IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
11 Jul 2024
Dutch research firm TNO pictures the SOC of the future
In only a few years, security operations centres will have a different design and layout, and far fewer will remain Continue Reading
-
News
04 Apr 2024
Changes needed for SOCs and CSIRTs, claims Dutch research institute
Cyber security specialists need a game-changer to keep up with their adversaries, who increasingly use automation and AI for their attacks Continue Reading
-
Opinion
06 Sep 2021
UK’s new data protection strategy risks costing business more than it gains
The apparent business benefits of pursuing data adequacy agreements around the world may not be as enticing as they at first appear Continue Reading
-
Feature
06 Sep 2021
How do SOAR and SIEM services fare in a rapidly changing cyber threat landscape?
Given that cyber risks are rapidly growing in sophistication and number, we look at whether SIEM and SOAR security tools are still effective Continue Reading
-
News
03 Sep 2021
Mandiant, Sophos detail dangerous ProxyShell attacks
Threat researchers and incident responders continue to track threat activity around the dangerous ProxyShell Microsoft Exchange vulnerabilities, including impactful ransomware hits Continue Reading
-
News
03 Sep 2021
China accused of cyber attacks on Norwegian IT systems
China-based cyber attackers have been blamed for multiple assaults on IT systems in Norway Continue Reading
-
News
02 Sep 2021
How high can the contactless card limit go without two-factor authentication?
The spending limit for contactless cards has reached an eyebrow-raising triple-digit figure – £100 – raising questions about the need for user authentication Continue Reading
-
News
02 Sep 2021
WhatsApp fined €225m over GDPR breaches
Irish data protection watchdog has issued one of the largest GDPR fines to date against Facebook-owned WhatsApp Continue Reading
-
News
02 Sep 2021
Finance firms faced up to £760,000 costs per DNS attack during pandemic
Financial services firms have been the focus of attacks by cyber criminals during the Covid-19 crisis Continue Reading
-
Opinion
02 Sep 2021
Security Think Tank: Managing data securely throughout its lifecycle
Managing data in a secure manner is key to ensuring its integrity and therefore its value to the organisation, as well as reducing risk from breaches and misinformation Continue Reading
-
News
01 Sep 2021
Experts warn on Office 365 phishing attacks
Newly observed campaign is particularly dangerous because it appears to neutralise one of the most widely known anti-phishing techniques Continue Reading
-
News
01 Sep 2021
Remote workers routinely bypassed security tools during pandemic
New data from Palo Alto Networks reveals that over 25% of UK security leaders saw their employees circumventing or switching off security measures at the height of the pandemic Continue Reading
-
Feature
01 Sep 2021
Making a mark in cyber security
Claudean Zheng’s knack for hacking landed her a career in cyber security, one that has been dotted by stints in both public and private sectors Continue Reading
-
News
31 Aug 2021
GovTech launches vulnerability rewards programme
Vulnerability rewards programme will offer rewards ranging from $250 to $5,000 to white hat hackers who find vulnerabilities in critical government systems Continue Reading
-
Opinion
27 Aug 2021
Supply chain cyber security is only as strong as the weakest link
A spate of high-profile cyber attacks has highlighted the criticality of supply chain security and put new pressures on security leaders. How can we ensure that cyber security remains robust down the full length of supply chains? Continue Reading
-
Opinion
27 Aug 2021
How the cyber security market is evolving
The cyber security market has gained even greater importance in the post-Covid era and continues to grow and evolve. But what factors are driving trends in that market and what should your organisation consider when making cyber security investments? Continue Reading
-
News
27 Aug 2021
Are proposed data protection changes a threat to UK citizens’ privacy?
Though changes are as-yet undefined pending an upcoming consultation, concerns are already being expressed over the government’s plan to liberalise data protection laws in the service of innovation and growth Continue Reading
-
News
26 Aug 2021
Government unveils post-Brexit data flow proposals
The government will pursue data partnerships with countries including Australia, South Korea and the US as part of a post-Brexit data regime that may also see substantial changes to the UK’s data protection law Continue Reading
-
Opinion
26 Aug 2021
Security Think Tank: Steps to a solid data privacy practice
Petra Wenham of the BCS shares her expertise on building, or rebuilding, a solid business data privacy practice in a post-Covid-19 world Continue Reading
-
News
26 Aug 2021
NZ privacy lead John Edwards named new information commissioner
DCMS has named John Edwards, currently New Zealand privacy commissioner, to succeed Elizabeth Denham as UK information commissioner Continue Reading
-
News
25 Aug 2021
Calling the cops for ransomware attacks doesn’t help, say cyber pros
A new study for the #Ransomaware campaign reveals some insight into why so few victims report ransomware attacks Continue Reading
-
News
25 Aug 2021
UK loses £1.3bn to fraud and cyber crime so far this year
New figures from the National Fraud Intelligence Bureau show a threefold spike in reported financial losses to fraud and cyber crime in the first six months of 2021 Continue Reading
-
News
24 Aug 2021
Half of MS Exchange servers at risk in ProxyShell debacle
Up to 50% of MS Exchange users in the UK are exposed to three vulnerabilities that are now being actively exploited Continue Reading
-
Opinion
24 Aug 2021
The ransomware debate – to pay or not to pay?
