IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
30 May 2025
Dutch businesses lag behind in cyber resilience as threats escalate
While non-IT business professionals in the middle of their careers face the most disruption from AI, professionals in the IT services sector and their employers must prepare for change Continue Reading
-
Feature
30 May 2025
How cyber security professionals are leveraging AWS tools
It’s now essential for IT security teams to have oversight of cloud computing, and AWS offers a plethora of tools to make managing it easier. Find out how cyber pros are using them in the wild Continue Reading
-
News
29 Sep 2022
Optus breach casts spotlight on cyber resilience
The massive data breach that affected more than 10 million Optus customers has cast the spotlight on API security and other factors that contribute to the cyber resilience of organisations in Australia Continue Reading
-
News
28 Sep 2022
Data protection in Finland, four years after GDPR came into force
Data privacy has always been a big concern in Finland, so the country naturally has a lot to say about the General Data Protection Regulation four years on Continue Reading
-
Opinion
28 Sep 2022
Security Think Tank: Three steps to a solid DevSecOps strategy
Read about how buyers can manage third-party risk when procuring applications, how to secure the software development process, and even how to affect cultural change among developers not used to thinking cyber first Continue Reading
-
News
28 Sep 2022
Most hackers exfiltrate data within five hours of gaining access
Insights from more than 300 sanctioned adversaries, otherwise known as ‘ethical’ hackers, reveal that around two-thirds are able to collect and exfiltrate data within just five hours of gaining access Continue Reading
-
News
27 Sep 2022
Fraudsters adapt phishing scams to exploit cost-of-living crisis
Around 80,000 Brits a month are falling victim to phishing attacks as fraudsters switch up tactics to take advantage of cost-of-living crisis and behavioural changes prompted by pandemic Continue Reading
-
News
26 Sep 2022
Bank warns of spike in online cost-of-living scams
Fraudsters are exploiting the cost-of-living crisis by tricking people into sending money to help friends and relatives pay bills, TSB has warned Continue Reading
-
News
26 Sep 2022
How Russian intelligence hacked the encrypted emails of former MI6 boss Richard Dearlove
Hack by Russian-linked ColdRiver group exposed former MI6 chief Richard Dearlove’s contacts and email communications with government, military, intelligence and political officials Continue Reading
-
Opinion
23 Sep 2022
It’s time for engineering teams to own DevSecOps
It may seem counterintuitive, but maybe organisations should consider delegating responsibility for DevSecOps to engineering teams, not security teams, argues Elastic’s Mandy Andress Continue Reading
-
News
23 Sep 2022
How Great Eastern is transforming its IT organisation
Singapore-based insurer Great Eastern made painstaking efforts to rid itself of legacy systems and transformed its IT organisation to become nimbler by building up its cloud and DevOps capabilities Continue Reading
-
News
22 Sep 2022
Nordic private equity firms pursue cyber security acquisitions
Increasing interest in the security sector from Nordic private equity firms is a reflection of growing threats and increasing enterprise security budgets Continue Reading
-
News
22 Sep 2022
Inside SolarWinds’ observability playbook
SolarWinds’ CEO Sudhakar Ramakrishna talks up the company’s observability playbook and offers a glimpse into its technology roadmap Continue Reading
-
News
21 Sep 2022
15-year-old Python bug present in 350,000 open source projects
A Python tarfile vulnerability first disclosed in 2007 still persists to this day, according to analysis from Trellix Continue Reading
-
News
21 Sep 2022
ANZ organisations using antiquated backup and recovery systems
Nearly half of ANZ organisations are still using backup and recovery systems from over a decade ago, hampering their ability to protect their data assets and recover from ransomware attacks Continue Reading
-
News
20 Sep 2022
Thousands of customers affected in Revolut data breach
Digital challenger bank has warned its customers to be vigilant after their data was exposed in a cyber attack Continue Reading
-
E-Zine
20 Sep 2022
A gold medal performance for networking
In this week’s Computer Weekly, we find out how the IT team behind the 2022 Commonwealth Games in Birmingham delivered a winning performance. We also look at how the centuries-old London insurance market is going digital, thanks to Lloyd’s of London. And we find out how low-cost high street stores succumbed to the inevitable and are going online. Read the issue now. Continue Reading
