IT governance

IT governance provides the core workflows and processes that help IT managers to oversee the successful functioning of the IT department, and to prove the value of IT to the business. Regulations and compliance are just as important as technological and management skills, and we highlight the best practice in IT governance and the example of successful IT leaders.

News 25 Jan 2023
NCSC exposes Iranian, Russian spear-phishing campaign targeting UK

Spear-phishing campaigns likely linked to Iranian and Russian espionage activity are targeting persons of interest in the UK, warns the NCSC Continue Reading
News 25 Jan 2023
Arnold Clark cyber attack claimed by Play ransomware gang

A cyber attack that struck car dealer Arnold Clark prior to Christmas has been claimed as the work of the Play ransomware cartel Continue Reading

News 25 Jan 2023

Boards struggle to resolve cyber risk in digital supply chains

Accelerated digitisation of supply chains is introducing more cyber risk for which many organisations seem unprepared, according to the BSI’s annual report on supply chain risk Continue Reading
News 24 Jan 2023

UK insurers need to up their game on cyber gaps, says PRA

Gaps and limitations in how insurers respond to cyber risk need to be addressed, according to the Bank of England regulator, the Prudential Regulation Authority Continue Reading
News 24 Jan 2023

Nationwide Building Society CIO to join Co-operative Bank

Gary Delooze to join Co-operative Bank as CIO after six years heading up Nationwide Building Society’s IT department Continue Reading
News 24 Jan 2023

SSRF attacks hit 100,000 businesses globally since November

There has been a dramatic increase in attacks exploiting the ProxyNotShell/OWASSRF exploit chains to target Microsoft Exchange servers Continue Reading
News 24 Jan 2023

Fake online contest makes Yahoo! most phished brand of Q4 2022

Yahoo! was the most frequently phished brand during the last three months of 2022, according to a report Continue Reading
News 23 Jan 2023

CIO interview: Ed Higgs, group director of IT shared services, Rentokil Initial

The pest control provider has consolidated 77 datacentres globally to just three – but with a corporate culture of acquisitions, there’s still a lot more to do Continue Reading
News 23 Jan 2023

Trellix automates patching for 62,000 vulnerable open source projects

Since revealing startling statistics about the prevalence of a 15-year-old Python vulnerability, Trellix says it has helped fix almost 62,000 vulnerable projects in the past four months Continue Reading
Opinion 23 Jan 2023

The rise of fraud in pop culture is impacting consumers’ digital trust

Shows such as The Tinder Swindler and Inventing Anna were big money-earners for Netflix in 2022, but Onfido’s Mike Tuchen says their popularity risks damaging consumer trust Continue Reading
News 23 Jan 2023

Royal Society calls on public sector to pilot privacy tech

The Royal Society says public sector bodies should lead the way in piloting privacy-enhancing technologies to unlock the value of data without compromising privacy and data rights, but lack of standards and incentives mean adoption is slow Continue Reading
News 23 Jan 2023

NCSC warning over cyber risk to charity sector

Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC Continue Reading
News 22 Jan 2023

Royal Mail making limited progress on ransomware recovery

Royal Mail asks customers to hold back from sending post overseas as some services get back on track, while a report warns that disruptive attacks on critical infrastructure are set to become more common Continue Reading
News 20 Jan 2023

Veeam survey finds ransomware blocks digital transformation

Annual report shows secular trend to the cloud and increased use of containers, but prevalence of ransomware attacks means digital transformation is hindered Continue Reading
E-Zine 20 Jan 2023

CW APAC January 2023 – Trend Watch: CIO Trends

As we enter a new year, it remains vital for IT leaders to keep track of the latest developments across the industry. In this handbook, focused on CIO trends in the Asia-Pacific region, Computer Weekly looks at predictions for 2023, how the Australian Red Cross managed a donation surge, Mondelez’s digital transformation and Singapore’s public sector IT strategy Continue Reading
News 19 Jan 2023

International post resumes thanks to Royal Mail ‘workarounds’