The debate around banning ransomware payments is highly nuanced, and we must take care to avoid overt victim-blaming, in favour of an open and honest approach, says SASIG’s Martin Smith Continue Reading
-
News
24 Aug 2021
Over a million opt out of NHS data-sharing
Failure to communicate benefits of data-sharing proposals and privacy concerns are prompting large numbers of people to opt out of a proposed NHS Digital scheme Continue Reading
-
E-Zine
24 Aug 2021
How datacentre power growth is leaving Dublin in distress
In this week’s Computer Weekly, we look at the challenges faced by Dublin’s datacentre sector, as growth leaves the city’s electricity infrastructure creaking. We ask whether recent initiatives to close the UK’s digital skills gaps are working. And we examine the latest injustice to hit the Post Office Horizon scandal. Read the issue now. Continue Reading
-
Feature
23 Aug 2021
Considerations when deciding on a new SIEM or SOAR tool
A successful deployment of any security tool very much depends on the maturity of security processes in the organisation Continue Reading
-
News
23 Aug 2021
Flexxon and Lenovo tie up on AI-infused SSDs
Singapore-based Flexxon teams up with Lenovo to make its solid-state drive that uses artificial intelligence to fend off cyber threats available on ThinkPad-based laptops Continue Reading
-
Opinion
20 Aug 2021
Security Think Tank: Data privacy not in isolation, but on a spectrum
The gap between data privacy and data governance is narrowing, and security leaders need to be aware of the implications, says KuppingerCole’s Anne Bailey Continue Reading
-
News
19 Aug 2021
Pub apps harvesting swathes of customer data unnecessarily
Some pub and restaurant chain apps demand data such as gender and marital status, raising eyebrows among privacy campaigners Continue Reading
-
News
19 Aug 2021
IT leaders fear ‘trickle-down’ of nation-state cyber attacks
Three-quarters of IT decision-makers are concerned that the tactics, techniques and procedures used by nation-state attackers could be used against them Continue Reading
-
News
18 Aug 2021
MoD seeks security tech to harden military systems
The Defence and Security Accelerator has launched a programme to root out technology that will reduce the military’s exposure to cyber attacks Continue Reading
-
Opinion
18 Aug 2021
Security Think Tank: Data privacy and ethics in a post-Covid world
The radical change caused by the pandemic requires new approaches to data privacy practice, says PA Consulting’s Daniel Gordon Continue Reading
-
News
17 Aug 2021
Educational publisher Pearson fined for data breach cover-up
Securities and Exchange Commission says publisher misled its investors over the extent of a 2018 data breach Continue Reading
-
News
17 Aug 2021
Security Think Tank: Building privacy-preserving apps and platforms
ISACA’s Gaurav Deep Singh Johar explores how to embed privacy practices into digital platform architecture Continue Reading
-
16 Aug 2021
When is SIEM the right choice over SOAR?
Better instrumentation leads to better IT security but monitoring can quickly overload IT teams. Automation can help, but it may not always be needed Continue Reading
-
News
16 Aug 2021
Nearly half of retailers hit by ransomware in 2020
In the face of increasingly prevalent and sophisticated ransomware attacks, retail organisations need to develop alternative ways of restoring lost or encrypted data, as paying the ransom does not guarantee its return in almost a third of cases Continue Reading
-
Feature
16 Aug 2021
When is SIEM the right choice over SOAR?
