IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
14 May 2025
New security paradigm needed for IT/OT convergence
Industry leaders and policymakers highlight growing cyber threats from the integration of IT and operational technology systems, calling for collaboration and regulatory frameworks to protect critical systems, among other measures Continue Reading
-
News
29 Apr 2025
Kaspersky calls for cyber immunity amid growing cyber threats
The rise of professional cyber crime groups and state-sponsored actors targeting critical infrastructure requires a move towards inherently secure ‘cyber immune’ systems, says Kaspersky CEO Eugene Kaspersky Continue Reading
-
News
02 Dec 2022
Twitter ‘replacement’ Hive Social shuts off service in privacy alert
Hive Social, a recently established social media network, has temporarily closed its servers to address deep structural privacy issues identified by ethical hackers Continue Reading
-
News
01 Dec 2022
MI6 chief’s hacked emails attacked MI5 and betrayed British spy operations in China
Former UK spy boss Richard Dearlove leaked names of MI6 secret agent recruiters in China to back an aggressive right-wing US campaign against tech company Huawei. His emails were hacked and then leaked – probably by Russian intelligence Continue Reading
-
Opinion
01 Dec 2022
Ransomware: Is there hope beyond the overhyped?
Up-and-coming cyber concepts attack surface management and security mesh architectures seem to hold some promise in tackling ransomware, but they are a little way off maturity Continue Reading
-
News
30 Nov 2022
NIS regulations to be extended to cover MSPs
The UK government is moving ahead with plans to update the Network and Information Systems regulations to bring outsourcers and MSPs into scope Continue Reading
-
Opinion
30 Nov 2022
Think technology, process, human risk to manage ransomware
Effective ransomware handling boils down to three core areas – technology, process and human risk Continue Reading
-
News
29 Nov 2022
AWS doubles down on data management
Cloud giant Amazon Web Services declares a bold vision to eliminate the need to extract, transform and load data alongside other efforts to address business problems in domains like cyber security and logistics Continue Reading
-
News
29 Nov 2022
‘Legal but harmful’ clause dropped from Online Safety Bill
Online Safety Bill’s ‘legal but harmful’ provision will be dropped by the UK government in favour of public risk assessments, tools to help users control the content they consume, and new criminal offences around self-harm Continue Reading
-
Feature
29 Nov 2022
How gamifying cyber training can improve your defences
Security training is the cornerstone of any cyber defence strategy. With ever-escalating online threats, it is now more important than ever that this training is an engaging experience Continue Reading
-
Feature
28 Nov 2022
Ransomware: Practical tips to improve resiliency
With ransomware attacks on organisations increasing, the question is not if an attack will happen, but when. We look at ways to minimise the impact of such an attack Continue Reading
-
News
27 Nov 2022
Plexal inducts six into cyber leadership scheme
Tech innovation hub Plexal is expanding its Cyber Runway programme with a new Ignite strand dedicated to supporting high-potential security leaders Continue Reading
-
News
25 Nov 2022
Data management, backup becoming the CISO's responsibility
More and more CISOs are taking on responsibility for wider data management strategies, and this trend looks set to grow next year Continue Reading
-
News
24 Nov 2022
Not-for-profit aims to encourage 1,300 girls into cyber careers
CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber Continue Reading
-
E-Zine
24 Nov 2022
CW Nordics: Icelandic datacentres point way to greener IT
Iceland may soon become even more attractive to firms wanting to minimise their carbon footprint while using high-performance computing services. Read more about it in this issue. Also find out how a robo investment company, Nord Investments, is harnessing open banking to make thing easier for its clients. Continue Reading
-
News
23 Nov 2022
South Korea data adequacy pact brings £15m Brexit bonus
UK government finalises a data adequacy agreement with South Korea, saying it will unlock a post-Brexit business bonus of just under £15m Continue Reading
-
News
23 Nov 2022
Red team tool developer slams ‘irresponsible’ disclosure
UK security firm MDSec defends its Nighthawk command and control penetration testing framework after suggestions were made that it could be appropriated by threat actors Continue Reading
-
News
23 Nov 2022