Royal Mail has resumed limited international services after putting in place operational workarounds to bypass the impact of a ransomware attack Continue Reading
News 19 Jan 2023

KFC, Pizza Hut parent shuts UK restaurants after cyber attack

A ransomware attack on Yum! Brands, the parent organisation of restaurants including KFC and Pizza Hut, was forced to shut approximately 300 outlets in the UK following a ransomware attack by an unspecified group Continue Reading
News 19 Jan 2023

Mailchimp suffers third breach in 12 months

Email marketing service Mailchimp has suffered its third data breach in a year, but has been praised for being open about its latest attack Continue Reading
News 19 Jan 2023

UK seeks to ban sharing ‘positive’ Channel crossing videos online

Under UK government amendments to the Online Safety Bill, video footage that shows people crossing the Channel in a ‘positive light’ could be added to a list of illegal content that all tech platforms must proactively prevent from reaching users, while senior managers could face further criminal sanctions Continue Reading
News 19 Jan 2023

Newham Council rejects use of live facial-recognition tech by police

Live facial-recognition technology should not be used by police in Newham until biometric and anti-discrimination safeguards are in place, according to a motion passed unanimously by the council, but the Met Police and the Home Office have indicated they will not suspend its use Continue Reading
News 19 Jan 2023

Outdated IT infrastructure poses growing risk to UK Security Vetting

Delays to UKSV’s important work in safeguarding the country’s national security are in part down to a legacy IT estate in dire need of modernisation, says the NAO Continue Reading
News 18 Jan 2023

Ukraine CERT leaders touch down in London for talks

The UK’s NCSC has been hosting Ukrainian cyber security leaders for a round of bilateral talks on improving resilience Continue Reading
News 18 Jan 2023

Ukraine cyber teams responded to more than 2,000 attacks in 2022

The Ukrainian authorities responded to more than 2,000 major cyber incidents during 2022, and are blocking thousands more potential attacks every day Continue Reading
News 17 Jan 2023

Benelux CIO interview: Richard Ventre, SHV Holdings

In his role at Netherlands-based SHV Holdings, Richard Ventre is tackling the challenge of enabling a diverse set of digital transformations across a range of industries Continue Reading
News 17 Jan 2023

Cloudflare urged to clamp down on pirates, counterfeiters

A whitepaper produced by brand protection specialist Corsearch calls on Cloudflare to do more to stop online content piracy and sales of counterfeit goods Continue Reading
News 17 Jan 2023

Crest throws support behind CyberUp CMA reform campaign

Cyber accreditation association Crest International has lent its support to the CyberUp campaign for reform to the Computer Misuse Act of 1990 Continue Reading
News 17 Jan 2023

Royal Mail promises ‘workarounds’ to restore services after ransomware attack

Royal Mail CEO Simon Thompson apologises to customers whose businesses are being disrupted by a ransomware attack and promises a ‘workaround’ will be in place in the near future Continue Reading
News 16 Jan 2023

The Security Interviews: Protecting your digital self

Our digital self – the virtual presence of who we are online – has a pervasive influence in the real world. People make judgements based on these digital depictions, so what can be done to ensure positive representation? Continue Reading
E-Zine 16 Jan 2023

CW EMEA: Protecting the privacy of schoolchildren

In this month’s CW EMEA, we look at how schools in Germany have stopped using Microsoft Office 365 over lack of clarity over how data is collected, shared and used. We also delve into how former UK spy boss Richard Dearlove leaked names of MI6 secret agent recruiters in China to back an aggressive right-wing US campaign against tech company Huawei. Read the issue now. Continue Reading
News 14 Jan 2023

Experts concerned over silence around government obligation to review UK surveillance laws

The government is required to review the UK’s surveillance law, the Investigatory Powers Act, but experts say they are in the dark about its plans. The National Crime Agency’s operation Venetic has highlighted the need for urgent reforms Continue Reading
News 13 Jan 2023

LockBit cartel suspected of Royal Mail cyber attack

The still-developing cyber incident at Royal Mail may be the work of the infamous LockBit ransomware operation Continue Reading
News 12 Jan 2023