Better instrumentation leads to better IT security but monitoring can quickly overload IT teams. Automation can help, but it may not always be needed Continue Reading
-
News
13 Aug 2021
Cyber Runway programme supports new security businesses
The Cyber Runway programme is a government-backed scheme to support entrepreneurs, startups and scaleups in launching and growing new security businesses Continue Reading
-
News
12 Aug 2021
ICO consults on new international data transfer agreement
Information Commissioner’s Office to consult on its draft international data transfer agreement and guidance, which will replace standard contractual clauses to protect personal data during overseas transfers Continue Reading
-
E-Zine
12 Aug 2021
CW Benelux: Netherlands sees increase in the number of women opting for an ICT career
The IT skills gap in the Netherlands could be about to narrow as more women take up jobs in the sector. Figures from last year revealed that the number of female ICT professionals grew by 6.5%, while the number of male ICT professionals increased by only 1.7%. Read more about it in this issue. Also find out why more openness about ransomware attacks in the Dutch business community could be the first step to defeating a growing problem. Continue Reading
-
News
11 Aug 2021
Microsoft fixes seven critical bugs on light Patch Tuesday
All seven critical vulnerabilities in Microsoft’s August Patch Tuesday were related to remote code execution, and there was one zero-day related to Windows Update Medic Service Continue Reading
-
News
11 Aug 2021
The Netherlands still lacks digital resilience, says report
Report by National Coordinator for Counterterrorism and Security says the Netherlands’ digital resilience has improved, but is still insufficient Continue Reading
-
News
10 Aug 2021
Ransomware demands and payments hit new records
Ransomware groups continue to intensify their operations as ransom demands and payments increase alongside use of “quadruple extortion” tactics during first half of 2021 Continue Reading
-
News
10 Aug 2021
Dutch lead the way in protecting themselves against internet risks
Dutch citizens come top in a study on awareness of internet risks in Europe, which showed major differences across the continent Continue Reading
-
E-Zine
10 Aug 2021
Real-time data analytics in action
In this week’s Computer Weekly, we examine the emerging applications of real-time analytics and highlight the challenges for businesses to maximise the benefits. EU experts are calling for reform of US surveillance laws – we look at the issues. And we talk to the co-CEO of HR software giant Workday. Read the issue now. Continue Reading
-
News
10 Aug 2021
Researchers uncover database with 126 million unsecured records
Business-to-business marketing firm OneMoreLead was storing tens of millions of records in an unsecured database, exposing at least 63 million people to fraud, identify theft and phishing campaigns Continue Reading
-
News
10 Aug 2021
How Grab is using Kafka in fraud detection
Grab is using Apache Kafka in its fraud detection and prevention platform to ingest event streams from its mobile software development kits and client backends to pick up fraudulent activities Continue Reading
-
News
05 Aug 2021
Nine security flaws found in critical hospital infrastructure
The ‘PwnedPiper’ vulnerabilities identified in systems used by 80% of US hospitals could be used to launch ransomware attacks Continue Reading
-
News
05 Aug 2021
SAP customers more alert to internal than external threats
SAP customers are more concerned by insider threats than by external attacks, according to a report. And yet the average SAP customer has around 2,500 vulnerabilities within their customised SAP code Continue Reading
-
News
05 Aug 2021
Cloud misconfiguration a growing cause of security incidents
Rapid cloud adoption during the pandemic has increased the attack surface and heightened the risk of misconfiguring services, leaving organisations more vulnerable to cyber attacks Continue Reading
-
News
04 Aug 2021
Initial access brokers unaffected by ransomware content bans
Banning ransomware content from cyber crime forums has done little to prevent initial access brokers from advertising their services, with the number of access listings increasing in the second quarter of 2021 Continue Reading
-
News
03 Aug 2021
Ransomware attacks increase dramatically during 2021
Dramatic increase in ransomware attacks globally during first half of 2021 driven by triple extortion technique, and is only set to expand further Continue Reading
-
Opinion
02 Aug 2021
Five tips to ensure your crisis comms plan is ready for a cyber attack
Business leaders take note: standard crisis communications plans are inadequate if you have fallen victim to a cyber attack. HPL’s Ted Birkhahn shares five tips to make sure you are ready to face the public Continue Reading
-
News
28 Jul 2021
Almost half unaware of GP data-sharing plans
Around half of adults in England – approximately 20 million people – remain unaware of the scope of the NHS GPDPR programme, prompting calls for a public education campaign Continue Reading
-
News
28 Jul 2021
Top vulnerabilities target perimeter devices
The most frequently exploited CVEs of the year so far are to be found in perimeter and network access devices, according to a joint advisory from the NCSC and partners Continue Reading
-
News
28 Jul 2021
COP26 cyber resource hub launched for Glasgow businesses
New digital information hub for Glasgow business to help organisations keep secure both physically and online ahead of major climate change summit Continue Reading
-
Opinion
28 Jul 2021
Security Think Tank: Consider cyber policies and procedures as you welcome employees back
With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading
-
News
27 Jul 2021
ICO ends its involvement in dispute between NatWest Bank and data breach whistleblower
The Information Commissioner’s Office has ended its involvement in a dispute between a data breach whistleblower and NatWest bank Continue Reading
-
News
27 Jul 2021
How IBM is solving the data privacy problem
IBM’s fully homomorphic encryption technology lets enterprises apply analytics and machine learning to encrypted data without compromising data privacy Continue Reading
-
E-Zine
27 Jul 2021
Are we getting cyber security skills all wrong?