-
News
16 Sep 2022
Six new vulnerabilities added to CISA catalogue
CISA adds six new vulnerabilities to its most-wanted list, including one that dates back to 2010 Continue Reading
-
News
15 Sep 2022
Nominations closing soon for annual cyber awards
Nominations for the annual Security Serious Unsung Heroes Awards closes 16 September Continue Reading
-
News
15 Sep 2022
New player pioneers ‘active cyber insurance’ for UK market
Arrival of US-based insurer Coalition in London will supposedly offer SMEs more options when it comes to cyber security insurance Continue Reading
-
News
15 Sep 2022
Organisations failing to account for digital trust
The vast majority of businesses are well aware of the importance of digital trust, yet very few have a dedicated staff role responsible for it, report finds Continue Reading
-
News
14 Sep 2022
FormBook knocks Emotet off top of malware chart
FormBook emerged as the most widely seen malware in August, according to Check Point’s latest data Continue Reading
-
News
14 Sep 2022
Ex-CISA head Krebs: Disrupt ransomware support networks to win the war
Speaking at an event hosted by data protection specialist Rubrik, former CISA director Chris Krebs calls for the security community to work collectively to kick out the supports from under ransomware gangs Continue Reading
-
News
14 Sep 2022
NCSC warns public of potential Queen-related phishing attacks
The National Cyber Security Centre is urging users to be on guard against phishing attacks during the period of national mourning for the Queen Continue Reading
-
News
13 Sep 2022
Cloud compromise a doddle for threat actors as victims attest
Two separate studies into the state of public cloud security reveal insight into the ease with which threat actors can compromise vast numbers of targets, and some of the challenges security teams are facing in the cloud Continue Reading
-
News
13 Sep 2022
Users warned over Azure Active Directory authentication flaw
Secureworks researchers found what they say is a serious vulnerability in an Azure Active Directory authentication method, but Microsoft says it should not pose a serious risk to users Continue Reading
-
E-Zine
13 Sep 2022
Source responsibly: Tech sector efforts to root out forced labour are failing
In this week’s Computer Weekly, we analyse the technology industry’s failure to extirpate forced labour and slavery from its supply chains. We find out how cyber security firm Okta is rebuilding customer trust after a major security incident. And we discover how Caterpillar is modernising its data management to offer better customer service. Read the issue now. Continue Reading
-
News
12 Sep 2022
Mandiant floats off into Google Cloud
As planned, the acquisition of Mandiant will see the threat intel and incident response giant become a part of Google’s Cloud business Continue Reading
-
News
12 Sep 2022
CISOs should spend on critical apps, cloud, zero-trust, in 2023
Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts Continue Reading
-
E-Zine
09 Sep 2022
CW Europe: Why Russia could become the world’s biggest market for illegal IT
Faced with international sanctions and the departure of many global IT suppliers from Russia, companies there are seeking alternative, and sometimes illegal, routes to access IT products. Also read how new requirements are driving scientists and engineers in Europe back to the lab to start developing 6G technology. Continue Reading
-
Opinion
09 Sep 2022
Security Think Tank: Adding trust to AppSec and DevSecOps
When building in trust and assurance into app development through standards, it is critically important not to stifle innovation Continue Reading
-
News
08 Sep 2022
NCSC CyberUK event heads to Belfast in 2023
National Cyber Security Centre’s annual CyberUK roadshow is crossing the Irish Sea to Belfast in April 2023 Continue Reading
-
News
08 Sep 2022
Chinese APT using PlugX malware on espionage targets
China’s Bronze President APT is once again targeting government officials of interest to its paymasters, this time using forged diplomatic correspondence, according to the Secureworks Counter Threat Unit Continue Reading
-
Podcast
08 Sep 2022
Does quantum matter? A Computer Weekly Downtime Upload podcast
In this special edition of the Computer Weekly Downtime Upload podcast, Ilyas Khan, CEO of Quantinuum, discusses the quantum computing revolution Continue Reading
-
News
08 Sep 2022
Dutch cyber security organisations to join forces
