IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
30 May 2025
Dutch businesses lag behind in cyber resilience as threats escalate
While non-IT business professionals in the middle of their careers face the most disruption from AI, professionals in the IT services sector and their employers must prepare for change Continue Reading
-
Feature
30 May 2025
How cyber security professionals are leveraging AWS tools
It’s now essential for IT security teams to have oversight of cloud computing, and AWS offers a plethora of tools to make managing it easier. Find out how cyber pros are using them in the wild Continue Reading
-
News
19 Apr 2023
Global finance firms take part in NATO cyber attack simulation
Global financial services organisations take part in NATO annual event which simulates cyber attacks on critical infrastructure Continue Reading
-
News
19 Apr 2023
Cisco urges users to keep its network hardware up-to-date
In the wake of a campaign of threat activity targeting a six-year-old Cisco router vulnerability, the networking giant has warned users to be on high alert and update their hardware Continue Reading
-
News
19 Apr 2023
CyberUK 23: Alert over mercenary Russian threat to CNI
Russian hacktivists supportive of their government’s war on Ukraine are turning their attention to disruptive or destructive attacks on critical infrastructure in the UK, the NCSC has warned Continue Reading
-
News
19 Apr 2023
How organisations can succeed with zero trust
By starting small, taking a long-term view and prioritising the most critical assets in their zero-trust implementations, organisations will be able to reap returns from their investments in the security paradigm Continue Reading
-
Opinion
18 Apr 2023
Cloud identity: Are you who you say you are?
As identity, rather than networking segmentation, becomes the primary determining factor in accessing cloud resources. ISACA’s Ser Yoong Goh highlights three trends driving cloud IAM Continue Reading
-
News
18 Apr 2023
CyberUK 23: NCSC conference centres cyber collaboration
The NCSC’s annual CyberUK conference gets underway in Belfast this week, with collaboration and cooperation high on the agenda Continue Reading
-
News
18 Apr 2023
Focus on these three risky behaviours to boost cloud security
Some 80% of cloud security alerts are triggered by just 5% of security rules. Security teams can substantially improve their resilience by zeroing in on a small set of risky behaviours, according to a report Continue Reading
-
Feature
18 Apr 2023
Why IAM systems are crucial for securing multicloud architecture
As business tools evolve into cloud-based services, organisations are finding themselves becoming ever more reliant on the cloud, but how can data be secured across so many different platforms? Continue Reading
-
News
18 Apr 2023
UK presses on with post-Brexit data protection reform
The revised version of the Data Protection and Digital Information Bill has had its second reading in Parliament as the government presses on with post-Brexit changes, but critics remain sceptical that the EU will be convinced to maintain the UK's data adequacy agreement Continue Reading
-
Feature
14 Apr 2023
Securing your software supply chain
Organisations need to have a thorough understanding of software components and build security controls into development lifecycles to shore up the security of their software supply chains Continue Reading
-
News
13 Apr 2023
UK joins key allies to launch secure-by-design guidelines
The UK has joined international partners in sharing new advice to help technology companies embed security into the product design and development process Continue Reading
-
News
13 Apr 2023
Italy to lift ChatGPT ban subject to new data protection controls
Italian regulator will lift its ban on OpenAI’s ChatGPT subject to a strict new data protection regime Continue Reading
-
E-Zine
13 Apr 2023
CW EMEA: Under attack and stressed out
In this month's CW EMEA, we look at how cyber attacks are taking a toll on security professionals, damaging their mental health and forcing some to quit. We also look at Finland's allure for tech entrepreneurs, how software is enabling a new business model for a Swedish car manufacturer, and the importance of backup testing. Read the issue now. Continue Reading
-
Opinion
13 Apr 2023
With cyber attacks on the rise, businesses should prepare for quantum hacks now
