IT governance
IT governance provides the core workflows and processes that help IT managers to oversee the successful functioning of the IT department, and to prove the value of IT to the business. Regulations and compliance are just as important as technological and management skills, and we highlight the best practice in IT governance and the example of successful IT leaders.
-
News
02 May 2025
Government and Ofcom disagree about scope of Online Safety Act
MPs heard different views from the online harms regulator and the UK government about whether and how the Online Safety Act obliges platforms to deal with disinformation Continue Reading
-
News
01 May 2025
Harrods becomes latest UK retailer to fall victim to cyber attack
Harrods confirms it is the latest UK retailer to experience a cyber attack, shutting off a number of systems in an attempt to lessen the impact Continue Reading
-
Opinion
04 Sep 2024
Cyber firms need to centre their own resilience
The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading
-
News
03 Sep 2024
TSB systems could be on the move again as BBVA eyes its parent
TSB was migrated to the systems of Sabadell in a project remembered for its monumental IT meltdown in 2018 Continue Reading
-
News
30 Aug 2024
Norwegian Refugee Council leverages Okta for Good cyber scheme
Pietro Galli, CIO of the Norwegian Refugee Council, reveals how the globally distributed NGO has been taking advantage of the Okta for Good CSR programme to improve its own cyber security and data protection practice, and elevate good practice in the third sector Continue Reading
-
News
29 Aug 2024
Iranian APT caught acting as access broker for ransomware crews
Members of Iran-backed Pioneer Kitten APT appear to be trying to supplement their pay packets by helping Russian-speaking ransomware gangs to access their victims in exchange for a cut of the profits Continue Reading
-
Opinion
29 Aug 2024
Cyber law reform should be top of Labour's policy list
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
29 Aug 2024
Study highlights secure software supply chain best practices
Security trends report from open source firm shows the approaches IT leaders take to secure their software supply chain Continue Reading
-
News
29 Aug 2024
Met Police deploy LFR in Lewisham without community input
The Met’s latest live facial recognition deployment in Catford has raised concerns over the lack of community engagement around the police force’s use of the controversial technology Continue Reading
-
Opinion
29 Aug 2024
Governments looking to "small IT” for greater project success
Governments should invest in smaller pilots, hypothesis testing and co-development with vendors before committing to large production rollouts to avoid project failures Continue Reading
-
Opinion
28 Aug 2024
A coherent Labour cyber strategy depends on consistency
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
28 Aug 2024
Iranian APT Peach Sandstorm teases new Tickler malware
Peach Sandstorm, an Iranian state threat actor, has developed a dangerous new malware strain that forms a key element of a rapidly evolving attack sequence Continue Reading
-
News
28 Aug 2024
Global cyber spend to rise 15% in 2025, pushed along by AI
Security spending will increase at pace in 2025, with artificial intelligence, cloud and consultancy services all pushing outlay to new highs, according to Gartner Continue Reading
-
Opinion
27 Aug 2024
Extending zero-trust principles to endpoints
By combining zero-trust principles with other security strategies and continuously monitoring and improving their security posture, organisations can effectively mitigate risks and protect their resources, says Gartner's Nikul Patel Continue Reading
-
Opinion
27 Aug 2024
The US courts may have thrown a wrench into cyber regulation
A recent decision by the US Supreme Court to overrule the longstanding Chevron Deference has serious implications for global cyber security regulation Continue Reading
-
Opinion
27 Aug 2024
Public education on security must be a top priority for Labour
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
26 Aug 2024
Linus Torvalds discusses Linux development, security and AI at KubeCon
Linus Torvalds delves into the challenges in Linux development, the importance of swift security responses, and artificial intelligence’s future role in kernel programming Continue Reading
-
News
22 Aug 2024
Post Office apologises for IT problem text alert that was never sent
After subpostmasters complained they received no communications from the Post Office when they could not log in to the Horizon IT system, the organisation admits a text message alert failed to be sent Continue Reading
-
News
21 Aug 2024
Pakistani national arrested over Southport ‘cyber terrorism’
Authorities in Pakistan have arrested a man on suspicion of cyber terrorism over his role in the spread of online misinformation in the wake of the Southport knife attack Continue Reading
-
Opinion
20 Aug 2024
From manifesto to material: What No. 10 needs to make reality
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
20 Aug 2024
ICO launches privacy notice tool for SMEs
ICO tool designed to make it easier for small businesses and sole traders operating online to create bespoke data privacy notices for compliance purposes Continue Reading
-
News
20 Aug 2024
Phishing links becoming bigger threat than email attachments
Phishing techniques are evolving away from malicious email attachments, according to a report Continue Reading
-
News
19 Aug 2024
Popular Microsoft apps for Mac at risk of code injection attacks
Researchers at Cisco Talos turn up evidence suggesting that Microsoft apps running on the Apple macOS operating system are not as secure as they seem Continue Reading
-
Opinion
19 Aug 2024
How might the UK's cyber landscape change under Labour?
