IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
16 May 2025
No workaround leads to more pain for VMware users
There are patches for the latest batch of security alerts from Broadcom, but VMware users on perpetual licences may not have access Continue Reading
-
News
16 May 2025
Security tests reveal serious vulnerability in government’s One Login digital ID system
A ‘red teaming’ exercise to simulate cyber attacks on the government’s flagship digital identity system has found that One Login can be compromised without detection Continue Reading
-
News
20 Apr 2022
AWS fixes vulnerabilities in Log4Shell hot patch
AWS issues fixes for a series of Log4Shell hot patches after they turned out to leave its services vulnerable to further exploitation Continue Reading
-
News
20 Apr 2022
NSO Group faces court action after Pegasus spyware used against targets in UK
Three human rights activists whose phones were targeted by spyware traced to Saudi Arabia and the United Arab Emirates have begun legal action against both countries and Israel’s NSO Group Technologies Continue Reading
-
News
19 Apr 2022
Hammers sign Acronis as backup and security in one
West Ham United set to replace separate backup from Veeam and a variety of security products with Acronis Cyber Protect to have backup, data protection and file share on a single platform Continue Reading
-
News
14 Apr 2022
Lack of expertise hurting UK government’s cyber preparedness
UK government bodies and critical infrastructure owners cite a lack of staff resources, and internal and external expertise, as hampering factors when it comes to cyber readiness, according to a report Continue Reading
-
News
14 Apr 2022
Incontroller ICS malware has ‘rare, dangerous’ capabilities, says Mandiant
Mandiant joins a growing chorus of warnings over novel nation state threats to ICS systems Continue Reading
-
News
13 Apr 2022
More ANZ organisations warm to DevSecOps
About four in 10 organisations in Australia and New Zealand are undertaking the transition to development, security and operations, while a further 36% plan to do so in 2022, study finds Continue Reading
-
News
12 Apr 2022
Universal IAM policy failings put cloud environments at risk
Almost all organisations lack appropriate IAM policy controls to effectively secure their data in the cloud, according to a damning study Continue Reading
-
News
12 Apr 2022
AI researcher says police tech suppliers are hostile to transparency
Expert witness in Lords police tech inquiry welcomes committee’s findings but questions whether its recommendations on how to end the ‘Wild West’ of police artificial intelligence and algorithmic technologies in the UK would be implemented Continue Reading
-
News
08 Apr 2022
Was Spring4Shell a lot of hot air? No, but...
Find out why Spring4Shell was apparently not as impactful a security problem as many had at first feared, and why it’s on the cyber community as a whole to do better Continue Reading
-
E-Zine
07 Apr 2022
CW Middle East: UAE and UK researchers work on ‘trustworthy’ cloud OS for datacentres
Imperial College London is embarking on a three-year project with an Abu Dhabi-based group of researchers to find ways for datacentre operators and cloud providers to secure their infrastructure. Also read how Dubai is positioning itself to reap the benefits of a promising global market for drone technology. Continue Reading
-
News
05 Apr 2022
Triple-threat Borat malware no joke for victims
Unlike its namesake, the newly discovered Borat malware won’t raise a smile for IT security pros Continue Reading
-
News
04 Apr 2022
How remote browser isolation can mitigate cyber threats
Remote browser isolation can help to mitigate browser-based attacks by separating a user’s browsing activity from the device Continue Reading
-
News
01 Apr 2022
Four moves to ‘checkmate’ critical assets thanks to lax cloud security
Malicious actors can compromise 94% of critical assets within four steps of the initial breach point, according to a report Continue Reading
-
News
31 Mar 2022
Global upheaval shows cyber security isn’t good enough, says GCHQ director
Generational global upheaval has laid bare significant gaps in national cyber strategies, GCHQ chief Jeremy Fleming has said in a speech Continue Reading
-
News
30 Mar 2022
One-third of UK firms suffer a cyber attack every week
New statistics from the annual DCMS Cyber security breaches survey reveal the extent and frequency with which UK organisations are being attacked by malicious actors Continue Reading