Advances in quantum computing have brought the world is on the cusp of a technological revolution, but it is not without risk. Find out why you should start to prepare for post-quantum cryotography today. Continue Reading
-
News
12 Apr 2023
UK police double down on ‘improved’ facial recognition
The Met and South Wales Police have doubled down on their use of facial recognition technology after research found improved accuracy in their algorithms when using certain settings, but civil society groups maintain that the tech will still be used in a discriminatory fashion Continue Reading
-
News
12 Apr 2023
April Patch Tuesday fixes zero-day used to deliver ransomware
A zero-day in the Microsoft Common Log File System that has been abused by the operator of the Nokoyawa ransomware is among 97 vulnerabilities fixed in April’s Patch Tuesday update Continue Reading
-
News
12 Apr 2023
Gartner: Rebalance cyber investment towards human-centric elements
Security decision-makers need to reprioritise their investment outlooks towards people, rather than technology, according to the latest market forecast from Gartner Continue Reading
-
News
12 Apr 2023
Okta integrates with Singapore’s national digital ID system
The integration with Singpass will let Okta customers authenticate consumers using Singapore’s national digital ID system and is expected to expand the company’s reach in regulated industries Continue Reading
-
News
11 Apr 2023
Anne Keast-Butler named as new director of GCHQ
The government has appointed current MI5 deputy director general Anne Keast-Butler to head signals and cyber agency GCHQ Continue Reading
-
Opinion
11 Apr 2023
Security Think Tank: Adopt a coherent framework for ID first security
With IAM central to enabling appropriate access to cloud-based services, identity first security is becoming a key trend for IAM in the cloud. Continue Reading
-
News
06 Apr 2023
IBM's Nataraj Nagaratnam on the cyber challenges facing cloud services
Governments are introducing increasingly prescriptive data protection policies, but with organisations becoming ever more reliant on multiple cloud service platforms for essential business needs, how can they ensure they meet regulatory requirements? Continue Reading
-
News
06 Apr 2023
Prioritise automated hardening over traditional cyber controls, says report
A report from strategic risk specialist Marsh McLennan advises security buyers to funnel their budgets towards automated cyber security hardening techniques, saying they have a much better chance of reducing risk in a meaningful way Continue Reading
-
News
06 Apr 2023
Clop ransomware booms in March as Fortra zero-day pays off for gang
Backed by the threat actor tracked variously as Gold Tahoe and TA505, the Clop ransomware operation hit new ‘heights’ of activity last month, according to researchers Continue Reading
-
News
05 Apr 2023
Quick-acting Rorschach ransomware appears out of nowhere
Emergent Rorschach ransomware strain is highly advanced and quite unusual in its capabilities, warn researchers, who say they have been unable to link it to any other known strains Continue Reading
-
News
05 Apr 2023
Italy’s ChatGPT ban: Sober precaution or chilling overreaction?
Italy’s data protection authority issued a temporary ban on ChatGPT citing data protection concerns and alleged breaches of the GDPR. Is this a reasonable precaution, or a chilling restriction on personal freedoms? Continue Reading
-
News
05 Apr 2023
Scottish police tech piloted despite major data protection issues
Scottish policing bodies are pressing ahead with a data sharing pilot despite data protection issues around the use of US cloud providers, placing sensitive personal data of tens of thousands of people at risk Continue Reading
-
News
04 Apr 2023
TikTok fined in UK over unlawful use of children’s data
The ICO has fined TikTok £12.7m for breaches of data protection law, including unlawfully collecting data on children under 13 Continue Reading
-
News
04 Apr 2023
National Cyber Force carrying out daily hacking operations to disrupt hostile threats
Government discloses details about the National Cyber Force’s disruption activities against terrorists, organised criminals and nation states – and names first NCF chief as James Babbage Continue Reading
-
News
04 Apr 2023
Over 90% of organisations find threat hunting a challenge
Understaffed security teams and high levels of background noise are making basic security operations tasks a chore for defenders, according to a report Continue Reading