Dutch national cyber security strategy aims to protect digital society
Cabinet sets up national cyber security strategy to make the Netherlands digitally secure Continue Reading
-
News
22 Nov 2022
Killnet DDoS hacktivists target Royal Family and others
Russia-aligned hacktivists targeted multiple UK websites, including those of the Royal Family, in a new campaign of DDoS attacks Continue Reading
-
News
22 Nov 2022
C-suite mystified by cyber security jargon
Malware, supply chain attack, zero-day, IoC, TTP and Mitre ATT&CK are just some of the everyday terms that security pros use that risk making the world of cyber incomprehensible to outsiders Continue Reading
-
E-Zine
22 Nov 2022
Cyber criminals target World Cup Qatar 2022
In this week’s Computer Weekly, as the FIFA World Cup opens in Qatar, we examine the cyber security threats from criminals targeting the event. We report from the Gartner Symposium on the latest predictions for enterprise software development. And we talk to the CIO of Kyiv City Council about managing IT in the shadow of war. Read the issue now. Continue Reading
-
News
21 Nov 2022
NHS trust that deleted up to 90,000 emails cleared of deliberately concealing evidence
A tribunal found in a high-profile case brought by whistleblower Chris Day that an NHS trust had not deliberately concealed evidence when a director deleted up to 90,000 emails before he was due to testify Continue Reading
-
News
18 Nov 2022
Is Elon Musk’s Twitter safe, and should you stop using it?
With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use Continue Reading
-
News
18 Nov 2022
CyberPeace Institute helps NGOs improve their security resilience
Adrien Ogée of the CyberPeace Institute talks about his work supporting NGOs and humanitarian organisations, and how the security community at large can help protect the world’s most vulnerable people Continue Reading
-
News
16 Nov 2022
Global network fragmentation a source of increasing risk
Risk consultancy’s report says the weaponisation of cyber space and geopolitical clashes herald a breakdown of global networks into distinct regional or national architectures Continue Reading
-
Opinion
16 Nov 2022
Security Think Tank: Ransomware defences: An extended to-do list
Strategies to extend ransomware protection beyond backups and intrusion detection must centre dark web monitoring, among other things Continue Reading
-
News
15 Nov 2022
APP fraud volumes expected to double by 2026, says report
Losses to authorised push payment fraud in the UK are expected to climb to over $1.5bn in the next four years. Meanwhile, the NAO accuses the Home Office of lagging on progress to tackle the issue Continue Reading
-
E-Zine
15 Nov 2022
How to protect against ransomware attacks
In this week’s Computer Weekly, we look at how to prepare for and protect against ransomware, and what to do if you’re hit by an attack. We gauge industry reaction to Ofcom’s plan to investigate the big three cloud providers. And we find out how travel giant TUI is implementing self-service analytics. Read the issue now. Continue Reading
-
News
15 Nov 2022
Inside Singapore’s public sector IT strategy
Adopting a platform approach with products that can scale across the board and building a strong engineering bench are some of the key aspects in Singapore’s public sector IT strategy Continue Reading
-
News
14 Nov 2022
How Google and Mandiant are forging synergies in cyber security
Google’s AI smarts and Mandiant’s intelligence on new and emerging threats could lay the foundation of proactive security Continue Reading
-
Opinion
14 Nov 2022
Security Think Tank: Let’s be transparent about ransomware
Greater transparency regarding ransomware attacks, including details about attack methods used and what kinds of assets were compromised, would likely help the community prevent future attacks Continue Reading
-
Feature
14 Nov 2022
How to prepare for ransomware
What are the best practices you should use to protect against ransomware attacks and manage such attacks when they do happen? Continue Reading
-
Opinion
11 Nov 2022
Cyber insurance: The good, the bad and the ugly
Most cyber insurance contracts are innately flawed because they exclude losses arising from state-backed cyber attacks, and this will make proper attribution even more important in the future, says Cisco Talos’ Martin Lee Continue Reading
-
News
11 Nov 2022
MoD recruits Immersive Labs to bolster cyber resilience
UK’s Ministry of Defence will run cyber drills and address its security talent gap with Immersive Labs’ CyberPro, Cyber Crisis Simulator and Application Security products Continue Reading
-
Opinion