In this week’s Computer Weekly, the chair of the new UK Cyber Security Council tells us how she plans to fundamentally reimagine what working in IT security means. Our latest buyer’s guide examines ERP modernisation and its role in digital transformation. And we take an in-depth look at the first preview version of Windows 11. Read the issue now. Continue Reading
-
News
25 Jul 2021
Tokyo 2020 hit by data breach
The user names and passwords of Tokyo 2020 ticket holders and event volunteers were reportedly compromised, but government official claims the data leak was not large Continue Reading
-
News
25 Jul 2021
OAIC: Uber failed to protect personal data of Australians
Uber did not take reasonable steps to protect Australians’ personal information from unauthorised access, says Australia’s national privacy watchdog Continue Reading
-
Feature
21 Jul 2021
Five ways to ensure remote working security and compliance
A mix of on-site and remote working has become a fact of life for many organisations. We look at five key things you should consider to ensure compliance and security Continue Reading
-
News
21 Jul 2021
France’s Macron among alleged Pegasus targets
Data relating to devices used by French president Emmanuel Macron and the head of the World Health Organization, among others, has been uncovered in a dataset linked to government use of spyware Continue Reading
-
News
20 Jul 2021
NCSC’s Cameron urges deeper cyber alliance-building
Speaking to an event in Israel, NCSC CEO Lindy Cameron has praised joint UK-Israeli efforts on security collaboration Continue Reading
-
Opinion
20 Jul 2021
Sparsely staffed offices: the new post-pandemic cyber gap
With many offices still operating at limited capacity, a red teaming expert reveals how his job is getting easier, and why this is a problem Continue Reading
-
Opinion
20 Jul 2021
The Secret IR Insider’s Diary: It’s all gone quie...
The ‘Q’ word isn’t one that’s really used in incident response, says the Secret IR Insider, largely because as soon as you use it, something happens Continue Reading
-
News
20 Jul 2021
NHS Digital tightens rules for GPDPR data scrape
The proposed collection of patient data held by GPs will now only commence when three key criteria have been fulfilled, says NHS Digital Continue Reading
-
Opinion
20 Jul 2021
Security Think Tank: A return to the office is not a return to normal
With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading
-
E-Zine
20 Jul 2021
Ripe for change – mixing digital innovation with traditional winemaking
In this week’s Computer Weekly, we find out how global winemaker Concha y Toro uses the latest tech to enhance 150-year old traditional processes. Pharma giant GSK explains how an API strategy is changing its business model. And we talk to retailers using video technology to bridge the gap between in-store and online selling. Read the issue now. Continue Reading
-
Opinion
19 Jul 2021
Is tech team remuneration opening up a new form of cyber risk?
Failing to reward cyber security staff in line with increases for other members of the tech team could open up new risks to organisations Continue Reading
-
News
15 Jul 2021
Macquarie Data Centres to build Sydney North facility
Macquarie Data Centres’ latest 32MW facility will come with a cyber security centre that monitors and manages cyber security events Continue Reading
-
15 Jul 2021
APAC CISOs warm up to zero-trust
Security leaders in Asia-Pacific are adopting zero-trust security, but challenges stand in their way of reaping the full potential of the security model Continue Reading
-
E-Zine
15 Jul 2021
CW APAC: Trend Watch on supply chain security
In this handbook, Computer Weekly looks at the rise of supply chain attacks, the challenges that come with zero trust security and attacks on the Covid-19 vaccine supply chain Continue Reading
-
News
15 Jul 2021
Lawyers take EncroChat hacking operation to French supreme court
Lawyers head to French supreme court after appeals court finds EnroChat inception legal under French law Continue Reading
-
News
15 Jul 2021
Privacy Shield: US surveillance law reforms essential for EU-US data, says EU parliamentary study
EU Committee on Civil Liberties, Justice and Home Affairs study calls for major reforms of US spying laws to enable an EU-US data-sharing agreement to replace Privacy Shield Continue Reading
-
News
15 Jul 2021
Singapore to invest S$50m in ‘digital trust’ capabilities
The Singapore government is pumping in S$50m to bolster research in technologies that will foster digital trust in areas such as privacy protection and identity management Continue Reading
-
News
14 Jul 2021
Multiple Microsoft bugs being actively exploited
Microsoft’s July Patch Tuesday update fixes 117 vulnerabilities, 13 rated as critical and four already being actively exploited Continue Reading
-
News
13 Jul 2021
Modipwn vulnerability puts millions of building systems at risk
Authentication bypass vulnerability in a Schneider Electric product could lead to device takeover Continue Reading
-
News
13 Jul 2021
Met Police seize £180m worth of Bitcoin
The largest ever seizure of cryptocurrency in the UK comes just weeks after a previous multi-million pound confiscation, as law enforcement clamps down on money laundering Continue Reading
-
News
13 Jul 2021
Dutch prosecutor ordered to give evidence on EncroChat hack
Netherlands court rules that a public prosecutor should give evidence about the role of the Dutch in the EncroChat cryptophone hack which has led to arrests of organised gangs worldwide Continue Reading
-
News
12 Jul 2021
NSW department of education hit by cyber attack
Australia’s New South Wales department of education takes some systems offline as a precautionary measure in response to a cyber attack last Thursday Continue Reading
-
News
11 Jul 2021
Ransomware and botnets among top cyber threats in Singapore
The city-state saw more ransomware threats and command-and-control servers hosted out of its highly connected network infrastructure last year, as threat actors capitalised on the pandemic Continue Reading
-
Opinion
09 Jul 2021
Are you betting your future on the worst gambling odds in the world?