Cyber security organisations in the Netherlands are going to merge into a single central expertise centre and information hub, which all organisations in the country will soon be able to tap into Continue Reading
-
Opinion
08 Sep 2022
Security Think Tank: Creating a DevSecOps-friendly cyber strategy
When slowing down is not an option, you need to find a security strategy that is DevSecOps friendly, says Airbus Protect’s Olivier Allaire Continue Reading
-
News
08 Sep 2022
India’s wake-up call on health data privacy
Health app developers and industry watchers in India are keeping an eye on data privacy following the reversal of the Roe vs Wade ruling in the US Continue Reading
-
News
07 Sep 2022
Albania cuts diplomatic ties with Iran after cyber attack
In a global geopolitical first, the Albanian government has severed diplomatic ties with Iran and expelled its ambassador after it was targeted by an APT backed by Tehran Continue Reading
-
Opinion
07 Sep 2022
Security Think Tank: The many dimensions of DevSecOps
It is imperative to make our colleagues and customers know that when we talk DevSecOps, we are facing a multiphase challenge that starts at the very beginning of DevOps, and one that never ends Continue Reading
-
News
07 Sep 2022
Digital identity is key to coping with surge in air travel
The International Air Transport Association’s One ID digital identity initiative will pave the way for seamless air travel from curb to gate and help airports cope with growing passenger traffic Continue Reading
-
News
05 Sep 2022
How Okta is regaining customer trust after a cyber attack
In early 2022, cyber firm Okta was among several tech companies hit by the Lapsus$ gang. Vice-president of customer trust Ben King talks about how he has been working behind the scenes to rebuild confidence after the incident Continue Reading
-
Opinion
05 Sep 2022
Security Think Tank: Good procurement practices pave the way to app security
Application security is as much a question of good procurement practice as it is good development practice, says Petra Wenham of the BCS Continue Reading
-
News
01 Sep 2022
Local authorities experience 10,000 attempted cyber attacks every day
Local authorities across the UK face a daily deluge of cyber incidents, with phishing and DDoS attacks the most prevalent, according to an insurance broker Continue Reading
-
News
01 Sep 2022
Swedish Electronics Protection Act coincides with major cyber spend
Swedish cyber security law comes at a time of heavy government investment Continue Reading
-
News
01 Sep 2022
New (ISC)² cyber careers schemes go live
(ISC)² has opened up two new global cyber careers schemes to applicants to try to help organisations fill 2.7 million vacant roles worldwide Continue Reading
-
Opinion
01 Sep 2022
Security Think Tank: Effective DevSecOps requires collaboration
Application security and effective DevSecOps can only be achieved through collaboration with the business – the ultimate goal is to make it safer to do business, which requires considering integrated risk management and identity and access management alongside cyber security and application security Continue Reading
-
Tip
31 Aug 2022
Use ISO/TS 22317:2021 to shape your business impact analysis
ISO/TS 22317:2021 is a useful tool for BCDR practitioners and other personnel tasked with executing a BIA, which can often be a highly complex activity. Continue Reading
-
Blog Post
31 Aug 2022
AI will make you surplus to requirements
We live in an age where it is possible for someone, irrespective of their level of talent, to create an artistic masterpiece, simply by keying a few descriptive words into an AI-powered art ... Continue Reading
-
News
30 Aug 2022
UK government presses on with new cyber rules for telcos
Government has finalised new security rules for telecoms companies and will move to make them binding in the near future Continue Reading
-
News
25 Aug 2022
CIOs: Geopolitics impacts your IT strategy
Research from analyst Gartner illustrates how geopolitics is influencing IT strategies Continue Reading
-
Podcast
25 Aug 2022
James Hatch, BAE Systems: Computer Weekly Downtime Upload podcast
We speak to the chief digital officer at BAE Systems’ Digital Intelligence business about the challenges of “digital” in high-trust organisations Continue Reading
-
E-Zine
25 Aug 2022
CW Nordics: Norway struggles to keep up with demand for tech specialists
The growing importance of IT in all industries, along with a shortage in skills, make for an excellent high-tech job market for candidates in Norway. Read how recruiters are struggling to keep up with demand. Also read how the Danish government encourages research in strategic fields to attract tech companies. Continue Reading