11 Nov 2022
Security Think Tank: To stop ransomware, preparation is the best medicine
You can’t ‘stop’ ransomware, but you can do a lot to keep yourself from becoming ensnared when it strikes Continue Reading
-
News
10 Nov 2022
Cyber criminals have World Cup Qatar 2022 in their sights
Volumes of malicious cyber activity around the upcoming FIFA World Cup are already starting to tick upwards and are likely to continue to do so Continue Reading
-
Opinion
10 Nov 2022
All means all when it comes to encryption
Nigel Thorpe, technical director at SecureAge, makes the case for encrypting everything all of the time when it comes to protecting data Continue Reading
-
E-Zine
10 Nov 2022
CW Benelux: Heineken finds the right brew for digital
Heineken’s data management director has revealed some of the ways the company is using information technology to transform digitally. Also read how a PhD student in the Netherlands is detecting hidden messages on the internet by exploring the practice of steganography. Continue Reading
-
News
09 Nov 2022
Optus earmarks A$140m to cover cost of data breach
Optus sets aside A$140m as an exceptional expense for a customer remediation programme following a massive data breach that affected 10 million customers Continue Reading
-
News
09 Nov 2022
UK’s National Cyber Advisory Board convenes for first time
Government convenes National Cyber Advisory Board to further its goals of making the UK one of the safest places to live and work online Continue Reading
-
News
09 Nov 2022
Microsoft serves smorgasbord of six zero-days
November’s Patch Tuesday fixes significantly fewer vulnerabilities of late, but includes six actively-exploited zero-days, three of them of critical severity Continue Reading
-
News
09 Nov 2022
Why Sophos is bullish on managed security services
Sophos has grown its managed detection and response business to more than $100m over the last three years as more organisations grapple with the increasingly complex cyber security landscape Continue Reading
-
Opinion
09 Nov 2022
Security Think Tank: Anti-ransomware strategies should be as easy as ABC
When developing and implementing ransomware protection strategies, the importance of paying thorough attention to security measures you might consider elementary cannot be understated Continue Reading
-
E-Zine
08 Nov 2022
How the US-China chip war will affect IT leaders
In this week’s Computer Weekly, as the US ramps up semiconductor sanctions on China, we examine the ramifications across the tech sector. Cyber criminals are turning to new forms of encryption – we talk to the Dutch researchers trying to catch them. And we look at what cloud providers need to do to improve customer experience. Read the issue now. Continue Reading
-
News
07 Nov 2022
Department for Education escapes £10m fine over data misuse
Department entrusted data on 28 million children to a company called Trustopia, which turned out to be anything but trustworthy, but has escaped a £10m fine under new rules Continue Reading
-
Opinion
07 Nov 2022
To fight ransomware, we must treat digital infrastructure as critical
Ransomware defence is failing because we don’t view our digital infrastructure in the same way as our physical infrastructure, argues Elastic’s Mandy Andress Continue Reading
-
News
04 Nov 2022
Microsoft: Nation-state cyber attacks became increasingly destructive in 2022
The willingness of nation-state actors to conduct destructive cyber attacks is a source of grave concern, as Microsoft’s latest annual Digital Defence Report lays bare Continue Reading
-
Opinion
04 Nov 2022
Security Think Tank: Ransomware and CISOs’ balancing act
Ransomware has the potential to cause irreversible business damage, so CISOs should consider not only protection but also response and recovery Continue Reading
-
News
03 Nov 2022
Global coalition reaffirms commitment to fight ransomware
Representatives of 36 countries, as well as the EU, attended the second International Counter Ransomware Initiative Summit in Washington DC Continue Reading
-
News
02 Nov 2022
OpenSSL vulnerabilities ‘not as bad as feared’
As previously trailed, OpenSSL patched two buffer overflow vulnerabilities, neither of them as impactful as had been feared Continue Reading
-
News
01 Nov 2022
A third of UK cyber leaders want to quit, report says
Nearly a third of UK security leaders are considering leaving their current role, and more than half are struggling to keep on top of their workload Continue Reading
-
News
01 Nov 2022
NCSC looks back on year of ‘profound change’ for cyber
The NCSC ramped up its support for UK plc in the past 12 months, but it was events beyond the UK’s borders that proved the most impactful Continue Reading
