IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
21 Jul 2024
CrowdStrike update snafu affected 8.5 million Windows devices
About 8.5 million devices globally were hit by the botched CrowdStrike update, with a significant number now back online and operational Continue Reading
-
News
17 Jul 2024
How iProov is fending off deepfake fraud
Facial biometrics and controlled illumination can detect liveness, verify identities and help prevent deepfake attacks Continue Reading
-
News
25 Jul 2024
North Korean cyber APT targeting nuclear secrets
Mandiant has upgraded the North Korean threat actor known as Andariel to APT status and warned of coordinated efforts to steal western military IP, including nuclear secrets Continue Reading
-
Feature
25 Jul 2024
CrowdStrike update chaos explained: What you need to know
A botched software update at cyber security firm CrowdStrike has caused IT chaos around the world. Learn more about the global CrowdStrike update outage as it develops Continue Reading
-
News
25 Jul 2024
Fortune 500 stands to lose $5bn plus from CrowdStrike incident
The largest global organisations hit by the CrowdStrike-Microsoft incident on 19 July will likely be out of pocket to the tune of billions of dollars Continue Reading
-
News
24 Jul 2024
CrowdStrike blames outage on content configuration update
CrowdStrike publishes the preliminary findings of what will be a lengthy investigation into the root causes of the failed 19 July update that caused Windows computers to crash all over the world Continue Reading
-
News
24 Jul 2024
Mimecast to buy insider threat specialist Code42
Mimecast is to buy fellow human-centred risk experts Code42 for an undisclosed sum to take advantage of its insider threat and data loss protection specialisms Continue Reading
-
News
23 Jul 2024
Innovations to power secure-by-design development
Secure Code Warrior unveils technology designed to help CISOs and AppSec teams ensure their projects remain safe and free of coding errors and vulnerabilities – a big issue following the CrowdStrike incident Continue Reading
-
News
22 Jul 2024
NCSC: Beware of criminal CrowdStrike opportunists
Financially motivated cyber criminals are already conducting opportunistic attacks on organisations that leverage the CrowdStrike incident, and more targeted attacks are sure to follow Continue Reading
-
News
22 Jul 2024
CrowdStrike chaos shows risks of concentrated ‘big IT’
The concentration of so much mission-critical technology in the hands of a few large suppliers makes incidents like the Microsoft-CrowdStrike outage all the more dangerous Continue Reading
-
News
21 Jul 2024
CrowdStrike update snafu affected 8.5 million Windows devices
About 8.5 million devices globally were hit by the botched CrowdStrike update, with a significant number now back online and operational Continue Reading
-
News
19 Jul 2024
Global Microsoft outage hits NHS GP IT system
The Emis Web IT system used by more than half of GP practices in the UK is down, following the worldwide Microsoft outage Continue Reading
-
News
18 Jul 2024
Lawyers and journalists seeking ‘payback’ over police phone surveillance, claims former detective
Former Durham detective will be required to give evidence to a tribunal investigating allegations that police unlawfully monitored journalists’ phones Continue Reading
-
News
17 Jul 2024
UK Cyber Bill teases mandatory ransomware reporting
In the Cyber Security and Resilience Bill introduced in the King's Speech, the UK's new government pledges to give regulators more teeth to ensure compliance with security best practice and to mandate incident reporting Continue Reading
-
News
17 Jul 2024
How iProov is fending off deepfake fraud
Facial biometrics and controlled illumination can detect liveness, verify identities and help prevent deepfake attacks Continue Reading
-
News
16 Jul 2024
Strategic Defence Review must emphasise cyber security, says industry
Cyber security leaders say the new government's Strategic Defence Review needs to put digital security front and centre Continue Reading
-
News
15 Jul 2024
How Snowflake is tackling AI challenges
Snowflake’s regional leader Sanjay Deshmukh outlines how the company is helping customers to tackle the security, skills and cost challenges of AI implementations Continue Reading
-
News
11 Jul 2024
Dutch research firm TNO pictures the SOC of the future
In only a few years, security operations centres will have a different design and layout, and far fewer will remain Continue Reading
-
News
11 Jul 2024
Inside Israel’s cyber security operations
An emergency phone line allows cyber security analysts at the Israel Computer Emergency Response Team to map threats against national infrastructure Continue Reading
-
News
10 Jul 2024
The security interview: Managing the ‘no’ mindset
Matt Riley, data protection and information security officer at Sharp Europe, discusses balancing cyber risks with business leaders’ goals Continue Reading
-
News
09 Jul 2024
Hyper-V zero-day stands out on a busy Patch Tuesday
Microsoft has fixed almost 140 vulnerabilities in its latest monthly update, with a Hyper-V zero-day singled out for urgent attention Continue Reading
-
News
09 Jul 2024
Chinese spies target vulnerable home office kit to run cyber attacks
China’s APT40 is ramping up targeting of victims using vulnerable small and home office networking kit as command and control infrastructure, according to an international alert Continue Reading
-
Opinion
09 Jul 2024
Automating public services - a careful approach
Automation is increasingly integrated into public services, promising enhanced efficiency, cost savings, and improved service quality Continue Reading
-
News
08 Jul 2024
Synnovis attack highlights degraded, outdated state of NHS IT
More cyber attacks against the health service are likely, and will succeed if something isn’t done to address the increasingly elderly NHS IT estate, experts are warning Continue Reading
-
Opinion
04 Jul 2024
Safeguarding democracy from cyber threat peril
There has been an increase in disturbing activity emerging on the dark web involving the sale of public sector assets, including election data Continue Reading
-
News
03 Jul 2024
NCA’s Operation Morpheus targets illicit Cobalt Strike use
International law enforcement operation targets cyber criminals using the Cobalt Strike penetration testing framework for dodgy purposes Continue Reading
-
Opinion
03 Jul 2024
Cyber Essentials at 10: Success or failure?
