Data breach incident management and recovery

Blasé directors put business data at risk

The higher up within a business you go, the more likely you are to find people intentionally leaking confidential data, says Egress Continue Reading

Girlguiding hosts interactive cyber security workshop

100 Guides from South West England took part in an NCSC event to learn more about security fundamentals Continue Reading

Untrusted security teams being left out of business decisions

Only a third of organisations are involving their cyber security function at the planning stage of business initiatives Continue Reading

Is this Netflix-style thriller the future of security training?

Cyber awareness specialists at KnowBe4 reckon that bringing Netflix-style production values to corporate videos heralds a new approach to security training Continue Reading

Mastercard opens European security resilience unit

Mastercard’s European Cyber Resilience Centre will bring together its partners and other industry bodies to support enterprise resilience Continue Reading

Cyber criminals spread coronavirus conspiracy theories

The latest email campaigns identified by Proofpoint are spreading conspiracy theories about the coronavirus outbreak Continue Reading

Emotet evolving to exploit coronavirus fear

With coronavirus cases now reported across the world, Emotet campaigns are exploiting legitimate fears to compromise their targets Continue Reading

Chinese military personnel accused of Equifax hack

A US federal grand jury has indicted four Chinese army personnel over the 2017 Equifax breach Continue Reading

Security Think Tank: Zero trust is complex, but has rich rewards

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

Security Think Tank: No trust in zero trust need not be a problem

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

Stressed, overworked CISOs losing £23k a year in unpaid overtime

Nominet’s latest CISO Stress Report has revealed the extent to which organisations are taking advantage of their security staff, and the deleterious effects of overwork and stress on mental health Continue Reading

Web app ubiquity gives cyber criminals new opportunities

The popularity and ubiquity of web-based apps such as Office 365 and Salesforce is a temptation too good to miss for cyber criminals Continue Reading

NHS adds supplier security audits to procurement platform

A new feature in the NHS’s Edge4Health procurement platform will help NHS suppliers improve their cyber security posture and NHS organisations make better buying decisions Continue Reading

Security Think Tank: Zero trust – just another name for the basics?

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

Davos: The clock is ticking on climate change but cyber crime and emerging technologies add to risks

Climate change, natural disasters, extreme weather and loss of biodiversity are the greatest risks we face. With cyber conflicts, state-sponsored hacking and internet fragmentation, doing nothing is not an option, says the World Economic Forum Continue Reading

UK police arrest three over Maltese cyber bank robbery

The NCA has made three arrests in Belfast and London following an investigation into money laundering linked to a cyber heist on a bank in Malta Continue Reading

NCSC launches study on cyber security diversity

The UK’s National Cyber Security Centre wants to improve the diversity of the cyber security sector Continue Reading

UK cyber security sector worth more than £8bn

The UK’s cyber security industry employs 43,000 full-time workers, and contributed nearly £4bn to the UK economy in 2019, according to DCMS Continue Reading

NHS suffers fewer ransomware attacks, but threat persists

Ransomware attacks against the NHS have tapered off dramatically, according to statistics obtained under FoI legislation, but this does not mean the threat has diminished Continue Reading

Met Police could deploy facial recognition against protesters

Live facial recognition will be rolled out operationally by the Met Police, but police monitoring group Netpol believes it will hamper people’s ability to exercise their rights to protest Continue Reading

Organisations losing control of cloud data

Data is more widely dispersed in enterprise clouds than most organisations think, and as a result they are at risk of losing control of it, according to a report Continue Reading

IT must play its part in tackling the climate crisis

In this week’s Computer Weekly, we look at this year’s World Economic Forum and find out how the IT sector is aiming to help tackle climate change. Our buyer’s guide assesses onsite, offsite and cloud-based disaster recovery. And IT contractors are up in arms about the government’s loan charge policy – we examine the issues. Read the issue now. Continue Reading

Data privacy benefits outweigh spend, says Cisco

Cisco’s 2020 data privacy study shows organisations can generate substantial returns on their data privacy and protection spending Continue Reading

Security Think Tank: Bug bounties are changing the image of hackers

The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading

Cyber gangsters publish staff passwords following ‘Sodinokibi’ attack on car parts group Gedia

Sodinokibi hacking group steps up pressure on German automotive manufacturer by publishing information, including the CEO’s computer password and sensitive details of its IT systems, on the internet Continue Reading

Travelex hackers shut down German car parts company Gedia in massive ‘cyber attack’