-
News
01 Nov 2022
How Elastic is going beyond enterprise search
Elastic has been doubling down on the security and observability capabilities of its open-source platform, going beyond its roots in enterprise search Continue Reading
-
Opinion
31 Oct 2022
The risk of losing our EU data adequacy agreement is real
While some may welcome the government’s ambition to shake up the UK’s data protection regime, Westminster should be wary of drifting too far from the path charted by our US and European partners Continue Reading
-
News
31 Oct 2022
Prepare today for potentially high-impact OpenSSL bug
OpenSSL trailed a critical vulnerability patch last week, which will be only the second such flaw ever found in the open source encryption project. Unfortunately, the first was Heartbleed Continue Reading
-
News
31 Oct 2022
Cyber crime officer says French legal challenges to EncroChat are ‘hype’
Matthieu Audibert, officer of the French Gendarmerie’s cyber space command, gets into a spat with defence lawyers on Twitter over the lawfulness of evidence from the hacked phone network EncroChat Continue Reading
-
Opinion
31 Oct 2022
Security Think Tank: Container security: why so different?
Done well, container security can be a model for securing the enterprise, and businesses that focus their teams on solving it can help accelerate positive change in other areas Continue Reading
-
Opinion
28 Oct 2022
How has container security changed since 2020, and have we taken it too far?
While containers are now one of the most popular ways to deploy applications, it is fair to say that the adoption and implementation of security best practice to govern their use has not kept up Continue Reading
-
News
27 Oct 2022
NCSC’s Levy steps down after 20-year intelligence career
NCSC technical director Ian Levy bids farewell, telling his successor: ‘Don’t panic’ Continue Reading
-
Feature
27 Oct 2022
Will the OCSF create an open and collaborative cyber industry?
The Open Cybersecurity Schema Framework promises to transform security data analysis and collection, but there are challenges around adoption Continue Reading
-
News
27 Oct 2022
NHS to get new national CISO
The Department for Health and Social Care is seeking a new national CISO, who will be tasked with providing strategic cyber leadership, direction and expertise across DHSC and the wider NHS Continue Reading
-
News
27 Oct 2022
Medibank breach casts spotlight on data security
Health insurer Medibank Private recently suffered a major data breach involving the personal and health information of millions of customers, once again casting the spotlight on data security in Australia Continue Reading
-
News
27 Oct 2022
Santander calls for cooperation to tackle APP fraud
New report puts forward key recommendations that the banking sector, government and other industries could take to tackle authorised push payment fraud Continue Reading
-
Opinion
26 Oct 2022
The Conservatives are laughing at cyber security pros
If causing a security breach is a resigning matter, then you shouldn’t expect to get your old job back a week later. Unless you’re a Conservative home secretary, apparently Continue Reading
-
News
26 Oct 2022
Cuba ransomware cartel spoofs Ukraine armed forces
Ukrainian cyber experts issue a warning over the activities of the Cuba ransomware cartel Continue Reading
-
News
26 Oct 2022
Australia budget closes in on digital divide, cyber resilience
Australia’s latest budget is geared towards providing better broadband connectivity in regional and rural areas, shoring up the cyber security posture of its businesses and plugging tech talent shortages, among other areas Continue Reading
-
News
25 Oct 2022
Global digital trust market to double by 2027
The global market for digital trust technology is expected to double to $537bn by 2027, up from $270bn today as demand for cyber security and other capabilities continues to grow Continue Reading
-
News
25 Oct 2022
Digital-first businesses more willing to accept some fraud
Companies founded in the past 20 years appear more willing to accept higher levels of fraudulent activity during the customer onboarding process, according to a report Continue Reading
-
News
21 Oct 2022
Microsoft slams external researchers over its own data leak
Microsoft inadvertently leaked customer data after misconfiguring an Azure Blob, but has hit out at the organisation that discovered its error, claiming it is exaggerating the scope of the issue Continue Reading
-
Feature
20 Oct 2022
What do the US’s new software security rules mean for UK organisations?
