-depth security for cloud data. Find out more about how DSPM policies move with the data. Continue Reading

CISOs should spend on critical apps, cloud, zero-trust, in 2023

Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts Continue Reading

NCSC CyberUK event heads to Belfast in 2023

National Cyber Security Centre’s annual CyberUK roadshow is crossing the Irish Sea to Belfast in April 2023 Continue Reading

Dutch cyber security organisations to join forces

Cyber security organisations in the Netherlands are going to merge into a single central expertise centre and information hub, which all organisations in the country will soon be able to tap into Continue Reading

August ’22 a bumper month for high-impact vulnerabilities

Bugs in products from Apple, Google, Microsoft and VMware dominated the threat landscape in August, says Recorded Future Continue Reading

Cyber threats to Europe’s grid: Utilities rethink strategy

The separation of operational and information technology at utilities across Europe is opening doors for cyber criminals Continue Reading

Security Think Tank: Good procurement practices pave the way to app security

Application security is as much a question of good procurement practice as it is good development practice, says Petra Wenham of the BCS Continue Reading

How Okta is regaining customer trust after a cyber attack

In early 2022, cyber firm Okta was among several tech companies hit by the Lapsus$ gang. Vice-president of customer trust Ben King talks about how he has been working behind the scenes to rebuild confidence after the incident Continue Reading

Dutch government finally allowed to use public cloud

Public cloud is finally within reach for Dutch public services. Previously, the Dutch government was only allowed to use private clouds due to risks concerning privacy and security Continue Reading

Kaspersky threat data added to Microsoft Sentinel service

Microsoft and Kaspersky have agreed a collaboration to integrate Kaspersky’s threat data feeds into Microsoft’s cloud-native SIEM/SOAR service Continue Reading

Cozy Bear targets MS 365 environments with new tactics

Cozy Bear, or APT29, is trying out new tricks as it seeks access to its targets’ Microsoft 365 environments Continue Reading

Inside Singapore’s national digital identity journey

Singapore’s national digital identity system has evolved from providing single sign-on to e-government services to pandemic-related and digital document capabilities in recent years Continue Reading

Growing MFA use spurs ‘pass-the-cookie’ attacks

The exploitation of stolen session cookies by cyber criminals is once again back on the agenda, thanks to the growing popularity of multifactor authentication tools Continue Reading

NHS may take a month to recover from supply chain attack

Ransomware attack victim Advanced warns its NHS customers they could be waiting until early September to fully recover their operations Continue Reading

SASE vs SSE – Is SASE One “A” Better?

One of the problems with acronym-defined industry “go to’s” in IT, is that they can easily be misconstrued and/or a myriad variations on a theme emerge from the original – thereby confusing the ... Continue Reading

NCSC startups scheme turns focus to operational technology, SME security

NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses Continue Reading

Retail software firm PrestaShop warns users about SQL injection attacks

Open source e-commerce platform PrestaShop warns thousands of small retailers that their customers’ credit card details may be at risk of compromise Continue Reading

NCSC seeks community input for Cyber Advisor service

The NCSC is proposing to establish a new Cyber Advisor service to train up experts in security guidance, and is inviting interested parties to come forward Continue Reading

Latest Atlassian Confluence vulnerability raises concerns

CVE-2022-26138 is the second major vulnerability disclosure made for Atlassian’s Confluence collaboration platform in recent months Continue Reading

(ISC)² expands entry-level cyber programme after UK success

Flush with success from a UK certification programme, reaching 100k in the UK, (ISC)² now wants to provide free security certification to a million people worldwide Continue Reading

Cato aims to bust cyber myths as it extends network protections

Cato Networks is beefing up its platform’s security features with ransomware and data loss protections, and the firm’s security strategy lead Etay Maor is using the occasion – and his unique access to billions of data points from the firm’s network – to explode some cyber myths Continue Reading

Russia’s Cozy Bear abusing Dropbox, Google Drive to target victims

Russian APT known as Cozy Bear has become adept at quickly incorporating popular cloud storage services into its attack chain to avoid detection Continue Reading

Tracking the rise of homeworking across the UK

In this week’s Computer Weekly, new figures show that homeworking has more than doubled in the UK due to the pandemic – we look at the regional differences. The pressure is growing on cyber security teams – we analyse the expert advice on how to avoid staff burnout and lost talent. And we examine the important role that tech startups play in the rapid growth of Amazon Web Services. Read the issue now. Continue Reading

CW APAC: Buyer’s guide to backup and recovery software

The cyber threat landscape leaves firms with little room for error. In this handbook, focused on backup and recovery software in the Asia-Pacific region, Computer Weekly looks at data protection capabilities, how Veeam aims to achieve a market-leading position, Rubrik’s focus on recovery and Kubernetes’s mission to meet the challenges of containerised application environments. Continue Reading

SASE - The Importance Of Spelling It Out In Full

First to note that in these financially – and politically – challenging times, it’s good to see serious investment still in the security area of IT. Let’s face it – we need it more than ever. In ... Continue Reading