Gambling is a high-risk strategy. Doing nothing in the face of the threat from ransomware and hoping for the best provides some of the worst odds you will ever come across Continue Reading
-
Opinion
09 Jul 2021
Choose the right ITSM tool for digital era success
IT service management (ITSM) tools are essential for many organisations to help optimise the design, delivery, support, use and governance of IT, but not all ITSM solutions are created equal, therefore selecting the right one is crucial Continue Reading
-
Opinion
08 Jul 2021
Why identity is the central problem for the future of the internet
As debate rages over who has the right to control user identities online, is the concept of decentralised identity about to have its day? Continue Reading
-
News
08 Jul 2021
PrintNightmare haunts Microsoft as patch may miss mark
Microsoft dropped an out-of-band patch to fix PrintNightmare, but there are concerns it may not be totally effective. This does not mean it shouldn’t be applied Continue Reading
-
Opinion
08 Jul 2021
Security Think Tank: Reopening is an opportunity to reassess wider security posture
With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading
-
News
07 Jul 2021
US government given permission to appeal UK’s decision to not extradite Julian Assange
US offers assurances that Assange could serve time in his home country of Australia if convicted Continue Reading
-
News
07 Jul 2021
ICO to probe Hancock over private email use
Former health secretary faces an investigation by the UK’s data protection watchdog over his use of private email to conduct government business Continue Reading
-
News
07 Jul 2021
How the UK Cyber Security Council plans to professionalise security
As chair of the new UK Cyber Security Council, Claudia Natanson is in a superb position to develop professional standards in IT security and she intends to fundamentally reimagine what a security job actually is Continue Reading
-
Opinion
07 Jul 2021
Security Think Tank: As offices reopen, address patching and ‘build drift’
With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading
-
News
06 Jul 2021
Klarna under investigation by Swedish finance watchdog
Swedish fintech is being investigated by financial services regulator after customer information was visible to others Continue Reading
-
News
06 Jul 2021
Cyber insurance costs up by a third
The frequency and severity of ransomware attacks is a leading factor behind a substantial increase in the cost of obtaining cyber security insurance Continue Reading
-
Opinion
06 Jul 2021
Security Think Tank: Returning workers to the office: Is your security posture up to date?
With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading
-
Opinion
05 Jul 2021
Going back to office networks, only to dismantle them once and for all
With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading
-
News
03 Jul 2021
Berlin court finds EncroChat intercept evidence cannot be used in criminal trials
In a major setback for police hacking operations, Berlin’s regional court has decided that intercepted data from the EncroChat phone network should not be used in criminal prosecutions Continue Reading
-
Opinion
02 Jul 2021
The secret to building a future-proof cyber security team
In a post-pandemic digital world, where cyber criminals see a feast of opportunities, what are the secrets to building a world-class cyber security function? Continue Reading
-
Opinion
02 Jul 2021
Security Think Tank: Hydration, hiring, hacking – lessons in post-Covid risk
With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading
-
News
02 Jul 2021
Should I be worried about PrintNightmare?
The accidental publication of proof of concept code for a Windows vulnerability, and the reclassification of said bug from low to critical severity, has the cyber community concerned. Is it right to be? Continue Reading
-
News
02 Jul 2021
Cyber attackers up the ante on embattled IT teams
Opportunistic threat actors are pouncing on embattled IT teams that are under pressure to expand remote work arrangements Continue Reading