-
Feature
30 Mar 2022
Recruitment risks: Avoiding the dangers of fraudulent candidates
Tech companies are seeing an increase in fraudulent job applications, with associated impacts on risk and cyber security. So how can organisations protect themselves from fraudulent applicants while ensuring they recruit the best talent? Continue Reading
-
News
30 Mar 2022
Australia to spend A$9.9bn on intelligence and cyber capabilities
The Morrison government is investing in a landmark package of measures to shore up the intelligence and cyber security capabilities of the Australian Signals Directorate Continue Reading
-
News
29 Mar 2022
NCSC: Not necessarily wise to ditch Kaspersky
UK’s National Cyber Security Centre issues refreshed guidance on organisations’ usage of technology and services of Russian origin, but stops short of advising users to expunge all Russian products from their IT estates Continue Reading
-
News
29 Mar 2022
Wave of Log4j-linked attacks targeting VMware Horizon
Sophos issues a new warning to organisations that have so far failed to patch their VMware Horizon servers against Log4Shell Continue Reading
-
News
29 Mar 2022
FCA reports 52% jump in security incidents
The Financial Conduct Authority received 116 cyber incident reports in 2021, a fifth of them involving ransomware Continue Reading
-
E-Zine
29 Mar 2022
Ten years of the Raspberry Pi
In this week’s Computer Weekly, as the Raspberry Pi reaches its 10th anniversary, we look back on how the low-cost computing device went from schools to supercomputers and even into space. Gartner offers tips on how to motivate IT staff in a hybrid working environment. And we meet the Dutch hackers helping to secure the internet. Read the issue now. Continue Reading
-
News
29 Mar 2022
Singapore rolls out cyber security certification scheme
Two new cyber security marks are expected to provide an edge for Singapore businesses with good cyber security practices Continue Reading
-
News
28 Mar 2022
IT professionals wary of government campaign to limit end-to-end encryption
Members of the Chartered Institute of IT, the professional body for technology professionals in the UK, warn against limiting end-to-end encryption Continue Reading
-
News
25 Mar 2022
US offers concessions on surveillance and privacy as EU and US agree successor to Privacy Shield
EU and US agree data privacy framework allowing trans-Atlantic data transfers after US offers concessions on surveillance and new rights of redress for EU citizens Continue Reading
-
News
25 Mar 2022
European Commission proposes new cyber security regulations
New cyber and information security regulations have been proposed by the European Commission to create a minimum set of standards in both areas Continue Reading
-
News
25 Mar 2022
London police arrest seven in connection to Lapsus$
Seven people arrested by London police over cyber attacks carried out by Lapsus$ group, which is responsible for a number of recent, high profile attacks Continue Reading
-
News
25 Mar 2022
How Lapsus$ exploited the failings of multifactor authentication
Attacks on Nvidia and Okta highlight weak MFA and the risk of employees being bribed or falling victim to social engineering Continue Reading
-
Blog Post
25 Mar 2022
Striking a balance between risk and innovation: Lessons from an autonomous ship
I wasn’t sure what to expect when I turned up for an event at the Historic Dockyards in Portsmouth, UK. The planned star of the show - an unmanned ship called Mayflower 400 - couldn’t actually be ... Continue Reading
-
News
24 Mar 2022
Ransomware demands and payments increase with use of leak sites
Ransomware demands and payments continue to climb as gangs increasingly turn to Dark Web leak sites to add pressure on victims Continue Reading
-
News
24 Mar 2022
The Security Interviews: Red gets automated
We speak to Jack Stockdale, CTO of Darktrace, about Cambridge’s strong data analytics and artificial intelligence links and the role of AI in cyber security Continue Reading
-
News
24 Mar 2022
How India organisations can mitigate cyber threats
Organisations in India will need to invest more in cloud security, gain more visibility into their systems and improve security awareness among employees to fend off cyber attacks Continue Reading
-
News
23 Mar 2022
NHS urgent care provider uses ID and access management to reduce complexity for clinicians