The White House announced recently that all software supplied to the US government and its agencies needs to be secure, so what does this mean for the UK and EU security sectors? Continue Reading
-
News
20 Oct 2022
The Security Interviews: Why now for ZTNA 2.0?
With organisations facing escalating online threats, security teams need to improve their defences using zero-trust network access to preserve the integrity of their systems. Palo Alto Networks’ Simon Crocker shares his views on zero-trust network access Continue Reading
-
News
20 Oct 2022
Cyber professional shortfall hits 3.4 million
Shortage of cyber security professionals continues to grow and shows no signs of abating, says report Continue Reading
-
News
20 Oct 2022
Singapore extends cyber security labelling scheme to medical devices
The Cyber Security Agency of Singapore is extending its cyber security labelling scheme to medical devices to encourage medical device manufacturers to adopt a security-by-design approach to product development Continue Reading
-
News
19 Oct 2022
Ransomware crews regrouping as LockBit rise continues
Overall ransomware activity dropped off in the third quarter of 2022, but increasing attack volumes in September may herald a difficult few months ahead Continue Reading
-
News
19 Oct 2022
Treat cyber crime as a ‘strategic threat’, UK businesses told
The government’s new National Cyber Advisory Board aims to help elevate cyber discussion and spur action in the business community Continue Reading
-
News
18 Oct 2022
Apache vulnerability a risk, but not as widespread as Log4Shell
A newly disclosed Apache Commons Text vulnerability may put many at risk, but does not appear to be as impactful or widespread as Log4Shell Continue Reading
-
News
18 Oct 2022
Virtually all vulnerable open source downloads are avoidable
Some 96% of known vulnerable open source downloads could have been avoided altogether, according to a report Continue Reading
-
News
14 Oct 2022
Malicious WhatsApp add-on highlights risks of third-party mods
Kaspersky researchers discovered a malicious version of a widely used WhatsApp messenger mod, highlighting the risks of using so-called mods Continue Reading
-
News
14 Oct 2022
Office 365 email encryption flaw could pose risk to user privacy
A vulnerability in Microsoft Office 365 Message Encryption could leave the contents of emails dangerously exposed, but with no fix coming it’s up to users to decide how at risk they are Continue Reading
-
News
14 Oct 2022
Australia becoming hotbed for cyber attacks
Research by Imperva shows an 81% increase in cyber security incidents in Australia between July 2021 and June 2022, including automated attacks that doubled in frequency Continue Reading
-
News
13 Oct 2022
Dutch influence standards for post-quantum cryptography
Cryptology group at Dutch research institute is involved in the two primary algorithms of the next NIST portfolio comprising four new standards Continue Reading
-
News
13 Oct 2022
Gartner: Remote work, zero trust, cloud still driving cyber spend
Security leaders are eager to spend on categories including remote and hybrid cyber offerings, zero-trust network access, and cloud Continue Reading
-
E-Zine
13 Oct 2022
CW Middle East: Qatar strengthens cyber defences ahead of FIFA World Cup
Being the first Arab country to host the World Cup is pressure enough on Qatar, but there is also a massive cyber security challenge associated with any event of this magnitude. Read about its preparations. Also in this issue, find out about the unique challenges of hiring IT professionals in Saudi Arabia. Continue Reading
- 12 Oct 2022
-
News
12 Oct 2022
NCSC urges organisations to secure supply chains
NCSC’s latest guidance package centres supply chain security, helping medium to large organisations assess and mitigate cyber risks from suppliers Continue Reading
-
News
12 Oct 2022
French Supreme Court rejects EncroChat verdict after lawyers question secrecy over hacking operation
France’s Supreme Court has sent a case back to the court of appeal after police failed to disclose technical details of EncroChat hacking operation Continue Reading
-
News