The Cyber Essentials scheme passed its 10th anniversary in June 2024. CyberSmart's Adam Pilton reflects on progress and argues that more needs to be done to raise security awareness among Britain's small business community Continue Reading
-
Opinion
02 Jul 2024
Security Think Tank: Securing today's ubiquitous cloud environment
The Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage Continue Reading
-
News
28 Jun 2024
How FWD is driving its digital strategy
FWD’s group chief technology and operations officer talks up how the pan-Asian insurer is driving change faster and putting technology at the heart of its services Continue Reading
-
News
28 Jun 2024
How Recorded Future is operationalising threat intelligence
Recorded Future is investing in APIs to enable automated security workflows, among other measures, to help organisations overcome the hurdles of operationalising threat intelligence Continue Reading
-
Podcast
28 Jun 2024
No cyber barriers: A Computer Weekly Downtime Upload podcast
We speak to Sharp Europe’s data protection and information security officer about how to balance cybersecurity with the needs of the business Continue Reading
-
News
26 Jun 2024
Israel’s cyber chief calls for international front against Iranian hackers
Israel’s cyber chief has called for international action against Iran over state-backed hacking Continue Reading
-
News
26 Jun 2024
Police Scotland did not consult ICO about high-risk cloud system
Police Scotland chose not to formally consult with the data regulator about the risks identified with a cloud-based digital evidence sharing system, while the regulator itself did not follow up for nearly three months Continue Reading
-
News
25 Jun 2024
WikiLeaks founder Julian Assange freed from prison
A deal reached with US authorities will end the WikiLeaks founder’s years-long legal saga, setting him free if he pleads guilty to a criminal conspiracy charge Continue Reading
-
News
24 Jun 2024
Sellafield pleads guilty to criminal charges over cyber security
Nuclear Decommissioning Authority-backed organisation Sellafield Ltd pleads guilty to criminal charges brought over significant cyber security failings that could have compromised sensitive nuclear information Continue Reading
-
News
21 Jun 2024
Sellafield whistleblower ordered to pay costs after email tampering claims
A former consultant at Sellafield has been ordered to pay costs for having ‘acted unreasonably’ in claiming the nuclear facility tampered with metadata in letters used against her in court Continue Reading
-
News
21 Jun 2024
Qilin ransomware gang publishes stolen NHS data online
The ransomware gang behind a major cyber attack on NHS supplier Synnovis has published a 400GB trove of private healthcare data online Continue Reading
-
News
21 Jun 2024
ICO police cloud guidance released under FOI
Long-awaited guidance from the UK data regulator on police cloud deployments highlights some potential data transfer mechanisms it thinks can clear up ongoing legal issues, but tells forces it’s up to them to decide if the measures would work Continue Reading
-
Opinion
19 Jun 2024
Why AI is talking politics this year
AI is already playing a part in this year’s General Election - for good and bad Continue Reading
-
News
19 Jun 2024
Microsoft admits no guarantee of sovereignty for UK policing data
Documents show Microsoft’s lawyers admitted to Scottish policing bodies that the company cannot guarantee sensitive law enforcement data will remain in the UK, despite long-standing public claims to the contrary Continue Reading
-
E-Zine
18 Jun 2024
General election 2024 – the digital policies examined
In this week’s Computer Weekly, we examine the digital policies revealed in the three main political parties’ general election manifestos. Our new buyer’s guide looks at the latest trends in cloud security. And we find out about the EU’s plans for a digital single market that could span the globe. Read the issue now. Continue Reading
-
Opinion
17 Jun 2024
Cloud security: Finding the right provider to protect your data
This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading
-
Feature
17 Jun 2024
Autonomous weapons systems defy rigid attempts at arms control
In an ever more dangerous world, the technology is outpacing diplomacy and holds clear strategic value. Retaining human control over its use will require embracing imperfect solutions Continue Reading
-
Opinion
17 Jun 2024
Gartner: Navigating incident response in the cloud
In the rapidly evolving landscape of cloud security, incident response strategies must be as dynamic and flexible as the environments they protect Continue Reading
-
Opinion
13 Jun 2024
Data leakage in the cloud – can data truly be safe in the cloud?