Provider of care through NHS 111 is using a cloud-based identity and access management system to remove the need for clinicians to remember multiple passwords Continue Reading
-
News
22 Mar 2022
Biden issues warning about Russian cyber attacks
President Biden has said that US companies running critical infrastructure should immediately harden their defences in anticipation of potential cyber attacks from Russia Continue Reading
-
News
22 Mar 2022
Details of Conti ransomware affiliate released
Information about a new Conti affiliate has been released by eSentire and BreakPoint Lab after a joint investigation into the group’s indicators of compromise Continue Reading
-
Opinion
22 Mar 2022
Revised scope of UK security strategy reflects digitised society
The omission of the word ‘security’ from the title of the UK government’s new National Cyber Strategy is a telling one, reflecting our increasingly digitised society, say Maximillian Brook and Arunoshi Singh of the ISF Continue Reading
-
Opinion
21 Mar 2022
How 2022’s most significant data privacy trends affect your organisation
Data privacy and protection are now core responsibilities for most, but as we all know by now, compliance is a moving target. Here, expert Alan Calder looks ahead at what to expect in the coming months Continue Reading
-
Opinion
21 Mar 2022
UK Cyber Strategy a welcome injection of progress
The National Cyber Strategy should be seen as a welcome injection of both focus and investment in bettering cyber defence for everyone, says Turnkey Consulting senior consultant Louise Barber Continue Reading
-
News
18 Mar 2022
Dark web littered with Ukraine crypto scammers
Cryptocurrency scammers are actively targeting people trying to donate funds to support Ukraine Continue Reading
-
News
18 Mar 2022
Ukrainian cyber defences prove resilient
Thanks to a combination of prior experience and global support, Ukraine’s defences against cyber incidents are holding strong in the face of Russian attacks Continue Reading
-
Opinion
18 Mar 2022
National Cyber Strategy will enhance UK’s cyber power status
The UK punches above its weight when it comes to wielding cyber power around the world, but challenges to this status are clear. The National Cyber Strategy has a clear role to play in maintaining and enhancing this status, writes Paddy Francis of Airbus Cybersecurity Continue Reading
-
News
17 Mar 2022
Online Safety Bill introduced in Parliament
The government has introduced its long-awaited Online Safety Bill in Parliament, alongside new criminal offences and sanctions for tech company execs Continue Reading
-
News
17 Mar 2022
Alarm raised over ‘trickster’ LokiLocker ransomware
The new LokiLocker ransomware is, like its namesake, adept at tricks and misdirection, say BlackBerry researchers Continue Reading
-
News
16 Mar 2022
Biden signs ransomware reporting mandate into law
CNI operators in the US must now report cyber attacks within 72 hours, and ransomware payments within 24 hours Continue Reading
-
News
16 Mar 2022
German authorities warn on Kaspersky but stop short of ban
Germany authorities warn Kaspersky users to consider alternatives to the firm’s flagship antivirus software, citing national security concerns and the war on Ukraine Continue Reading
-
News
15 Mar 2022
Supreme Court refuses Julian Assange extradition appeal
The case will be referred to the home secretary Priti Patel to make a decision. The WikiLeaks founder has yet to say whether he will file further appeals Continue Reading
-
E-Zine
15 Mar 2022
How the tech sector is supporting Ukraine
In this week’s Computer Weekly, we examine the global tech sector response to the invasion of Ukraine, and how hackers are responding to calls for an IT army to target Russia. Our latest buyer’s guide looks at cloud-based ERP and other business applications. And IBM’s UK chief tells us how Big Blue is reinventing itself. Read the issue now. Continue Reading
-
Opinion
14 Mar 2022
Encryption myths versus realities of Online Safety Bill
The UK government can’t legislate the impossible – a safer society depends on encryption, not breaking it Continue Reading
-
Opinion
10 Mar 2022
National Cyber Strategy misses the mark in one important way
The National Cyber Strategy is full of fine words, says Petra Wenham, but as the old expression goes, fine words butter no parsnips, and it misses the mark in one very important way Continue Reading
-
News
09 Mar 2022
Paid-for advertising measures included in Online Safety Bill