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
16 Aug 2024
Thousands of NetSuite customers accidentally exposing their data
Misconfigured permissions across live websites are leaving thousands of NetSuite users open to having their valuable customer data stolen, researchers say Continue Reading
-
News
16 Aug 2024
Campaigners criticise Starmer post-riot public surveillance plans
A UK government programme to expand police facial recognition and information sharing after racist riots is attracting criticism from campaigners for exploiting the far-right unrest to generally crack down on protest and increase surveillance Continue Reading
-
Opinion
15 Aug 2024
Google's cookie conundrum: What comes next?
Google's revised approach to third-party cookies shouldn't come as a surprise, and may also be welcome Continue Reading
-
Opinion
15 Aug 2024
With the right tools and strategy, public cloud should be safe to use
Despite the complexity and evolving nature of threats, with the right strategy, tools, and constant vigilance, businesses can safely and securely leverage public cloud services Continue Reading
-
News
14 Aug 2024
Automated police tech contributes to UK structural racism problem
Civil society groups say automated policing technologies are helping to fuel the disparities that people of colour face across the criminal justice sector, as part of wider warning about the UK’s lack of progress in dealing with systemic racism Continue Reading
-
News
14 Aug 2024
IR35 public sector reforms: HS2 finalises £6.2m settlement with HMRC over compliance failings
After setting aside over £10m to cover its IR35 compliance liabilities, HS2 accounts confirm the organisation reached a final settlement with HMRC totalling £6.2m Continue Reading
-
News
13 Aug 2024
NIST debuts three quantum-safe encryption algorithms
NIST has launched the first three quantum-resistant encryption algorithms, and as the threat of quantum-enabled cyber attacks grows greater, organisations are encouraged to adopt them as soon as they can Continue Reading
-
Opinion
13 Aug 2024
Labour's first cyber priority must be the NHS
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
Feature
12 Aug 2024
AI interview: Thomas Dekeyser, researcher and film director
On the politics of ‘techno-refusal’, and the lessons that can be learned from a clandestine group of French IT workers who spent the early 1980s sabotaging technological infrastructure Continue Reading
-
Feature
09 Aug 2024
How UK firms can get ready for the implementation of NIS2
Many British companies will need to adhere to NIS2’s cyber security risk management and reporting requirements if they want to continue operating in the EU market and avoid huge fines Continue Reading
-
News
09 Aug 2024
The Security Interviews: Google’s take on confidential computing
We speak to Google’s Nelly Porter about the company’s approach to keeping data as safe as possible on Google Cloud Continue Reading
-
News
08 Aug 2024
Royal ransomware crew puts on a BlackSuit in rebrand
The Royal ransomware gang is back, with a new name and refreshed capabilities, including an apparently unique ‘partial encryption’ gambit, according to CISA Continue Reading
-
News
08 Aug 2024
US lawmakers seek to brand ransomware gangs as terrorists