This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading
-
Opinion
12 Jun 2024
How to ensure public cloud services are used safely and securely
This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading
-
Opinion
11 Jun 2024
True cloud security requires in-depth understanding
This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading
-
Definition
10 Jun 2024
communications intelligence (COMINT)
Communications intelligence (COMINT) is information gathered from the communications between individuals or groups of individuals, including telephone conversations, text messages, email conversations, radio calls and online interactions. Continue Reading
-
Definition
07 Jun 2024
electronic intelligence (ELINT)
Electronic intelligence (ELINT) is intelligence gathered using electronic sensors, usually used in military applications. Continue Reading
-
News
07 Jun 2024
DDoS gang threatens to disrupt European elections
Russian hacktivists are threatening to disrupt the European Parliament elections, while the BBC reports on new deepfake threats to the UK’s electoral process Continue Reading
-
News
07 Jun 2024
Sophos uncovers Chinese state-sponsored campaign in Southeast Asia
Sophos found three distinct clusters of activity targeted at a high-level government organisation that appeared to be tied to Chinese interests in the South China Sea Continue Reading
-
Feature
06 Jun 2024
Storage technology explained: Key questions about tape storage
We look at the benefits of tape storage – low cost, inherent security, excellent energy efficiency – the workloads it is best for, and how tape fits a wider storage strategy Continue Reading
-
News
05 Jun 2024
Qilin ransomware gang likely behind crippling NHS attack
Security experts investigating a major cyber attack on an NHS partner that has caused frontline services across South London to grind to a halt say the Qilin ransomware gang appears to be the culprit Continue Reading
-
News
04 Jun 2024
OAIC files civil penalty action against Medibank
The OAIC alleges that Medibank failed to take reasonable steps to protect the personal information of 9.7 million Australians in the October 2022 data breach Continue Reading
-
Opinion
04 Jun 2024
Security Think Tank: The cloud just got more complicated
This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading
-
News
04 Jun 2024
Invasive tracking ‘endemic’ on sensitive support websites
Websites set up by police, charities and universities to help people get support for sensitive issues like addiction and sexual harassment are deploying tracking technologies that harvest information without proper consent Continue Reading
-
Opinion
04 Jun 2024
Building a more secure, and sustainable, open source ecosystem
In April 2024, the discovery of an intentionally-placed backdoor in the open source XZ Utils data compression caused concern. Sentry's Chad Whitacre says a more thoughtful approach is needed to balance the individual freedom and creativity of open source, with more rigorous security practice. Continue Reading
-
News
04 Jun 2024
NHS services at major London hospitals disrupted by cyber attack
A major cyber attack at NHS services provider Synnovis is disrupting frontline care at hospitals across London Continue Reading
-
News
04 Jun 2024
Russia used fake AI Tom Cruise in Olympic disinformation campaign
Microsoft threat researchers report a surge in Russian disinformation campaigns targeting the 2024 Summer Olympics, including AI-enhanced propaganda Continue Reading
-
News
03 Jun 2024
97 FTSE 100 firms exposed to supply chain breaches
Between March 2023 and March 2024, 97 out of 100 companies on the UK’s FTSE 100 list were put at risk of compromise following supply chain breaches at third-party suppliers Continue Reading
-
News
03 Jun 2024
Sellafield local authority slammed over response to North Korean ransomware attack
The local authority for Europe’s biggest nuclear site has been slammed by auditors for its response to a North Korea-linked cyber attack that temporarily crippled its operations Continue Reading
-
News
02 Jun 2024
Ticketek Australia hit by data breach
Customer names, dates of birth and email addresses of Ticketek Australia account holders reportedly impacted in latest data breach affecting event ticketing firm Continue Reading
-
News
31 May 2024
Law student ‘unfairly disciplined’ after reporting data breach blunder
A law student has accused a leading legal college of unethical behaviour and a “lack of integrity” after it brought misconduct proceedings against him when he reported a data security blunder Continue Reading
-
News
30 May 2024
Europol sting operation smokes multiple botnets
Malware droppers including Bumblebee and Smokeloader were among those targeted in one of the largest ever joint operations against cyber criminal botnets Continue Reading
-
News
29 May 2024
Storebrand divests from IBM over supply of biometrics to Israel