Companies warned to step up cyber security to become ‘insurable’

Investing in better IT security to protect against cyber crime will make businesses more resilient against other risks Continue Reading
Opinion 12 Jan 2023

Europe’s cyber security strategy must be clear about open source

Europe’s cyber security policy on open source is lagging behind the US, and despite growing government awareness of the issues, that poses a problem Continue Reading
News 12 Jan 2023

Guardian confirms Christmas 2022 cyber attack was ransomware

Guardian Media Group bosses confirm the 20 December cyber attack that left staff locked out of its London office and disrupted several key systems was an untargeted ransomware attack Continue Reading
News 11 Jan 2023

Royal Mail services hit by major cyber attack

UK postal service Royal Mail is asking customers not to send any overseas letters or parcels while it deals with the impact of an ongoing cyber attack Continue Reading
News 11 Jan 2023

Internet shutdowns cost global economy $24bn in 2022

Deliberate disruption of people’s access to the internet by governments is having a substantial economic impact and contributing to a range of human rights abuses, primarily against protestors Continue Reading
News 11 Jan 2023

Microsoft fixes EoP zero-day on January Patch Tuesday

On the first Patch Tuesday of 2023, Microsoft fixed an elevation of privilege vulnerability in Windows Advanced Local Procedure Call, which has been actively exploited in the wild and may be co-opted into ransomware campaigns Continue Reading
News 10 Jan 2023

Insurer Beazley introduces catastrophe bond to ease cyber risk

Insurance company Beazley says that its $45m cyber catastrophe bond will help to protect its balance sheet and enable it to offer more cyber insurance cover Continue Reading
News 10 Jan 2023

Former subpostmaster Alan Bates, who ‘pulled up trees and moved mountains’, turns down OBE offer

Alan Bates, who fought for decades to expose the Post Office Horizon IT scandal, says it would be inappropriate to accept an OBE when former Post Office CEO Paula Vennells still holds her CBE Continue Reading
News 08 Jan 2023

Vulnerable organisations to get free Cyber Essentials support

Charities and legal aid firms are among those to be offered free security checks and certifications from the National Cyber Security Centre Continue Reading
News 06 Jan 2023

Proposed digital fraud refund rules risk excluding many victims

Proposals to establish a fraud refund mechanism in the UK risk excluding many victims of digitally enabled fraud, a major bank has warned Continue Reading
News 06 Jan 2023

Russia’s Turla falls back on old malware C2 domains to avoid detection

Mandiant says it has observed the Russian APT UNC2410, also known as Turla, re-registering expired or sinkholed domains previously used by financially motivated cyber criminals Continue Reading
News 05 Jan 2023

Generative AI: Preparing for next-gen artificial intelligence

ChatGPT is one of a new breed of AI models that promises to deliver machine-based creativity Continue Reading
News 05 Jan 2023

Cyber gang abused free trials to exploit public cloud CPU resources

A South Africa-based cyber crime gang exploited free trials and introductory offers to run cryptominers via public cloud services, then did a runner without paying Continue Reading
News 05 Jan 2023

Warning over ransomware attacks spreading via Fortinet kit

Following the disclosure of a critical vulnerability in October 2022, Fortinet VPN devices were exploited in two known ransomware attacks, with access likely sold on the dark web Continue Reading
News 05 Jan 2023

Fallout from Guardian cyber attack to last at least a month

The Guardian newspaper’s offices remained shut into the New Year following a supposed ransomware attack, with disruption likely to last some time Continue Reading
Feature 05 Jan 2023

Securing low Earth orbit represents the new space race

The barriers to launching satellites into low Earth orbit are falling fast, and that brings new cyber security challenges Continue Reading
News 03 Jan 2023

Test of digital ID tech at Surrey nightclub proclaimed success

The majority of visitors to a Camberley venue who piloted a digital identification app developed by 1account said they found it easy to use and preferred it to standard physical ID Continue Reading
News 30 Dec 2022