12 Oct 2022
Microsoft fixes lone zero-day on October Patch Tuesday
Microsoft patched a solitary zero-day vulnerability in its latest monthly drop, but fixes for two others disclosed in the past few weeks are nowhere to be seen Continue Reading
-
News
11 Oct 2022
Contractor left Toyota source code exposed for five years
Source code related to Toyota’s T-Connect service was left exposed on GitHub for over five years by a contractor Continue Reading
-
News
10 Oct 2022
How Cloudflare is staying ahead of the curve
Cloudflare co-founder and CEO Matthew Prince talks up what has changed since the company’s first business plan was written in 2009 and how it keeps pace with the fast-moving network security landscape Continue Reading
-
News
10 Oct 2022
Ukraine and EU explore deeper cyber collaboration
A Ukrainian delegation has met with officials from the EU’s ENISA cyber agency to explore deeper cooperation on cyber security issues Continue Reading
-
Opinion
10 Oct 2022
Security Think Tank: Design security in to reap container benefits
Provided container security basics are built into your development and runtime environment from the start, containerised services and applications can provide rapid – and secure – achievement of business objectives Continue Reading
-
News
07 Oct 2022
Australia to amend telecoms regulations following Optus breach
Amendments to Australia’s telecoms regulations are in the works to temporarily allow sharing of individuals’ identifier information between telcos and financial institutions Continue Reading
-
News
06 Oct 2022
EU rolling out measures for online safety and AI liability
The European Council has approved the passage of the Digital Services Act to protect people’s rights online, while the European Commission has announced proposals to help those negatively affected by artificial intelligence to claim compensation Continue Reading
-
News
06 Oct 2022
Proposals for scanning encrypted messages should be cut from Online Safety Bill, say researchers
Automatic scanning of messaging services for illegal content could lead to one billion false alarms each day in Europe Continue Reading
-
Feature
05 Oct 2022
Air gaps for backup and how they help against ransomware
The air gap is a basic of backups and storage. We look at what’s meant by an air gap, the rise of the logical air gap, and its place in the fight against ransomware Continue Reading
-
News
05 Oct 2022
Italian Supreme Court calls for prosecutors to disclose information on Sky ECC hacking operation
Italy’s Supreme Court says Italian prosecutors and police should disclose information on how they obtained intercepted messages from the Sky ECC cryptophone network Continue Reading
-
Opinion
05 Oct 2022
Use site reliability engineering to address cloud instability
How do you prepare for a worst-case scenario, when the public cloud hosting critical components of your IT infrastructure fails? Continue Reading
-
News
05 Oct 2022
Inside Dell Technologies’ zero-trust approach
Dell Technologies’ zero-trust reference model starts with defining business controls and having a central control plane that manages all the security aspects of an organisation’s infrastructure Continue Reading
-
News
04 Oct 2022
Tories to replace GDPR
IT industry reacts to the government’s plan to replace the pan-European data protection regulation Continue Reading
-
News
04 Oct 2022
France extradites Spanish EncroChat cryptophone distributors for complicity with organised crime
Three phone sellers have been extradited from Spain to France to face charges that they were complicit in the activities of criminal EncroChat phone users Continue Reading
-
News
29 Sep 2022
Five startups to join NCSC for Startups initiative
The NCSC has invited five startups to join its NCSC for Startups programme to help the government with pressing cyber challenges facing the UK Continue Reading
-
News
29 Sep 2022
Failure of Russia’s cyber attacks on Ukraine is most important lesson for NCSC
Russia has so far failed in its attempts to destabilise Ukraine through cyber attacks due to strength of Ukrainian, security industry and international efforts Continue Reading