Car parts manufacturer says cyber attack will have far-reaching consequences for its business, and it has put emergency plans in place to continue deliveries Continue Reading

CISOs fear becoming the next Travelex

Poll of security professionals by the organisers of the Infosecurity Europe trade fair highlights huge gaps in incident response capabilities Continue Reading

End-user security ignorance laid bare in new report

Proofpoint’s 2020 State of the Phish report highlights an urgent need for better user training and reporting Continue Reading

Citrix releases IoC scanner for ADC and Gateway vulnerabilities

As patches for its compromised NetScaler ADC and Gateway products begin to roll out, Citrix enlists FireEye Mandiant to develop an indicator of compromise scanner for end-users Continue Reading

Internal error left Microsoft customer service data exposed

Customer service and support records of nearly 250 million Microsoft customers left exposed after database misconfiguration Continue Reading

5G builders test vulnerabilities in Finnish hackathon

University hackathon puts 5G security to the test as new wireless technology’s roll-out nears Continue Reading

High-street banks face disruption three weeks after Travelex hack

Foreign exchange services still disrupted, three weeks after Travelex received a $6m ransom demand from cyber gangsters Continue Reading

Don’t become the next Travelex: Get ready for ransomware

With Travelex’s IT still in disarray and banks and travellers left without access to funds more than a week after it was hit by a ransomware attack, we ask what others can learn from the foreign exchange services company’s response to the incident. Continue Reading

How to avoid becoming the next Travelex

In this week’s Computer Weekly, we look at the lessons learned from the ransomware attack on Travelex and how other firms can avoid the same fate. As Microsoft ends support for Windows 7, we examine the issues for the many remaining users of the operating system. And healthcare CIOs explain the tech challenges facing the NHS. Read the issue now. Continue Reading

Exposed AWS buckets again implicated in multiple data leaks

A series of data leaks in the past week have once again implicated poorly secured Amazon S3 buckets, which are supposed to be private by default Continue Reading

GDPR nets more than €100m in fines, with more to come

Fines totalling €114m have already been collected under GDPR, and this figure will spike in 2020 if the UK regulator succeeds in imposing record fines on BA and Marriott Continue Reading

Security Think Tank: Teens in basements don’t represent a positive security culture

The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading

Cops take down data wholesale operation

The Police Service of Northern Ireland and the Dutch cyber crime unit have made two arrests in an operation targeting a website that provided criminals with access to billions of personal credentials Continue Reading

Thailand gets ready for data protection law

Thailand’s personal data protection law comes into effect in May 2020, subjecting organisations to new rules that safeguard the personal data of individuals Continue Reading

Lorca announces new cohort of 20 security scaleups

20 scaleups will focus their attention on automation, zero trust and supply chain security Continue Reading

Travelex warns customers to be alert to phone scams

Under-fire forex provider warns that criminals may try to take advantage of its predicament to scam customers Continue Reading

Threat landscape grew in complexity in 2019, no respite in sight

Check Point’s annual state of security report shares some 2019 trends and looks ahead to 2020 Continue Reading

Two-thirds of UK healthcare organisations breached last year

The majority of healthcare organisations in the UK experienced a cyber security incident during 2019, with almost half the result of viruses and malware introduced on third party devices Continue Reading

Researchers find cryptojacker hiding in Wav audio file

Victim network was compromised by obfuscated malware hiding a Monero cryptominer, lurking inside a Wav audio file Continue Reading

Podcast: The Computer Weekly Downtime Upload – Episode 42

In this week’s episode of the Computer Weekly Downtime Upload podcast, Caroline Donnelly, Clare McDonald and Brian McKenna greet the new decade with reflections on the Travelex ransomware attack and Dominic Cummings’ call for data science to rejuvenate Whitehall. And they take stock of the retail sector’s grim 2019, while remembering to mention the big story of the moment: Harry and Meghan Continue Reading

Cyber criminals spend three months lurking in target networks

Cyber criminals are spending longer hiding in target networks before launching their attacks, as more organised groups turn to business disruption to achieve their objectives Continue Reading

Travelex to begin restoring foreign exchange services two weeks after ‘Sodinokibi’ attack

Travelex says it is making “good progress” in its recovery and is to begin restoring electronic foreign exchange services, but is silent about whether it has agreed to pay hackers a $6m ransom to decrypt computer files Continue Reading

National Lottery hacker jailed for nine months

Small-time cyber criminal jailed for his role in a cyber attack on lottery operator Camelot that netted him just £5 Continue Reading