Proposals from legislators in Washington DC could shake up the global ransomware ecosystem and give law enforcement sweeping new powers Continue Reading
-
News
08 Aug 2024
Ofcom issues online safety warning to firms in wake of UK riots
Ofcom has issued a warning reminding social media firms of their upcoming online safety obligations, after misinformation about the Southport stabbings sparked racist riots throughout the UK Continue Reading
-
News
07 Aug 2024
Microsoft and CrowdStrike hit back at Delta’s legal threats
Microsoft and CrowdStrike have rejected claims by Delta Air Lines that it was left high and dry amid thousands of flight cancellations during July’s software outage, accusing the airline of ignoring their offers of help and running out-of-date IT systems Continue Reading
-
Opinion
07 Aug 2024
Cyber security adoption is vital to Scotland’s space race
Scotland has a golden opportunity to capitalise on space technology to make itself a global leader, but to maximise its potential in the new space race, more attention must be paid to cyber security risk Continue Reading
-
Podcast
07 Aug 2024
Securing data in GCP: A Computer Weekly Downtime Upload podcast
We speak to Google’s director of product management for confidential computing about ensuring the protection of data in use Continue Reading
-
News
06 Aug 2024
2024 seeing more CVEs than ever before, but few are weaponised
The number of disclosed CVEs soared by 30% in the first seven-and-a-half months of the year, but a tiny fraction of these have been exploited by threat actors, a reminder of the importance of focused security strategies Continue Reading
-
E-Zine
06 Aug 2024
Migrating to S/4Hana – how the Co-op made its move
In this week’s Computer Weekly, as SAP users prepare for the deadline to move off the ECC platform, we find out how the Co-op is migrating to S/4Hana. Our latest buyer’s guide looks at how to manage SaaS and on-premise software licensing. And we talk to former NCSC CEO Ciaran Martin about the true risks from nation-state cyber attacks. Read the issue now. Continue Reading
-
News
05 Aug 2024
Chinese cyber attack sparks alert over six-year-old MS vuln
After a proof-of-concept for a six-year-old Microsoft vulnerability emerged in a Chinese APT attack chain, defenders should be on the look-out for exploitation of CVE-2018-0824 Continue Reading
-
News
05 Aug 2024
World’s largest companies at near-universal risk of supply chain breach
Data from SecurityScorecard once again focuses on the interconnected nature of business supply chains and the risk posed to operational resilience by unexpected IT problems and cyber threats Continue Reading
-
Opinion
05 Aug 2024
Cyber lessons, and priorities for the UK's new government
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
Opinion
02 Aug 2024
Labour should focus on talent to improve UK's cyber posture
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
01 Aug 2024
CrowdStrike shareholders sue, alleging false security claims
A US pension fund is lining up a lawsuit against CrowdStrike, claiming the cyber company lied about the integrity of its systems, leading to failings that caused a worldwide IT outage Continue Reading
-
Opinion
01 Aug 2024
Is it time to refresh the UK's cyber strategy?