-
News
03 Apr 2023
Australia’s media and telecoms sector saw most data breaches in 2022
The media and telecoms industry accounted for the bulk of stolen credentials in Australia in 2022, underscoring the need to shore up the country’s cyber security posture Continue Reading
-
News
30 Mar 2023
OSC&R supply chain security framework goes live on Github
The OSC&R framework for understanding and evaluating threats to supply chain security has made its debut on Github to allow anybody to contribute to the framework Continue Reading
-
News
30 Mar 2023
NCSC issues revised security Board Toolkit for business leaders
National Cyber Security Centre calls on CEOs and senior business leaders to take a more hands-on approach to cyber resilience with the launch of revised board-level tools Continue Reading
-
News
30 Mar 2023
Reactive approach to cyber procurement risks damaging businesses
Too many organisations are following a reactive approach to cyber security, which WithSecure believes is stifling security teams ability to demonstrate value and align with business outcomes Continue Reading
-
Podcast
29 Mar 2023
Podcast: Cloud storage, data protection and compliance
The lure of cloud storage hides its drawback, namely that you can lose control of it from a compliance perspective. We talk to Mathieu Gorge, CEO of Vigitrust, about how to tame it Continue Reading
-
News
29 Mar 2023
UK government publishes AI whitepaper
Artificial intelligence whitepaper outlines UK government’s proposals to regulate the technology, which are based around creating an agile, “pro-innovation” framework Continue Reading
-
News
29 Mar 2023
How organisations can weaponise data privacy
Organisations should turn data privacy into a competitive advantage and look beyond regulatory compliance to build a privacy programme that aligns with business targets, says Gartner Continue Reading
-
News
29 Mar 2023
Generative AI presents opportunities and challenges to UK schools
Generative AI and LLMs hold great potential for use in the classroom, but the privacy and security implications of its use must be carefully considered, says the Department for Education Continue Reading
-
News
28 Mar 2023
Microsoft expands AI Copilot project into security realm
New Microsoft service, Security Copilot, will supposedly expand the reach, speed and effectiveness of cyber teams Continue Reading
-
News
28 Mar 2023
Inside Group-IB’s cyber security playbook
A focus on threat intelligence, fraud protection and its work with Interpol has enabled Group-IB to compete against bigger rivals in the market Continue Reading
-
News
28 Mar 2023
Europol warns cops to prep for malicious AI abuse
In a report looking at how large language models can be used by criminals, Europol’s Innovation Lab calls on law enforcement agencies to prepare themselves for wide-ranging impacts on their work Continue Reading
-
E-Zine
28 Mar 2023
Is TikTok really a security threat to your business?
In this week’s Computer Weekly, with the UK government becoming the latest administration to ban TikTok, we ask whether the controversial social media app is really a security threat to enterprises. Technology guru Bruce Schneier tells us about the need to take back control of AI and the personal data it relies on. And we look at how firms are trying – and failing – to make AI work for online content moderation. Read the issue now. Continue Reading
-
News
27 Mar 2023
France latest to ban TikTok on government devices
Following bans in the UK and US, France has moved to enact restrictions on TikTok, and other social media apps, on government devices Continue Reading
-
News
24 Mar 2023
National Crime Agency sting operation infiltrates cyber crime market
The UK National Crime Agency has tricked thousands of potential cyber criminals into registering with a fake website pretending to offer tools for creating DDoS attacks Continue Reading
-
News
22 Mar 2023
Government launches seven-year NHS cyber strategy
The new Cyber Security Strategy for Health and Adult Social Care lays out a plan for promoting cyber resilience in the sector by 2030 to protect services and patients alike Continue Reading
-
News
21 Mar 2023
Nordics move towards common cyber defence strategy
Nordic countries agree to work together to improve their cyber defences amid increasing threat Continue Reading
-
News
21 Mar 2023
How Mimecast thinks differently about email security