Learning from the Travelex cyber attack: Failing to prepare is preparing to fail

The key lesson to take from the Travelex breach is that an effective response to a breach is a critical business function and no longer the sole province of the IT department Continue Reading

Travelex hackers threaten to sell credit card data on dark web

Sodinokibi cyber gangsters have threatened to sell Travelex customers’ private data on a Russian underground cyber crime forum if it fails to pay a $6m ransom Continue Reading

Retail group Dixons Carphone fined £500,000 over data breach

Dixons Carphone receives maximum possible pre-GDPR fine from the ICO following a 2018 data breach Continue Reading

Don’t become the next Travelex: Get ready for ransomware

With Travelex’s IT still in disarray and banks and travellers left without access to funds more than a week after it was hit by a ransomware attack, we ask what others can learn from the foreign exchange services company’s response to the incident Continue Reading

PowerTrick backdoor used to target high-value businesses

Threat actors are exploiting a PowerShell-based backdoor called PowerTrick to go after high-value targets, warns SentinelLabs Continue Reading

Whisper it… but could a cyber attack be good for your career?

All too often it’s the CISO who carries the can for an enterprise security failure, but this might not be a bad thing. There’s lots of evidence to suggest that falling victim to a cyber attack may actually enhance your CV Continue Reading

New GDPR service aims to ease compliance challenges

Security consultants claim their software platform will address a pressing need for an effective and efficient means of complying with data protection rules Continue Reading

Security Think Tank: Changing attitudes to cyber is a team sport

The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading

TikTok video-sharing app left user data exposed

Check Point uncovered serious vulnerabilities in the TikTok video-sharing app that left users exposed Continue Reading

Security Think Tank: Hero or villain? Creating a no-blame culture

The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading

Security Think Tank: Get your users to take pride in security

The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading

Cyber gangsters demand payment from Travelex after ‘Sodinokibi’ attack

Cyber criminals are demanding payment to decrypt Travelex’s computer files after a devastating malware attack. New questions have been raised about the security of Travelex’s computer network after it emerged the company waited eight months to patch vulnerable VPN servers Continue Reading

UK cyber security boss Ciaran Martin to step down

NCSC chief Ciaran Martin will leave his post in the summer of 2020 Continue Reading

Security Think Tank: Let’s call time on inciting fear among users

The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading

Suspected ransomware attack causes worldwide disruption for Travelex

Travelex switches off computer systems and resorts to cash-only currency sales after malware attack. Insiders claim the currency exchange chain has been hit by ransomware which has left critical files containing customer data encrypted Continue Reading

Security Think Tank: Put information at the heart of security

The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading

How Darktrace is riding the AI boom

Cyber security firm known for its artificial intelligence smarts doubled its headcount across Asia-Pacific last year in key markets including Australia and South Korea Continue Reading

California’s CCPA an opportunity for security industry to do better

California’s consumer protection and data privacy laws came into effect on 1 January 2020, and present a golden opportunity for the cyber security practitioners Continue Reading

Top 10 ASEAN IT stories of 2019

Here are Computer Weekly’s top 10 ASEAN IT stories of 2019 Continue Reading

Can the UK government’s efforts solve the cyber skills gap?

There has been an active effort by the UK government to tackle the lack of skills in the cyber security space – but is it enough? Continue Reading

Top 10 cyber crime stories of 2019

Here are Computer Weekly’s top 10 cyber crime stories of 2019 Continue Reading

Top 10 cyber security stories of 2019

Here are Computer Weekly’s top 10 cyber security stories of 2019 Continue Reading

Finnish government supports local authorities in cyber security initiative

The Finnish government has committed resources to a cyber security project aimed at local authorities Continue Reading

Top 10 Australia IT stories of 2019

Here are Computer Weekly’s top 10 Australia IT stories of 2019 Continue Reading

Group-IB CEO talks up global threat landscape

Public attribution of cyber attacks could backfire while a global cyber norms framework won’t emerge until a catastrophic incident occurs, says the head of Singapore-based Group-IB Continue Reading

Security Think Tank: Data-centric security requires a holistic approach

The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading

Alarm bells ring, the IoT is listening

With Christmas bearing down on us, a series of vulnerability disclosures has drawn attention to the parlous state of IoT security, and serves as a timely warning to people planning to buy smart devices as gifts Continue Reading

Security Think Tank: Data-centric security requires context and understanding

The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading

Top tips for avoiding and dealing with data breaches

Been hacked, lost a laptop or sent an email to the wrong address? Do you need to notify anyone and what should you do? Find out in this simple guide Continue Reading