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
01 Aug 2024
Banks, telcos call for more data sharing to fight fraud
A Which?-led coalition of banks and telecoms operators is calling on the UK's new government to take the lead on enabling data sharing to help fight digital fraud Continue Reading
-
Opinion
31 Jul 2024
When critical cyber response becomes second nature
When alerts and headlines blare out warnings of critical vulnerabilities in widely-used software, the cyber security community needs to adopt a more decisive and clear-cut approach, says Huntress' Chris Henderson Continue Reading
-
News
31 Jul 2024
Campaigners call for evidence to reform UK cyber laws
The CyberUp Campaign for reform of the 1990 Computer Misuse Act launches an industry survey inviting cyber experts to share their views on how the outdated law hinders legitimate work Continue Reading
-
News
31 Jul 2024
Mayor launches London Privacy Register for smart city information
To increase transparency around and trust in London’s smart city technology deployments, the London Privacy Register aims to provide the public with more information about the systems they encounter in their day-to-day lives Continue Reading
-
News
31 Jul 2024
Breach costs soar as record ransomware payment made
IBM publishes data on the spiralling costs of cyber attacks and data breaches, while researchers identify what appears to be the largest ransomware payment ever made Continue Reading
-
Feature
30 Jul 2024
CISO mentoring – who to turn to when the worst happens
Those who get the role of a CISO may have overcome some professional hurdles, but are they ready to face what comes as part of the job? And who do they ask for advice? We look at the mentoring dilemma Continue Reading
-
News
30 Jul 2024
UK competition watchdog scrutinises Alphabet and Anthropic tie-up
The Competition and Markets Authority is looking at whether Alphabet’s $2bn investment in AI startup Anthropic is anti-competitive Continue Reading
-
News
30 Jul 2024
Government commits at least £540m to financial redress for wrongfully convicted Post Office staff
Hundreds of eligible former subpostmasters and branch staff are yet to come forward to have convictions overturned, but government hopes new scheme will encourage them to do so Continue Reading
-
Feature
29 Jul 2024
CrowdStrike update chaos explained: What you need to know
A botched software update at cyber security firm CrowdStrike has caused IT chaos around the world. Learn more about the global CrowdStrike update outage as it develops Continue Reading
-
News
29 Jul 2024
CrowdStrike says most Falcon sensors now up and running
The vast majority of CrowdStrike Falcon sensors affected by a coding error have now been recovered, with a final resolution expected this week Continue Reading
-
News
29 Jul 2024
WTO digital trade agreement aims to modernise global commerce
A digital trade deal negotiated over five years at the World Trade Organization has been signed by 91 countries, laying the groundwork for a new global digital trade regime Continue Reading
-
Opinion
26 Jul 2024
Mastering data privacy in the age of AI
AI continues to revolutionise how organisations operate, using vast amounts of personal data to make smart, informed decisions. However, this incredible potential comes with concerns about data privacy. DQM GRC's Mark James explores the issues. Continue Reading
-
News
26 Jul 2024
Ban predictive policing and facial recognition, says civil society
A coalition of civil society groups is calling for an outright ban on predictive policing and biometric surveillance in the UK Continue Reading
-
Opinion
26 Jul 2024
Cloud security challenges not just technological
The Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading
-
News
26 Jul 2024
Vince Cable says the Post Office ‘lied’ to the government over Horizon issues
In the latest Post Office scandal public inquiry hearings, Vince Cable and Greg Clark reflected on their time as the minister heading the department responsible for the Post Office Continue Reading
-
News
25 Jul 2024
North Korean cyber APT targeting nuclear secrets
Mandiant has upgraded the North Korean threat actor known as Andariel to APT status and warned of coordinated efforts to steal western military IP, including nuclear secrets Continue Reading
-
News
25 Jul 2024
Why is CrowdStrike allowed to run in the Windows kernel?