Mimecast CEO Peter Bauer believes the company’s comprehensive approach towards email security has enabled it to remain relevant to customers for two decades Continue Reading
-
News
21 Mar 2023
Ransomware gangs harass victims to ‘bypass’ backups
Analysis reveals how cyber criminal gangs are turning to extensive, targeted harassment campaigns to force victims to pay up, even if their backups are in good order Continue Reading
-
News
20 Mar 2023
NCSC launches cyber check-up tools for SMEs
The NCSC has launched two new security services aimed at SMEs that lack the resources to address cyber issues, and may underestimate their vulnerability to attack Continue Reading
-
News
20 Mar 2023
BBC cracks down on TikTok after review
The BBC is asking staff not to install TikTok on corporate-owned devices without a justified business purpose, although its use will still be allowed to share media content with its audiences Continue Reading
-
News
17 Mar 2023
UK TikTok ban gives us all cause to consider social media security
The UK government’s ban on TikTok should give all organisations cause to look into what information social media platforms are collecting on us, and what they are using it for Continue Reading
-
News
16 Mar 2023
BEC attacks doubled in 2022, outstripping ransomware
Massive growth in the volume of Business Email Compromise or BEC attacks was linked to a surge in successful phishing campaigns, according to data from Secureworks Continue Reading
-
News
16 Mar 2023
TikTok banned on UK government devices
The UK government has followed in the footsteps of its US and European counterparts and banned the use of Chinese social media app TikTok on official devices Continue Reading
-
News
16 Mar 2023
Mandiant: Dangerous MS Outlook zero-day widely used against Ukraine
A zero-day vulnerability in Microsoft Outlook that was fixed in the March Patch Tuesday update has likely been actively exploited by Russian actors for a year or more, and its use will now spread rapidly Continue Reading
-
News
15 Mar 2023
Microsoft patches Outlook zero-day for March Patch Tuesday
A highly dangerous privilege escalation bug in Outlook is among 80 different vulnerabilities patched in Microsoft’s March Patch Tuesday update Continue Reading
-
News
14 Mar 2023
NatWest introduces limits on crypto trading to prevent fraud
UK bank says its retail customers will benefit from daily and monthly limits on the amount they can pay into cryptocurrency exchanges Continue Reading
-
News
14 Mar 2023
NCSC warns over AI language models but rejects cyber alarmism
The UK's NCSC has issued advice for those using the technology underpinning AI tools such as ChatGPT, but says some of the security doomsday scenarios being proposed right now are not necessarily realistic Continue Reading
-
14 Mar 2023
Securing low Earth orbit represents the new space race
The barriers to launching satellites into low Earth orbit are falling fast, and that brings new cyber security challenges. Continue Reading
-
News
13 Mar 2023
MI5 to oversee new National Protective Security Authority
The new National Protective Security Authority will address various national security threats including state-sponsored cyber espionage against UK targets Continue Reading
-
News
08 Mar 2023
UK government introduces revised data reform bill to Parliament
Designed in close collaboration with technology businesses, the UK government is re-introducing an updated version of its Data Protection and Digital Information Bill to Parliament, which civil society groups say upends key safeguards Continue Reading
-
News
08 Mar 2023
How ForgeRock is tackling identity management
ForgeRock CEO Fran Rosch has set the identity and access management software supplier on a path to deliver a frictionless identity experience without compromising security or privacy Continue Reading
-
News
07 Mar 2023
Nine in 10 enterprises fell victim to successful phishing in 2022
Egress annual email security risk report breaks down impacts of email-based phishing attacks and data loss, and the effect these can have on organisations in terms of staff retention and morale Continue Reading
-
Feature
07 Mar 2023
What can security teams learn from a year of cyber warfare?
With the passing of the first anniversary of Russia’s invasion of Ukraine, we reflect on the ongoing cyber war, and ask what security leaders can learn from the past 12 months Continue Reading
-
News
07 Mar 2023
Taking back control: Could a distributed model breed a better AI?