New measures to deal with fraudulent paid-for advertising have been included in the government’s draft Online Safety Bill, marking the fourth extension in two months Continue Reading
-
News
09 Mar 2022
Microsoft serves up three zero-days on March Patch Tuesday
Three zero-days pop up in Microsoft’s March update, along with a number of other noteworthy concerns for defenders Continue Reading
-
Feature
08 Mar 2022
How APAC organisations can mitigate edge security threats
The move to the edge expands an organisation’s attack surface. Here are some measures that organisations can take to minimise their edge security risks Continue Reading
-
Opinion
07 Mar 2022
When more is too much in security
The view that more security tools equals better protection still persists, but security researcher Etay Maor argues that success in cyber lies in simplicity Continue Reading
-
Opinion
04 Mar 2022
Assessing the aims of the Government Cyber Security Strategy
The clear aims of the Government Cyber Security Strategy are welcome, but are they realistic or achievable? Continue Reading
-
News
03 Mar 2022
Direct action is a risky business for Ukraine's volunteer hackers
Hackers have been responding to Ukraine’s call to create an IT army, but there are many reasons why taking direct action in a kinetic conflict is a bad idea Continue Reading
-
Definition
02 Mar 2022
North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan is a set of standards aimed at regulating, enforcing, monitoring and managing the security of the Bulk Electric System (BES) in North America. Continue Reading
-
News
02 Mar 2022
Cyber companies step up support for Ukraine
Security companies Bitdefender and Vectra AI are both to offer products and services in support of Ukraine Continue Reading
-
News
02 Mar 2022
SunSeed malware hits those involved in Ukraine refugee relief
European governments involved in managing the logistics of hundreds of thousands of people fleeing Ukraine have been targeted by a suspected state-backed actor Continue Reading
-
News
02 Mar 2022
Ban predictive policing systems in EU AI Act, says civil society
A coalition of civil society groups has called on European lawmakers to use the upcoming Artificial Intelligence Act as an opportunity to ban predictive policing systems Continue Reading
-
News
01 Mar 2022
DCMS opens consultation on telecoms cyber standards
Proposed rules will set out the specific measures telecoms providers need to take to fulfil their legal duties under the Telecommunications Security Act Continue Reading
-
Definition
28 Feb 2022
risk assessment framework (RAF)
A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure. Continue Reading
-
News
28 Feb 2022
Cloudflare: Our network is our product
Cloudflare’s chief product officer explains why its network is its product and how it protects organisations against cyber threats Continue Reading
-
Feature
24 Feb 2022
Define RPO and RTO tiers for storage and data protection strategy
We look at RPO and RTO in defining data protection and disaster recovery strategies and how to specify tiers that reflect the importance of different systems in your organisation Continue Reading
-
Opinion
24 Feb 2022
The UK’s cyber security sector is thriving, but our work has only just begun
The government’s Annual Cyber Sector Report painted a positive picture of the UK security industry. CIISec’s Amanda Finch thinks we can go further in developing cyber talent and opening up the sector Continue Reading
-
News
24 Feb 2022
KnowBe4 cyber drama tackles Colonial Pipeline in fourth season
KnowBe4’s ongoing cyber security training drama, The Inside Man, reaches its fourth season with a plot drawing inspiration from one of the most impactful cyber attacks of 2021 Continue Reading
-
News
24 Feb 2022
Security organisations form Nonprofit Cyber coalition
Founding members of the Nonprofit Cyber coalition pledge to enhance joint action on cyber security around the world Continue Reading
-
News
24 Feb 2022
New cyber guidelines to safeguard construction sector
NCSC launches sector-specific security guidance for organisations in the construction industry, with input from the Chartered Institute of Building Continue Reading
-
E-Zine
24 Feb 2022
CW Nordics: Swedish drone app gets life-saving equipment to heart attack victims
Thanks to an app developed in Sweden, drones can get life-saving equipment to heart-attack victims before emergency services can arrive on the scene, potentially increasing patient survival rates. Also in this issue, read about a Swedish bank's time-saving robots, and how Finland aims to democratise the ‘wild west’ of AI. Continue Reading