Microsoft has pointed the finger at EU regulators, blaming them for a ruling that means it needs to offer third parties access to the core Windows OS Continue Reading
-
News
25 Jul 2024
Fortune 500 stands to lose $5bn plus from CrowdStrike incident
The largest global organisations hit by the CrowdStrike-Microsoft incident on 19 July will likely be out of pocket to the tune of billions of dollars Continue Reading
-
News
24 Jul 2024
CrowdStrike blames outage on content configuration update
CrowdStrike publishes the preliminary findings of what will be a lengthy investigation into the root causes of the failed 19 July update that caused Windows computers to crash all over the world Continue Reading
-
News
24 Jul 2024
Mimecast to buy insider threat specialist Code42
Mimecast is to buy fellow human-centred risk experts Code42 for an undisclosed sum to take advantage of its insider threat and data loss protection specialisms Continue Reading
-
News
24 Jul 2024
ICO reprimands Essex school for illegal facial recognition use
The Information Commissioner’s Office has reprimanded Chelmer Valley High School in Chelmsford for introducing facial recognition and failing to conduct a legally required data protection impact assessment and obtain the explicit consent of students Continue Reading
-
News
23 Jul 2024
Former minister felt she was fighting department over Post Office controversy
Former government minister was fighting with Shareholder Executive officials as she probed for information following allegations brought to her by MPs Continue Reading
-
News
23 Jul 2024
Chrome cookies reprieved amid Google Privacy Sandbox changes
Google abruptly changes tack on third-party cookies in its Chrome web browser, cancelling plans to deprecate them in favour of an unspecified ‘new experience’ for users Continue Reading
-
Feature
23 Jul 2024
Enhancing mobile app security with behaviour-based biometrics
Behavioural-based biometrics offer tantalising advantages over more traditional biometric solutions. Learn about some of the benefits and potential challenges for safe and secure implementation Continue Reading
-
News
22 Jul 2024
CrowdStrike chaos shows risks of concentrated ‘big IT’
The concentration of so much mission-critical technology in the hands of a few large suppliers makes incidents like the Microsoft-CrowdStrike outage all the more dangerous Continue Reading
-
News
22 Jul 2024
Ed Davey and Jo Swinson ‘handled’ by civil servants in Post Office cover-up, says Sir Alan Bates
Evidence in public inquiry revealed how ministers in charge of Post Office were left in the dark at a time when campaigners, MPs and journalists were looking for answers Continue Reading
-
Opinion
22 Jul 2024
Fundamental guardrails to address AI risk and value
Leveraging existing governance approaches and current success will make AI governance less daunting while supporting business goals Continue Reading
-
Feature
18 Jul 2024
Kubernetes at 10: From stateless also-ran to ‘platform to build platforms’
Sergey Pronin of Percona was all for ‘Kubernetes for stateless’ at a time when it was hard to provision storage and day-two services – then Operators and Stateful Sets came along Continue Reading
-
News
17 Jul 2024
UK Cyber Bill teases mandatory ransomware reporting
In the Cyber Security and Resilience Bill introduced in the King's Speech, the UK's new government pledges to give regulators more teeth to ensure compliance with security best practice and to mandate incident reporting Continue Reading
-
News
17 Jul 2024
Hackney Council reprimanded over 2020 ransomware attack
The London Borough of Hackney has been reprimanded by the ICO over a series of failures that led to a devastating cyber attack, but at the same time, the regulator praised the local authority for its response and commitment to making improvements Continue Reading
-
News
16 Jul 2024
Strategic Defence Review must emphasise cyber security, says industry
Cyber security leaders say the new government's Strategic Defence Review needs to put digital security front and centre Continue Reading
-
News
16 Jul 2024
CMA looks deeper into Microsoft’s AI hirings
Microsoft recently hired two former co-founders of AI specialist Inflection AI, and signed a deal to host the company’s AI model on Azure Continue Reading
-
News
15 Jul 2024
NHS Trusts cancelled over 6,000 appointments after Qilin cyber attack
The two NHS Trusts most heavily impacted by the Qilin ransomware attack on pathology services provider Synnovis have cancelled over 6,000 appointments and procedures in the past five weeks Continue Reading
-
News
15 Jul 2024
How Snowflake is tackling AI challenges
Snowflake’s regional leader Sanjay Deshmukh outlines how the company is helping customers to tackle the security, skills and cost challenges of AI implementations Continue Reading