AI tools such as ChatGPT are trained on datasets scraped from the web, but you don’t have much say if your data is used. Technologist Bruce Schneier says it’s time to give control of AI training data back to the people Continue Reading
-
News
07 Mar 2023
APAC IT leaders bullish on tech spending
Over half of respondents in this year’s IT Priorities study have bigger IT budgets as they continue to make strategic investments in cyber security, cloud and automation, among other areas Continue Reading
-
Podcast
06 Mar 2023
Podcast: 2023 compliance and storage outlook
Geopolitical instability casts its shadow as organisations must think about cyber attacks, data location and what to do if things change quickly. We talk to Mathieu Gorge, CEO of Vigitrust Continue Reading
-
News
03 Mar 2023
White House unveils National Cybersecurity Strategy
The strategy will focus on ensuring closer collaboration on cyber security between government and industry, while giving software and other tech companies a bigger role in combatting threats due to their resources and expertise Continue Reading
-
News
02 Mar 2023
AI interview: Michael Osborne, professor of machine learning
Artificial intelligence researcher speaks with Computer Weekly about the implications of a market-driven AI arms race and the overwhelming dominance of the private sector over the technology Continue Reading
-
News
02 Mar 2023
Uber introduces dynamic pricing algorithm in London
The dynamic pricing algorithm will allow Uber to set variable pay and pricing levels, but drivers are concerned about how their personal data will be used and the impact the algorithm will have on their livelihoods Continue Reading
-
News
02 Mar 2023
WH Smith staff data accessed in cyber attack
The retailer has said that customer data has not been affected by the incident as it is held in different systems, and that investigations into the attack are ongoing Continue Reading
-
News
02 Mar 2023
Salt Labs identifies OAuth security flaw within Booking.com
Security flaw in Booking.com OAuth implementation could be used to launch account takeovers, but researchers discovered and flagged the issue before it could be exploited in the wild Continue Reading
-
News
01 Mar 2023
Data breaches in Australia on the rise, says OAIC
Cyber security incidents were the cause of most data breaches, which rose by 26% in the second half of 2022, according to the Office of the Australian Information Commissioner Continue Reading
-
Opinion
28 Feb 2023
Security Think Tank: Training can no longer be a compliance exercise
Historically, security training has tended to take a compliance-based focus, a ‘tick-box’ exercise using generic, off-the-shelf courses. This needs to change, says Hayley Watson of Turnkey Consulting. Continue Reading
-
Opinion
27 Feb 2023
Cyber training in 2023 needs to drive measurable change
2023 will see more focus on security training programmes that not only provide employees with an understanding of the risks they face but more importantly drive measurable behavioural change, says PA Consulting’s Richard Allen Continue Reading
-
News
24 Feb 2023
UK police have ‘culture of retention’ around biometric data
A culture of retention around biometric data in UK policing is damaging public trust, says UK biometrics commissioner, who is calling for clear regulation to govern police use of biometric technologies Continue Reading
-
News
23 Feb 2023
WithSecure proposes ‘undo’ button for ransomware
WithSecure’s Activity Monitor technology supposedly overcomes the shortcomings of sandbox test environments, and may be able to stop ransomware attacks from ever happening Continue Reading
-
News
23 Feb 2023
How APAC organisations can harness the power of IoT
In a panel discussion moderated by Computer Weekly, industry experts from across Asia-Pacific discussed the use cases, challenges and future developments in the internet of things Continue Reading
-
News
22 Feb 2023
UK forces lead live-fire cyber war exercise
The seven-day Defence Cyber Marvel 2 exercise put cyber responders from 11 countries through their paces Continue Reading
-
News
22 Feb 2023
Researchers find new bug ‘class’ in Apple devices
A group of vulnerabilities in Apple products that stem from the ForcedEntry exploit used by spyware firm NSO constitutes a whole new class of bug, say researchers at Trellix Continue Reading
-
News
22 Feb 2023
Dutch cyber security professionals experience stress akin to soldiers in war zone, claims expert
Cyber attacks are taking a heavy toll on Dutch IT professionals, with over a third reporting that their mental health suffers as a result Continue Reading
-
News
22 Feb 2023
Half of cyber leaders to switch jobs by 2025, citing stress
A substantial number of cyber security leaders are plotting their great escape, saying the industry is leaving them too stressed to go on, according to a study Continue Reading
-
Opinion
21 Feb 2023
Cyber security training: Insights for future professionals