Top 10 Computer Weekly Downtime Upload podcasts of 2022

The team began with a sombre episode about Ukraine and went on to tackle the more familiar topics of diversity, datacentre sustainability and data. New for 22: Cliff Saran’s interviews with IT thought leaders Continue Reading
Feature 29 Dec 2022

Cyber security professionals share their biggest lessons of 2022

In the run-up to 2023, cyber security professionals are taking the time to reflect on the past few months and share their biggest lessons of 2022 Continue Reading
News 29 Dec 2022

Top 10 technology and ethics stories of 2022

Here are Computer Weekly’s top 10 technology and ethics stories of 2022 Continue Reading
News 29 Dec 2022

Top 10 Nordic IT stories of 2022

Here are Computer Weekly's top 10 Nordic IT articles of 2022 Continue Reading
News 29 Dec 2022

Top 10 technology startup stories of 2022

Here are Computer Weekly’s top 10 technology startup stories of 2022 Continue Reading
Opinion 29 Dec 2022

How does red teaming test the ultimate limits of cyber security?

An expert ethical hacker reveals how he goes about carrying out a red team exercise Continue Reading
News 28 Dec 2022

Complaints that NCA failed in duty of candour over EncroChat warrants ‘incredible’, court hears

NCA lawyers argue that a decision by an NCA intelligence officer to disclose notes of a key meeting after two-and-a-half years boosts her credibility as a witness Continue Reading
News 28 Dec 2022

Top 10 Middle East IT stories of 2022

Here are Computer Weekly's top 10 Middle East IT articles of 2022 Continue Reading
News 23 Dec 2022

Top 10 financial services IT stories of 2022

Here are Computer Weekly’s top 10 financial services IT articles of 2022, looking back at the moves and changes over the past year Continue Reading
News 23 Dec 2022

Top 10 IT leadership interviews of 2022

Computer Weekly talks to more IT leaders than any other publication, so we can share insights into the latest in strategy and best practice from the top CIOs, CTOs and CDOs Continue Reading
News 23 Dec 2022

Top 10 Benelux IT stories of 2022

Here are Computer Weekly’s top 10 Benelux articles of 2022 Continue Reading
News 22 Dec 2022

Top 10 cyber security stories of 2022

The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides Continue Reading
News 22 Dec 2022

Top 10 crime, national security and law stories of 2022

Here are Computer Weekly’s top 10 crime, national security and law stories of 2022 Continue Reading
News 22 Dec 2022

Top 10 cyber crime stories of 2022

Cyber crime continued to hit the headlines in 2022, with impactful cyber attacks abounding, digitally enabled fraud ever more widespread and plenty of ransomware incidents Continue Reading
Opinion 21 Dec 2022

Post-Brexit cyber dynamics in the UK and Europe: diverging paradigms?

The UK faces a choice in terms of its ongoing cyber security relationship with the EU – to preserve its collaboration with the EU by adopting an aligned approach or to adopt a divergent approach Continue Reading
News 20 Dec 2022

TSB hit with huge fine after IT migration disaster

TSB has been fined nearly £50m due to failings during its IT migration catastrophe Continue Reading
Opinion 19 Dec 2022

Security Think Tank: 2022 brought plenty of learning opportunities in cyber

At the end of another busy 12 months, Turnkey Consulting’s Andrew Morris sums up some of the most important takeaways for cyber pros Continue Reading
News 16 Dec 2022

Shiseido data breach victims plan legal action over fake companies

Employees and former employees of cosmetics firm Shiseido whose data was stolen in a recent breach are planning group legal action after their information was used to establish fraudulent companies in their names Continue Reading
News 16 Dec 2022

UK unis implement new IP traffic policies to combat ransomware

Jisc will introduce new measures to protect UK universities and research institutions from ransomware attacks that exploit the Remote Desktop Protocol remote-access feature Continue Reading
News 15 Dec 2022

Digital Ethics Summit: Who benefits from new technology?