-
News
15 Jul 2024
Civil servant said subpostmasters’ threat of legal action was ‘sabre-rattling’
Post Office scandal public inquiry hears damning evidence capping off a bad week for the reputation of high-profile civil servants Continue Reading
-
News
12 Jul 2024
AT&T loses ‘nearly all’ phone records in Snowflake breach
Hackers have stolen records of virtually every call made by AT&T's customers during a six-month period in 2022, after compromising the US telco's Snowflake data environment Continue Reading
-
News
12 Jul 2024
Public awareness of ID security grows, but big obstacles remain
Consumers are improving their awareness of the issues around digital identity security, but there are still some big issues preventing many from doing better, according to an Okta report Continue Reading
-
News
12 Jul 2024
IBM: Reimagine processes to unlock AI’s value
Asia-Pacific organisations must reimagine processes for AI success, says IBM’s general manager for the region, Paul Burton Continue Reading
-
News
11 Jul 2024
Dutch research firm TNO pictures the SOC of the future
In only a few years, security operations centres will have a different design and layout, and far fewer will remain Continue Reading
-
News
10 Jul 2024
The security interview: Managing the ‘no’ mindset
Matt Riley, data protection and information security officer at Sharp Europe, discusses balancing cyber risks with business leaders’ goals Continue Reading
-
News
09 Jul 2024
Hyper-V zero-day stands out on a busy Patch Tuesday
Microsoft has fixed almost 140 vulnerabilities in its latest monthly update, with a Hyper-V zero-day singled out for urgent attention Continue Reading
-
News
09 Jul 2024
Chinese spies target vulnerable home office kit to run cyber attacks
China’s APT40 is ramping up targeting of victims using vulnerable small and home office networking kit as command and control infrastructure, according to an international alert Continue Reading
-
News
09 Jul 2024
Lessons from war: How Israel is fighting Iranian state-backed hacking
The general director of the Israel National Cyber Directorate talks about the rise in cyber attacks and what lessons the country has gleaned to defend against hacking from foreign parties Continue Reading
-
Opinion
09 Jul 2024
Automating public services - a careful approach
Automation is increasingly integrated into public services, promising enhanced efficiency, cost savings, and improved service quality Continue Reading
-
News
09 Jul 2024
Revamped DSIT to transform digital public services, says government
The incoming government sets out preliminary plans to conduct a major revamp and relaunch of the Department for Science, Innovation and Technology Continue Reading
-
News
08 Jul 2024
Synnovis attack highlights degraded, outdated state of NHS IT
More cyber attacks against the health service are likely, and will succeed if something isn’t done to address the increasingly elderly NHS IT estate, experts are warning Continue Reading
-
News
03 Jul 2024
NCA’s Operation Morpheus targets illicit Cobalt Strike use
International law enforcement operation targets cyber criminals using the Cobalt Strike penetration testing framework for dodgy purposes Continue Reading
-
News
03 Jul 2024
Former Post Office chair 'regrets' keeping critical Horizon report secret
Tim Parker, chairman of the Post Office from 2015 to 2022, admits he should not have accepted legal advice to prevent release of a review that could have supported victims of the Horizon scandal Continue Reading
-
Opinion
03 Jul 2024
Cyber Essentials at 10: Success or failure?
The Cyber Essentials scheme passed its 10th anniversary in June 2024. CyberSmart's Adam Pilton reflects on progress and argues that more needs to be done to raise security awareness among Britain's small business community Continue Reading
-
Opinion
02 Jul 2024
Security Think Tank: Securing today's ubiquitous cloud environment
The Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage Continue Reading
-
Feature
01 Jul 2024
Security in the public cloud explained: A guide for IT and security admins
In this guide, IT security and industry experts share their top recommendations for protecting public cloud deployments Continue Reading
-
Feature
27 Jun 2024
7 supply chain resilience strategies to use now
Weather events, geopolitical unrest and other disruptions are occurring more frequently. These seven supply chain resilience techniques can help manage them. Continue Reading
-
News
27 Jun 2024
Gulf Edge to operate Google Distributed Cloud in Thailand
The Gulf Energy subsidiary will offer Google’s sovereign cloud service in Thailand with a focus on air-gapped configurations Continue Reading