Future cyber security professionals need soft skills as well as technical ones, says security educator Sudeep Subramanian Continue Reading
-
News
21 Feb 2023
US government Strike Force aims to prevent adversaries from accessing disruptive tech
The US Strike Force law enforcement initiative will target rogue nation-states that pose a national security threat Continue Reading
-
News
20 Feb 2023
Singapore organisations struggle to operationalise threat intelligence
Organisations in the city-state were satisfied with the quality of their threat intelligence, but they struggled to operationalise the information due to talent shortages and other challenges Continue Reading
-
Feature
20 Feb 2023
Accreditation key to enterprise security
We look at how industry-recognised certification enables security chiefs to improve the strength of their security team Continue Reading
-
Opinion
16 Feb 2023
Security Think Tank: New trends and drivers in cyber security training
Self-paced, interactive, bite-sized learning is becoming the optimum path for cyber security training in the workplace, says John Tolbert of KuppingerCole Continue Reading
-
News
16 Feb 2023
How to tame the identity sprawl
Organisations should find a comprehensive way to gain full visibility into their digital identities and leverage automation to tame the identify sprawl Continue Reading
-
News
15 Feb 2023
Multi-purpose malwares can use more than 20 MITRE ATT&CK TTPs
Report warns of the development of increasingly sophisticated, multi-purpose malwares, and calls on defenders to play close attention to the MITRE ATT&CK framework to ward them off Continue Reading
-
Opinion
15 Feb 2023
What charities should know about ransomware and reputational threats
The NCSC recently called for charities to elevate their cyber security practice. Find out why charities are a soft target for cyber criminals, and what they can do to fight back Continue Reading
-
News
15 Feb 2023
Microsoft fixes three zero-days in February update
February’s Patch Tuesday update contains fixes for three previously unpublicised zero-days in Microsoft Office, Windows Graphics Component and Windows Common Log File System Driver Continue Reading
-
News
14 Feb 2023
Vidar, nJRAT re-emerge as prominent malware threats in January
Trojans and infostealers once again dominate the list of most commonly observed threats, according to Check Point’s latest telemetry Continue Reading
-
News
14 Feb 2023
UK authorities clamp down on illegal crypto ATMs
The Financial Conduct Authority and West Yorkshire Police have disrupted a number of illegal crypto ATMs Continue Reading
-
News
14 Feb 2023
OSC&R framework to stop supply chain attacks in the wild
The backers of a new MITRE ATT&CK style framework called OSC&R hope to help organisations get to grips with threats to their software supply chains Continue Reading
-
News
14 Feb 2023
Researcher exposes crypto scam network exploiting YouTube
A massive network of fake YouTube videos promoted by automated sock puppet accounts is reeling in hundreds of cryptocurrency enthusiasts and persuading them to hand over their money, WithSecure researchers found Continue Reading
-
Opinion
14 Feb 2023
How to protect your business from fraud during a recession
This winter, the chilly winds of a global recession have fraudsters turning up the heat. PJ Rohall of SEON Fraud Fighters shares some guidance on how to bundle up against fraud Continue Reading
-
News
13 Feb 2023
Russian spear phishing campaign escalates efforts toward critical UK, US and European targets
Russian hacking group Seaborgium refines its tactics in a continuation of attacks against targets including not-for-profit organisations with geopolitical affiliations Continue Reading
-
News
13 Feb 2023
Investigatory Powers Act: Home Office proposes rethink of safeguards on bulk data collection
David Anderson KC will review the safeguards on intelligence service and police use of bulk datasets following a Home Office assessment that they are 'disproportionate'. Continue Reading
-
News
13 Feb 2023
Security buyers lack insight into threats, attackers, report finds
The majority of cyber security purchasing decisions are made without proper insight into the attackers organisations are facing, according to a Mandiant report Continue Reading
-
News
13 Feb 2023
Killnet DDoS attacks disrupt Nato websites
A series of distributed denial of service attacks on various public websites belonging to the Nato alliance were largely repelled but some resources remain unavailable Continue Reading
-
News
13 Feb 2023
Whistleblower in limbo as sensitive NatWest customer files remain under her bed
Whistleblower and NatWest at stalemate as regulators leave it up to them to come to an agreement on return of sensitive customer data Continue Reading
-
News
09 Feb 2023
How Check Point is keeping pace with the cyber security landscape
Check Point Software CEO Gil Shwed talks up the company’s growth areas, its approach to cloud security and the impact of generative AI on cyber security Continue Reading