-
News
24 Aug 2022
Most CISOs think they’ve been attacked by a nation state
Most organisations have made changes to their cyber strategies and policies following Russia’s invasion, and almost two-thirds suspect they have been directly targeted or impacted by a nation-state cyber attack Continue Reading
-
News
24 Aug 2022
Alleged Twitter security failings spell trouble ahead
Twitter’s former security head, Peiter Zatko, has alleged a number of serious cyber failures at the social media platform, raising the spectre of investigations and sanctions Continue Reading
-
News
23 Aug 2022
NCSC shares cyber guidance for large infrastructure builds
Balfour Beatty and McAlpine are among the large construction firms to have input into latest NCSC guidance for ensuring the security of major infrastructure projects Continue Reading
-
E-Zine
23 Aug 2022
How digital technology rescued Merlin
In this week’s Computer Weekly, we talk to the CTO of Merlin Entertainments – operator of Legoland, Sea Life and Alton Towers – to find out how digital saved the company when Covid shut all its theme parks. We look at how software and data analytics can help to track – and reduce – greenhouse gas emissions. And Southern Water explains how data helps to support its most vulnerable customers. Read the issue now. Continue Reading
-
Podcast
22 Aug 2022
State of open source: Computer Weekly Downtime Upload podcast
In this special edition of the Computer Weekly Downtime Upload podcast, OpenUK’s Amanda Brock speaks to Cliff Saran about open source challenges Continue Reading
-
News
22 Aug 2022
Lloyd’s to end insurance coverage for state cyber attacks
Lloyd’s of London has instructed its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels of risk Continue Reading
-
News
19 Aug 2022
Google employees demand end to collection of abortion data
In the wake of the US Supreme Court rolling back abortion rights, Google employees are calling on the company to stop collecting abortion-related data, so that it can never be shared with police Continue Reading
-
News
18 Aug 2022
Amazon Ring vulnerability could have been used to spy on users
A now-patched vulnerability in the Amazon Ring mobile app could have been exploited to expose users’ video recordings, but was complex to exploit, according to the researchers who stumbled upon it Continue Reading
-
News
18 Aug 2022
It takes a breach to force boards to take notice of cyber, says UK government
Too often, it takes a major incident for business leadership to pay attention to cyber issues, according to a government-commissioned study of victims Continue Reading
-
Opinion
18 Aug 2022
Why you should start your post-quantum encryption migration now
Some say we have the best part of a decade to prepare for the security risks that quantum computing presents to current encryption tech, but PA Consulting experts believe that timeframe is shrinking dramatically Continue Reading
-
News
16 Aug 2022
Why organisations need to harmonise their CIO and CISO roles
Unless properly managed, conflicting responsibilities between the chief information officer and the chief information security officer can cause project delays and budget overruns, says Netskope’s Mike Anderson Continue Reading
-
News
15 Aug 2022
Lawyers and journalists sue CIA and Mike Pompeo over Assange surveillance claims
CIA and its former director sued over allegations that they authorised unlawful spying on US citizens when they visited WikiLeaks founder Julian Assange at the Ecuadorian Embassy in London Continue Reading
-
News
12 Aug 2022
How critical infrastructure operators can secure OT data
Cohesity’s CISO discusses the challenges of securing data in operational technology systems and what can be done to mitigate security threats Continue Reading
-
News
10 Aug 2022
‘Coopetition’ a growing trend among ransomware gangs
Sophos shares data from its new X-Ops unit at Black Hat in Las Vegas, revealing a growing number of ransomware victims being attacked by multiple gangs at the same time Continue Reading
-
News
09 Aug 2022
Cyber insurance getting harder to obtain
Organisations looking to shore up their security postures face more and more barriers to obtaining cyber insurance Continue Reading
-
News
08 Aug 2022
NHS recovering key services after attack on supplier
Incident at software provider Advanced took out multiple NHS services before the weekend, including the 111 advice service Continue Reading
-
News
05 Aug 2022
Reliance on PSN may have exacerbated cyber attack impact
As it seeks a new supplier to reinvigorate the migration away from the Public Services Network, the Cabinet Office says relying on the legacy network may be putting public sector bodies at heightened risk in cyber attacks Continue Reading