-
News
24 Feb 2022
Russia behind dangerous Cyclops Blink malware
Joint NCSC CISA advisory attributes a dangerous malware, dubbed Cyclops Blink, to Russia’s Sandworm APT, likely a GRU unit, with WatchGuard users at particular risk Continue Reading
-
News
23 Feb 2022
Backups ‘no longer effective’ for stopping ransomware attacks
Traditional methods of mitigating ransomware are less efficacious thanks to the rise in double and triple extortion techniques Continue Reading
-
News
23 Feb 2022
No imminent cyber threat to UK from Russia
Intelligence officials say they have no evidence or indication that Russian cyber attackers are preparing offensive assaults on infrastructure or organisations in Britain Continue Reading
-
News
23 Feb 2022
IBM opens cyber security hub in India
Big Blue’s new cyber security hub, comprising a cyber range, software development facilities and a security operations centre, will serve enterprises across the Asia-Pacific region Continue Reading
-
News
22 Feb 2022
UK organisations swift to chide phishing victims
While UK organisations are doing better at security training, many are quick to punish employees who fall victim to phishing attacks, whether real or simulated Continue Reading
-
Opinion
22 Feb 2022
Security Think Tank: Good training is all about context
In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service? Continue Reading
-
E-Zine
22 Feb 2022
Think nation-state cyber attacks won’t hit you? Think again…
In this week’s Computer Weekly, with Russian state cyber attacks in the news, we find out why security professionals in every organisation need to remain alert. Our buyer’s guide looks at the tools and programmes helping improve IT training. And we look at how the traditional sport of golf is undergoing a digital transformation. Read the issue now. Continue Reading
-
News
21 Feb 2022
Zoom gains NCSC Cyber Essentials Plus and NHS security badges
Video platform Zoom has added a number of UK-specific cyber certifications to help it demonstrate its platform is safeguarded against common threats Continue Reading
-
Feature
17 Feb 2022
It takes a village: Protecting kids online is everyone’s responsibility
The rapid uptake of smartphones among children has contributed to the increasing number of cases of cyber bullying and online grooming. Is this an educational issue or a cultural problem, and can modern enterprise help? Continue Reading
-
News
17 Feb 2022
Red Cross cyber attack the work of nation-state actors
The International Committee of the Red Cross now believes the January 2022 attack on its systems to have been the work of an undisclosed nation state Continue Reading
-
News
16 Feb 2022
2021 another record year for UK cyber investment
Total revenue generated by the UK’s cyber sector was up 14% last year, and UK-registered security firms raised over £1bn in investment Continue Reading
-
News
16 Feb 2022
DDoS attacks hit Ukrainian defence ministry and banks
A further wave of cyber attacks has taken place against targets in Ukraine amid heightened tension in the region Continue Reading
-
News
16 Feb 2022
Cloud Security Alliance publishes guidelines to bridge compliance and DevOps
The Cloud Security Alliance has published a report detailing practices that organisations can adopt to bridge the gap between compliance and software development and operations Continue Reading
-
Definition
15 Feb 2022
proxy hacking
Proxy hacking is a cyber attack technique designed to supplant an authentic webpage in a search engine's index and search results pages to drive traffic to an imitation site. Continue Reading
-
News
15 Feb 2022
TA2451 targets aviation and transport sector with tailored lures
Newly designated cyber criminal group favours highly specific lures and a tried-and-tested modus operandi to compromise targets in the aviation, aerospace and transport sectors Continue Reading
-
News
15 Feb 2022
China emerges as leader in vulnerability exploitation
Threat actors linked to China are emerging as a significant force in the weaponisation of newly discovered CVEs Continue Reading
-
E-Zine
14 Feb 2022
On a mission to track space junk
In this week’s Computer Weekly, we talk to the space experts tracking orbital debris using graph database technology. We meet the startups taking very different approaches in trying to develop commercial quantum computers. And we ask why it’s so difficult to build a data science team and how to overcome the challenges. Read the issue now. Continue Reading