Norwegian asset manager Storebrand’s decision to divest from IBM comes amid growing scrutiny of the role technology companies play in Israel’s human rights abuses Continue Reading
-
News
29 May 2024
Proofpoint exposes AFF scammers’ piano gambit
Ransomware and nation state actors dominate the headlines, but fraud and scams still net career cyber criminals thousands from unsuspecting members of the public. Proofpoint reports on a campaign targeting victims of a musical inclination Continue Reading
-
News
29 May 2024
Organisations value digital trust, but aren’t working at it
Three quarters of organisations believe digital trust is relevant to their businesses, yet clear gaps in strategies still seem to persist Continue Reading
-
Opinion
29 May 2024
How to avoid joining the Dead Java Code Society
Unused or dead Java code is bogging down software engineers and developers, causing weird dependencies and security risks. Eric Costlow of Azul shares some advice on how to avoid becoming a member of a rather unpleasant club Continue Reading
-
News
28 May 2024
Executive Interview: Why Dell wants to be your one-stop AI shop
At Dell Technologies World in Las Vegas, artificial intelligence was the talk of the town as Dell staked out an all-encompassing strategy ahead of an anticipated goldrush. Dell’s Nick Brackney explains why the tech giant believes it's onto a winner Continue Reading
-
News
28 May 2024
Why reliable data is essential for trustworthy AI
In little over two years, generative AI has changed the shape of the technology industry. Now is the time for proper due diligence Continue Reading
-
News
24 May 2024
Parliamentarians warn of UK election threat from Russia, China and North Korea
Joint parliamentary security committee chair Margaret Beckett writes to prime minister urging government to prepare for foreign states interfering with 4 July election Continue Reading
-
Definition
23 May 2024
Regulation SCI (Regulation Systems Compliance and Integrity)
Regulation SCI (Regulation Systems Compliance and Integrity) is a set of rules adopted by the U.S. Securities and Exchange Commission (SEC) to monitor the security and capabilities of U.S. securities markets' technology infrastructure. Continue Reading
-
News
23 May 2024
Munich Re sees strong growth in AI insurance
Global reinsurance giant Munich Re expects more demand for AI insurance from organisations that are looking to manage the risks of AI as they experiment more with the technology Continue Reading
-
News
22 May 2024
Rockwell urges users to disconnect ICS equipment
ICS systems maker Rockwell Automation calls on users to take steps to secure their equipment, and reminds them there is no reason to ever have its hardware connected to the public internet, as it tracks an increase in global threat activity Continue Reading
-
News
21 May 2024
The Security Interviews: What is the real cyber threat from China?
Former NCSC boss Ciaran Martin talks about nation-state attacks, why the UK has become so exercised about cyber espionage, and how our leaders are in danger of misunderstanding their adversaries Continue Reading
-
News
20 May 2024
WikiLeaks founder Julian Assange granted appeal
Two high court judges granted WikiLeaks founder Julian Assange leave to appeal against extradition to the US after defence lawyers argued that the US had failed to give adequate assurances Continue Reading
-
News
17 May 2024
Why the UK needs to fix its broken IT security market
Ollie Whitehouse, CTO of GCHQ’s National Cyber Security Centre, says the market for secure software is broken. Are new laws required to make software companies liable for poor security? Continue Reading
-
News
15 May 2024
GCHQ to protect politicians and election candidates from cyber attacks
The National Cyber Security Centre, part of GCHQ, to protect election candidates from hostile state cyber attacks Continue Reading
-
News
15 May 2024
Cyber Safety Force wants to change conversation around risk
A consortium to help cyber pros better manage risk has launched, with ambitious goals to change the nature of the conversation from cyber security to cyber safety Continue Reading
-
News
15 May 2024
Critical SharePoint, Qakbot-linked flaws focus of May Patch Tuesday
A critical SharePoint vulnerability warrants attention this month, but it is another flaw that seems to be linked to the infamous Qakbot malware that is drawing attention Continue Reading
-
News
15 May 2024
WikiLeaks founder’s extradition case labelled ‘institutional corruption’
Call for Julian Assange to be prosecuted in the US has been condemned as ‘institutional corruption on a judicial level’ with the WikiLeaks founder a ‘political prisoner’ Continue Reading
-
News
14 May 2024
China poses genuine and increasing cyber security risk to UK, says GCHQ director
GCHQ director Anne Keast-Butler uses her first major public speech to warn that China poses a significant cyber security threat to the UK Continue Reading
-
News
14 May 2024
CyberUK 24: UK insurance industry gets tough on ransomware