-
News
04 Aug 2022
UK has biggest card fraud problem in Europe
Social Market Foundation calls on the UK to get a grip on its huge problem with bank card fraud in Europe Continue Reading
-
News
04 Aug 2022
SBRC to administer NCSC training across Scotland
The Scottish Business Resilience Centre has been awarded a £500,000 contract to extend cyber resilience training across more than 250 at-risk organisations Continue Reading
-
Opinion
04 Aug 2022
Reimagining ethical digital technology
With ever-increasing digitisation leading to greater dependence on a range of digital technologies, enterprises need to urgently look at how they can incorporate ethical and social considerations into the tech they develop Continue Reading
-
News
03 Aug 2022
New EU due diligence law needs amending to stop tech sector abuse
European corporate due diligence directive seeking to transform how companies approach their human rights and environmental risk is welcome, but without further changes, it will fail to effectively curb tech firms’ harmful practices, claims international non-profit Continue Reading
-
News
03 Aug 2022
DrayTek patches SOHO router bug that left thousands exposed
Network hardware supplier has fixed an unauthenticated RCE vulnerability in multiple routers in its Vigor line, after being alerted by Trellix researchers Continue Reading
-
News
28 Jul 2022
H0lyGh0st ransomware gang faces challenges, but still a threat
Digital Shadows reports on the recently identified H0lyGh0st ransomware outfit, a new threat actor operating out of North Korea that faces some clear challenges, but is nevertheless still a live threat Continue Reading
-
News
28 Jul 2022
NCSC startups scheme turns focus to operational technology, SME security
NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses Continue Reading
-
News
28 Jul 2022
Cyber criminals pivot away from macros as Microsoft changes bite
As Microsoft resumes blocking macros by default in its Office application suite, reversing a temporary reversal, analysis from Proofpoint suggests the action has had a remarkable effect Continue Reading
-
News
27 Jul 2022
Consumers left out of pocket as security costs soar
As the average cost of a security incident reaches an all-time high of nearly $4.5m, an IBM Security study reveals how these costs are being passed on to ordinary people Continue Reading
-
News
27 Jul 2022
Cyber security training ‘boring’ and largely ignored
Two-thirds of employees don’t bother to pay attention to cyber security training – and the fault does not lie with them Continue Reading
-
Opinion
27 Jul 2022
Security Think Tank: Don’t rely on insurance alone
Cyber insurance is a useful addition to the cyber protection toolbox. However, it cannot be regarded as a replacement for the controls that should be in operation, says Turnkey Consulting’s Tom Venables Continue Reading
-
News
26 Jul 2022
Secret court asked to quash a decade of MI5 surveillance warrants following ‘systemic breaches’
The culture at MI5 was to ‘prioritise’ missions ‘over everything else’, including compliance with safeguards designed to protect the public, the UK’s most secret court heard yesterday Continue Reading
-
News
26 Jul 2022
No More Ransom initiative helps 1.5 million people in six years
One and a half million people have now taken advantage of free ransomware decryption tools offered by a joint European project Continue Reading
-
News
26 Jul 2022
Visibility and proactive stance needed to secure OT systems
Critical infrastructure operators need to have more visibility into their IT and operational technology environment, and take a more active stance to fend off sophisticated adversaries, expert says Continue Reading
-
News
26 Jul 2022
Ducktail infostealer targets Facebook Business users
Newly uncovered Ducktail operation targets individuals with access to Facebook Business service and tries to steal their accounts Continue Reading
-
E-Zine
26 Jul 2022
Inside Russia’s Ukraine information operations
In this week’s Computer Weekly, we get the inside track on Russia’s disinformation operations attempting to spread propaganda and cyber threats about the invasion of Ukraine. Our new buyer’s guide looks at customer and employee experience management. And we assess 10 top Kubernetes backup suppliers. Read the issue now. Continue Reading
-
News
25 Jul 2022
Home Office ‘unlawfully’ approved MI5 bulk surveillance warrants
MI5 provided ‘false information’ to the Home Office to secure bulk surveillance warrants, the Investigatory Powers Tribunal heard Continue Reading