Experts at the 2022 Digital Ethics Summit say expedited development cycles and obviously over-hyped PR material, in tandem with the public’s near-total exclusion from conversations around technology, is creating distrust towards the tech sector Continue Reading
News 14 Dec 2022

Criminal Cases Review Commission calls on more convicted subpostmasters to come forward

The Criminal Cases Review Commission wants more former subpostmasters to come forward if they think they were prosecuted by the Post Office based on data from the error-prone Horizon computer system Continue Reading
News 14 Dec 2022

Private health provider data could be shared with NHS England

Plans are advancing to create a single source of healthcare data in England combining both private providers and the NHS to avoid a repeat of the Ian Paterson scandal Continue Reading
News 14 Dec 2022

NHS gets new guidance on public benefits of data sharing

NHS national data guardian Nicola Byrne has published new guidance on how health and social care bodies should approach the task of evaluating public benefit when using data for purposes beyond individual care Continue Reading
News 14 Dec 2022

Ethical hackers flex their muscles in 2022

Ethical hackers working through HackerOne programmes found 21% more vulnerabilities in 2022 than in 2021 Continue Reading
News 14 Dec 2022

Microsoft fixes two zero-days in final Patch Tuesday of 2022

December’s Patch Tuesday is typically a light month for Microsoft, and this year proved no exception, but there are still several critical issues worth addressing, and two zero-days for defenders to pore over Continue Reading
News 14 Dec 2022

New cyber approaches ease Registers of Scotland’s AWS migration

As the holder of the oldest national public land register in the world, Registers of Scotland has a storied history dating back centuries. Find out how Palo Alto Networks is keeping its processes and data secure as it goes all-in on Amazon Web Services Continue Reading
Opinion 14 Dec 2022

Security Think Tank: How much digital trust can you place on zero-trust?

The events of the past couple of years have highlighted many considerations that should be taken into consideration when pursuing a zero-trust strategy, says ISACA’s Steven Sim Kok Leong Continue Reading
News 13 Dec 2022

EU issues draft data adequacy decision in favour of US

The European Commission has concluded that the United States does ensure an adequate level of protection for personal data transferred from the European Union and will now launch the process towards the adoption of an adequacy decision Continue Reading
News 13 Dec 2022

More Uber data exposed in possible supply chain attack

A second incident affecting ride-sharing app Uber appears to have originated through a third party in a supply chain attack Continue Reading
E-Zine 13 Dec 2022

AI experts question tech industry’s ethical commitments

In this week’s Computer Weekly, the proliferation of ethical frameworks has done little to change how artificial intelligence is developed – we look at the challenges. We examine the future of the UK semiconductor sector as the government launches a review. And we hear how NatWest has put data at the heart of customer strategy. Read the issue now. Continue Reading
News 12 Dec 2022

Cloud-based fingerprint system for UK police nears completion

Police Digital Service announces that a new cloud-based fingerprint system developed under its Transforming Forensics programme is nearly complete, but data protection concerns around the use of US-based cloud providers remain Continue Reading
Opinion 12 Dec 2022

Security Think Tank: Embrace prioritisation, people, imperfections

Security and IT professionals should try to make peace with their imperfections in 2023, says Nominet CISO Paul Lewis Continue Reading
News 09 Dec 2022

Iranian APT seen exploiting GitHub repository as C2 mechanism

A subgroup of the Iran-linked Cobalt Mirage APT group has been caught taking advantage of the GitHub open source project as a means to operate its latest custom malware Continue Reading
News 09 Dec 2022

Online Safety Bill returns to Parliament

MPs and online safety experts have expressed concern about encryption-breaking measures contained in the Online Safety Bill as it returns to Parliament for the first time since its passage was paused in July Continue Reading
Opinion 09 Dec 2022

Security Think Tank: 2022 changed how we thought about resilience

Increasing cyber resilience is at the heart of the people-processes-technology triangle, and 2022 saw shifts in all three of these aspects, says PA Consulting’s Sharon Shochat Continue Reading
News 08 Dec 2022

Consumers to get new protections against dodgy apps

Government’s new code of practice will impose new privacy and security measures on app store operators and developers Continue Reading
News 08 Dec 2022