Security Think Tank: Risk-based response critical to protect data

The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading

Rapid evolution of quantum computing a concern for CISOs

With the race to achieve so-called quantum supremacy hotting up, security pros are concerned that it will outpace the development of appropriate safeguards, according to a report Continue Reading

Public sector still losing user devices in high numbers

The Ministry of Justice has lost 354 smartphones, PCs, laptops and tablets in the past 12 months, according to a Freedom of Information request, and other government departments are in the same boat Continue Reading

How commodities firm ED&F Man solved its threat detection challenges

After a minor server breach, leading commodities trader turned to Vectra’s Cognito service to expose hidden threats, spot privilege misuse, and conduct conclusive investigations Continue Reading

Cyber security takes its place alongside UK’s armed services

Head of armed services says cyber security will take its place alongside the army, navy and air force as a key pillar of the UK’s defence strategy Continue Reading

Security Think Tank: Is data more or less secure in the cloud?

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

Great Cannon DDoS operation fires on Hong Kong protesters

AT&T’s security unit has evidence that China is pressing its Great Cannon DDoS tool into service once again, specifically to target pro-democracy protests in Hong Kong Continue Reading

Two Russians indicted over Dridex and Zeus malware

The US Department of Justice has indicted two Russian citizens over their alleged role in the distribution of the virulent Bugat, or Dridex, and Zeus banking trojans Continue Reading

Black Hat Europe: Red teams and blue teams must evolve in the 2020s

The red team versus blue team dichotomy is somewhat arbitrary and risks pigeonholing skilled security professionals into certain roles, says Facebook’s Amanda Rousseau Continue Reading

Cyber security: How to avoid a disastrous PICNIC

Fieldfisher’s David Lorimer examines how individual employees often facilitate cyber attacks, and what can be done to reduce the risk Continue Reading

TfL locks down Oyster accounts to ward off credential stuffing

Mandatory password reset for all travellers who use Oyster and contactless payment systems follows minor breach incident earlier in 2019 Continue Reading

Hack Friday: This Christmas, fight back against cyber criminals

It’s nearly Christmas, and cyber attacks and fraud attempts in the retail sector are ramping up. Is it time to panic? And is there anything we can do beyond hammering home the message around basic cyber security hygiene? Continue Reading

Get ready for CCPA: Implications for UK businesses

The California Consumer Privacy Act, a wide-ranging data privacy and consumer protection law, comes into effect on 1 January 2020. How does CCPA differ from the EU GDPR regulations and what are the responsibilities for UK businesses operating in the US? Continue Reading

The Security Interviews: Do cyber weapons need a Geneva Convention?

On a cold afternoon in Finland, F-Secure’s Mikko Hypponen discusses cyber weapons and nation state threats, and explains why arms limitations treaties might one day expand to include malware and other threats Continue Reading

Security skills gap will take a decade to fill

The British education systems cannot move fast enough to address the security skills crisis, and in the absence of government action increased reliance on automation may be the least worst solution Continue Reading

Enterprises muddled over cloud security responsibilities

A McAfee study suggests that 2020 will be a big year for cloud adoption, but confusion still persists over who is responsible for securing it Continue Reading

CW500 Interview: Jonathan Moreira, CTO of PrimaryBid.com

In this CW500 video, Jonathan Moreira, CTO of PrimaryBid.com, gives a fintech startup’s perspective on the security challenges small businesses can face when adopting new technologies. Continue Reading

AI may open dangerous new frontiers in geopolitics

Truly artificial intelligence has the potential to provoke an international geopolitical crisis, warns F-Secure’s Mikko Hypponen Continue Reading

Conservatives propose national cyber crime force

Manifesto also says Tories would “empower the police to safely use new technologies like biometrics and artificial intelligence, along with the use of DNA, within a strict legal framework” Continue Reading

Mystery surrounds leak of four billion user records

Threat researchers uncover four billion user records on a wide-open Elasticsearch server but who left them there is a mystery Continue Reading

British Airways cancels flights due to technical issue

British Airways customers are suffering delays and cancellations as a result as a technical issue Continue Reading

Mimecast blocked 99 billion suspicious emails in third quarter

Latest threat intelligence report reveals the scale of the threat posed by malicious emails, with the transport, legal and financial sectors hit hardest Continue Reading

Massive increase in fraud attacks on TSB customers during IT meltdown

There was a massive spike in attempts by fraudsters to steal from TSB customers when the bank’s IT systems failed in 2018 Continue Reading