-
News
25 Jul 2022
NCSC seeks community input for Cyber Advisor service
The NCSC is proposing to establish a new Cyber Advisor service to train up experts in security guidance, and is inviting interested parties to come forward Continue Reading
-
News
25 Jul 2022
The Security Interviews: Why you need to protect abandoned digital assets
The war in Ukraine and subsequent boycott of Russia resulted in a swathe of digital infrastructure being abandoned, becoming a potential vulnerability for many organisations, says Cyberpion’s Ran Nahmias Continue Reading
-
News
25 Jul 2022
TMT firms among top targets for cyber attacks in Singapore
Organisations in the technology, media and telecoms sector were among the most lucrative targets for malicious actors as their services penetrate almost every aspect of society Continue Reading
-
News
21 Jul 2022
GCHQ experts back scanning of encrypted phone messages to fight child abuse
Ian Levy, technical director of the NCSC, and Crispin Robinson, technical director of GCHQ, back client-side scanning software on mobile phones to detect child abuse Continue Reading
-
News
21 Jul 2022
Buy ‘plug-n-play’ malware for the price of a pint of beer
Three-quarters of malwares and almost 90% of exploits retail on the dark web for about £8.40 or less, according to a report Continue Reading
-
News
20 Jul 2022
(ISC)² expands entry-level cyber programme after UK success
Flush with success from a UK certification programme, reaching 100k in the UK, (ISC)² now wants to provide free security certification to a million people worldwide Continue Reading
-
News
20 Jul 2022
Cato aims to bust cyber myths as it extends network protections
Cato Networks is beefing up its platform’s security features with ransomware and data loss protections, and the firm’s security strategy lead Etay Maor is using the occasion – and his unique access to billions of data points from the firm’s network – to explode some cyber myths Continue Reading
-
E-Zine
19 Jul 2022
Tracking the rise of homeworking across the UK
In this week’s Computer Weekly, new figures show that homeworking has more than doubled in the UK due to the pandemic – we look at the regional differences. The pressure is growing on cyber security teams – we analyse the expert advice on how to avoid staff burnout and lost talent. And we examine the important role that tech startups play in the rapid growth of Amazon Web Services. Read the issue now. Continue Reading
-
Feature
18 Jul 2022
What to look for when taking out a cyber insurance policy
We look at the steps organisations need to take when buying cyber insurance Continue Reading
-
News
15 Jul 2022
NHS trust ‘deliberately’ deleted up to 90,000 emails before tribunal hearing
A high-profile case brought by NHS whistleblower Chris Day raises questions about the adequacy of information governance practices in NHS hospital trusts Continue Reading
-
News
15 Jul 2022
Log4Shell on its way to becoming ‘endemic’
US government report concludes that, like Covid, Log4Shell will be with us for a long time to come Continue Reading
-
E-Zine
14 Jul 2022
CW APAC: Buyer’s guide to backup and recovery software
The cyber threat landscape leaves firms with little room for error. In this handbook, focused on backup and recovery software in the Asia-Pacific region, Computer Weekly looks at data protection capabilities, how Veeam aims to achieve a market-leading position, Rubrik’s focus on recovery and Kubernetes’s mission to meet the challenges of containerised application environments. Continue Reading
-
News
14 Jul 2022
Videogame maker Bandai Namco confirms cyber attack
Bandai Namco, developer of videogames including Pac-Man, Tekken and Dark Souls, has broken days of silence to confirm it has been hit by a cyber attack Continue Reading
-
News
14 Jul 2022
How hostile government APTs target journalists for cyber intrusions
Proofpoint shares data on multiple campaigns of cyber intrusions against journalists originating from threat actors aligned to the governments of China, Iran, North Korea and Turkey Continue Reading
-
News
13 Jul 2022
July Patch Tuesday brings more than 80 fixes, one zero-day
While some admins can put their feet up and let Windows Autopatch do the hard work of updating their Microsoft estates, for the rest of us, the Patch Tuesday bandwagon keeps on keeping on Continue Reading
-
News
13 Jul 2022
ICO calls for review into government use of private email and WhatsApp messages
Information Commissioner’s Office reprimands Department of Health and Social Care after ministers and officials conducted government business on their own email accounts and messaging apps Continue Reading