Apple to tap third party for physical security keys

Apple is launching a number of new security protections, including the addition of third-party-provided hardware security keys Continue Reading
News 07 Dec 2022

Clinicians who raised patient safety risks claim Berkshire NHS trust deleted email evidence

A tribunal hearing considering claims that an NHS trust destroyed email evidence and had put the safety of geriatric patients at risk, was cut short after clinicians faced “life-changing” costs Continue Reading
News 07 Dec 2022

Rackspace email outage confirmed as ransomware attack

An ongoing outage affecting Rackspace email customers is the result of a ransomware attack Continue Reading
News 07 Dec 2022

Google, MS, Oracle vulnerabilities make November ’22 a big month for patching

Vulnerabilities affecting the likes of Google, Microsoft and Oracle proved particularly troublesome in November Continue Reading
Opinion 07 Dec 2022

Security Think Tank: As cyber pros, we need to articulate our needs better

There is always a lot to learn about security, but one of the most important lessons may not relate to technology at all, says Petra Wenham Continue Reading
News 07 Dec 2022

Post Office scandal – “cock-up or cook-up”?

The second phase of the Post Office Horizon IT scandal raised more questions over who did what, when and where, with shocking revelations at every turn Continue Reading
News 06 Dec 2022

Legacy IT magnifies cyber risk for Defra, says NAO

Some 30% of Defra’s applications are currently unsupported, magnifying cyber risk as the government department struggles to make progress on a digital transformation programme Continue Reading
News 06 Dec 2022

EU fails to protect human rights in surveillance tech transfers

Transfers of surveillance technology from the European Union to African governments are carried out without due regard for the human rights impacts, the European Ombudsman has found after a year-long investigation into the European Commission’s management of an aid fund Continue Reading
News 06 Dec 2022

Don’t become an unwitting tool in Russia’s cyber war

Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack? Continue Reading
News 05 Dec 2022

Fake investment ads persist on Meta’s social networks

Online adverts for investment scams relating to property and crypto assets are still getting past measures designed to stop them Continue Reading
News 05 Dec 2022

DCMS to assess UK semiconductor industry

The ongoing global chip crisis, geopolitician tension with China and deal-blocking are the backdrop to this latest assessment Continue Reading
News 05 Dec 2022

Cohesity doubles down on cyber-defence failings via backup

Datahawk service and Data Security Alliance bring clean data restores, ransomware artefact detection, data vaulting and data audit for a clearer understanding of attack impact Continue Reading
News 05 Dec 2022

French cyber consultancy Hackuity sets up UK operation

Risk-based vulnerability management company is to establish a UK base of operations in the hope of expanding its enterprise client base Continue Reading
News 02 Dec 2022

Post Office boosted its ‘coffers’ as Horizon system threw up unexplained shortfalls, inquiry told

The Post Office was ‘keen’ to make subpostmasters cover unexplained accounting shortfall as its business struggled, public inquiry hears Continue Reading
News 02 Dec 2022

Twitter ‘replacement’ Hive Social shuts off service in privacy alert

Hive Social, a recently established social media network, has temporarily closed its servers to address deep structural privacy issues identified by ethical hackers Continue Reading
News 01 Dec 2022

MI6 chief’s hacked emails attacked MI5 and betrayed British spy operations in China

Former UK spy boss Richard Dearlove leaked names of MI6 secret agent recruiters in China to back an aggressive right-wing US campaign against tech company Huawei. His emails were hacked and then leaked – probably by Russian intelligence Continue Reading
News 01 Dec 2022

LastPass probes new cyber incident related to August attack

The August 2022 cyber attack on LastPass seems to have begat another incident, according to company CEO Karim Toubba Continue Reading
News 30 Nov 2022

Microsoft 365 banned in German schools over privacy concerns

German schools cannot legally use Microsoft Office 365 over lack of clarity about how data is collected, shared and used, as well as the potential for unlawful transfer of European citizens’ personal data to the US Continue Reading