Three of the UK’s largest insurance associations have signed on to a new initiative spearheaded by the NCSC to try to bring down the number of ransomware payments being made Continue Reading
-
News
10 May 2024
Major breach of customer information developing at Dell
Almost 50 million data records relating to Dell customers appear to have been compromised in a major cyber breach Continue Reading
-
News
09 May 2024
Wales gets UK’s first national SOC
The first national security operations centre of its kind in the UK has opened in the south of Wales to safeguard public sector bodies across the country Continue Reading
-
Opinion
09 May 2024
Zero Trust: Unravelling the enigma and charting the future
A special interest group aims to start a long-overdue discourse on the merits, dangers, costs, and development of Zero Trust and IAM in information security Continue Reading
-
Opinion
09 May 2024
Enhance identity controls before banning ransomware payments
In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
-
News
09 May 2024
Ofcom publishes draft online child safety rules for tech firms
In the draft codes, Ofcom calls on technology firms to use ‘robust’ age-checking and content moderation systems to keep harmful material away from children online Continue Reading
-
News
08 May 2024
Cyber attack ruled out as source of UK Border Force outage
An IT outage that caused automated passport control e-gates to crash across the UK has been resolved, with a cyber attack ruled out as the cause Continue Reading
-
Feature
07 May 2024
What does the Data Protection and Digital Information Bill mean for UK industry?
The Data Protection and Digital Information Bill is the first shift in the UK’s data protection regime since leaving the EU, but what could it mean for UK industry? Continue Reading
-
News
06 May 2024
Microsoft beefs up cyber initiative after hard-hitting US report
Microsoft is expanding its recently launched Secure Future Initiative in the wake of a hard-hitting US government report on recent nation state intrusions into its systems Continue Reading
-
News
03 May 2024
Adobe expands bug bounty programme to account for GenAI
Adobe has expanded the scope of its HackerOne-driven bug bounty scheme to incorporate flaws and risks arising from the development of generative artificial intelligence Continue Reading
-
News
03 May 2024
Patch GitLab vuln without delay, users warned
The addition of a serious vulnerability in the GitLab open source platform to CISA’s KEV catalogue prompts a flurry of concern Continue Reading
-
News
03 May 2024
EU calls out Fancy Bear over attacks on Czech, German governments
The European Union, alongside member states Czechia and Germany, have accused Russian government APT Fancy Bear of being behind a series of attacks on political parties and government bodies Continue Reading
-
News
03 May 2024
Why IAM is central to cyber security
BeyondTrust’s chief security strategist talks up the importance of identity and access management, and the role of cyber insurance in driving security improvements Continue Reading
-
News
02 May 2024
NCSC updates warning over hacktivist threat to CNI
The NCSC and CISA have warned about the evolving threat from Russia-backed hacktivist threat actors targeting critical national infrastructure, after a number of American utilities were attacked Continue Reading
-
News
02 May 2024
BBC instructs lawyers over allegations of police surveillance of journalist
Lawyers for the BBC have written to the Investigatory Powers Tribunal over allegations that the Police Service of Northern Ireland spied on investigative journalist Vincent Kearney Continue Reading
-
News
02 May 2024
How Okta is fending off identity-based attacks
Okta has been bolstering the security of its own infrastructure and building new tools to scan customer environments for vulnerable identities, among other efforts to fend off identity-based attacks Continue Reading
-
News
01 May 2024
EMEA CISOs must address human factors behind cyber incidents
The 17th annual Verizon report on data breaches makes for sobering reading for security pros, urging them to do more to address the human factors involved in cyber incidents, and highlighting ongoing issues with zero-day patching Continue Reading
-
Opinion
01 May 2024
Better hygiene may mitigate the need to ban ransomware payments
In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
-
News
01 May 2024
Autonomous weapons reduce moral agency and devalue human life
Military technology experts gathered in Vienna have warned about the detrimental psychological effects of AI-powered weapons, arguing that implementing systems of algorithmic-enabled killing dehumanises both the user and the target Continue Reading
-
News
30 Apr 2024
Global majority united on multilateral regulation of AI weapons
Foreign ministers and civil society representatives say that multilateralism is key to controlling the proliferation and use of AI-powered autonomous weapons, but that a small number of powerful countries are holding back progress Continue Reading