-
News
11 Feb 2022
Lack of knowledge disastrous for effective security strategy within Dutch companies
Most Dutch companies still haven’t realised that security is an integral part of their IT and company strategy Continue Reading
-
News
11 Feb 2022
Why security professionals should pay attention to what Russia is doing
Even though the average organisation is an unlikely target for a Russian state cyber attack, here's why security teams still need to watch what Russian threat groups are up to Continue Reading
-
News
11 Feb 2022
Hackney Council could be forced to answer questions about IT security training after Psya ransomware
Council is negotiating with the information commissioner after refusing to reply to questions under the Freedom of Information Act about staff IT and security training during the pandemic Continue Reading
-
News
10 Feb 2022
How diplomatic immunity silenced the prosecutor who coordinated Sweden’s EncroChat probe
Defence lawyers claim Swedish court decision not to hear evidence from a Swedish prosecutor leaves important legal questions unanswered over international police operation to hack EncroChat cryptophone network Continue Reading
-
E-Zine
10 Feb 2022
CW Benelux: Unesco members adopt AI ethics recommendation
Unesco member state have adopted an AI ethics recommendation that seeks to define a common set of values and principles to guide the development of ethical AI globally. Also read about a large-scale national cyber exercise in the Netherlands, and the Estonian government’s Siri-like digital assistant. Continue Reading
-
News
09 Feb 2022
Linux-based clouds an open door for attackers, says VMware
Its prevalence as a cloud operating system means Linux is becoming a meal ticket for malicious actors, but the security industry does not seem to have cottoned on to this yet, says VMware Continue Reading
-
News
09 Feb 2022
Ransomware ever more sophisticated and impactful, warns NCSC
UK’s National Cyber Security Centre teams up with US and Australian partners in a joint advisory warning organisations of the increasing sophistication exhibited by criminal ransomware gangs Continue Reading
-
News
09 Feb 2022
Microsoft stomps on 48 bugs in February Patch Tuesday update
It’s a light Patch Tuesday for February 2022, as Microsoft issues fixes for just 48 CVEs, including a solitary zero-day Continue Reading
-
News
09 Feb 2022
Tech companies risk being compelled by law to protect children, says online safety expert
John Carr, a child safety campaigner backing a government-funded campaign on the dangers of end-to-end encryption to children, says tech companies have no choice but to act Continue Reading
-
Opinion
09 Feb 2022
Five key tech trends for digital leaders in 2022
The past two years have seen a surge in investment that will bring new challenges to digital leaders over the next year Continue Reading
-
News
08 Feb 2022
The Security Interviews: Building the UK’s future cyber ecosystem
As the government lays out the next iteration of its Cyber Security Strategy, we speak to Plexal and Lorca’s Saj Huq about his work building a cyber ecosystem to support the UK’s future ambitions Continue Reading
-
News
04 Feb 2022
Check Point looks to plug ASEAN’s cyber security gap
Check Point is shoring up its sales force and partner ecosystem to address the cyber security needs of small and mid-sized businesses in a region that is highly targeted by threat actors Continue Reading
-
News
03 Feb 2022
BlackCat crew supposedly behind OilTanking ransomware heist
Preliminary reports from Germany’s national cyber authority indicate the recent OilTanking ransomware attack may have been the work of the BlackCat group Continue Reading
-
News
03 Feb 2022
Crisp supply shortage looms after KP Snacks hit by ransomware
Supplies of Hula Hoops and many other snack brands are under threat after a ransomware attack on the systems of KP Snacks Continue Reading
-
News
03 Feb 2022
French Supreme Court raises constitutional questions over EncroChat hacking secrecy
Conseil Constitutionnel to decide whether ‘defence secrecy’ over state EncroChat cryptophone hacking breaches French constitution Continue Reading
-
Opinion
02 Feb 2022
Security Think Tank: How to build a human firewall
In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service? Continue Reading