IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
30 Apr 2025
Current SaaS delivery model a risk management nightmare, says CISO
JPMorgan Chase security chief Patrick Opet laments the state of SaaS security in an open letter to the industry and calls on software providers to do more to enhance resilience Continue Reading
-
News
30 Apr 2025
Co-op shuts off IT systems to contain cyber attack
A developing cyber incident at Co-op has forced the retailer to pull the plug on some of its IT systems as it works to contain the attack Continue Reading
-
News
29 Mar 2022
Singapore rolls out cyber security certification scheme
Two new cyber security marks are expected to provide an edge for Singapore businesses with good cyber security practices Continue Reading
-
News
28 Mar 2022
IT professionals wary of government campaign to limit end-to-end encryption
Members of the Chartered Institute of IT, the professional body for technology professionals in the UK, warn against limiting end-to-end encryption Continue Reading
-
News
25 Mar 2022
US offers concessions on surveillance and privacy as EU and US agree successor to Privacy Shield
EU and US agree data privacy framework allowing trans-Atlantic data transfers after US offers concessions on surveillance and new rights of redress for EU citizens Continue Reading
-
News
25 Mar 2022
European Commission proposes new cyber security regulations
New cyber and information security regulations have been proposed by the European Commission to create a minimum set of standards in both areas Continue Reading
-
News
25 Mar 2022
London police arrest seven in connection to Lapsus$
Seven people arrested by London police over cyber attacks carried out by Lapsus$ group, which is responsible for a number of recent, high profile attacks Continue Reading
-
News
25 Mar 2022
How Lapsus$ exploited the failings of multifactor authentication
Attacks on Nvidia and Okta highlight weak MFA and the risk of employees being bribed or falling victim to social engineering Continue Reading
-
Blog Post
25 Mar 2022
Striking a balance between risk and innovation: Lessons from an autonomous ship
I wasn’t sure what to expect when I turned up for an event at the Historic Dockyards in Portsmouth, UK. The planned star of the show - an unmanned ship called Mayflower 400 - couldn’t actually be ... Continue Reading
-
News
24 Mar 2022
Ransomware demands and payments increase with use of leak sites
Ransomware demands and payments continue to climb as gangs increasingly turn to Dark Web leak sites to add pressure on victims Continue Reading
-
News
24 Mar 2022
The Security Interviews: Red gets automated
We speak to Jack Stockdale, CTO of Darktrace, about Cambridge’s strong data analytics and artificial intelligence links and the role of AI in cyber security Continue Reading
-
News
24 Mar 2022
How India organisations can mitigate cyber threats
Organisations in India will need to invest more in cloud security, gain more visibility into their systems and improve security awareness among employees to fend off cyber attacks Continue Reading
-
News
23 Mar 2022
NHS urgent care provider uses ID and access management to reduce complexity for clinicians
Provider of care through NHS 111 is using a cloud-based identity and access management system to remove the need for clinicians to remember multiple passwords Continue Reading
-
News
22 Mar 2022
Biden issues warning about Russian cyber attacks
President Biden has said that US companies running critical infrastructure should immediately harden their defences in anticipation of potential cyber attacks from Russia Continue Reading
-
News
22 Mar 2022
Details of Conti ransomware affiliate released
Information about a new Conti affiliate has been released by eSentire and BreakPoint Lab after a joint investigation into the group’s indicators of compromise Continue Reading
-
Opinion
22 Mar 2022
Revised scope of UK security strategy reflects digitised society
The omission of the word ‘security’ from the title of the UK government’s new National Cyber Strategy is a telling one, reflecting our increasingly digitised society, say Maximillian Brook and Arunoshi Singh of the ISF Continue Reading
-
Opinion
21 Mar 2022
How 2022’s most significant data privacy trends affect your organisation
Data privacy and protection are now core responsibilities for most, but as we all know by now, compliance is a moving target. Here, expert Alan Calder looks ahead at what to expect in the coming months Continue Reading
-
Opinion
21 Mar 2022
UK Cyber Strategy a welcome injection of progress
The National Cyber Strategy should be seen as a welcome injection of both focus and investment in bettering cyber defence for everyone, says Turnkey Consulting senior consultant Louise Barber Continue Reading
-
News
18 Mar 2022
Dark web littered with Ukraine crypto scammers
Cryptocurrency scammers are actively targeting people trying to donate funds to support Ukraine Continue Reading
-
News
18 Mar 2022
Ukrainian cyber defences prove resilient
Thanks to a combination of prior experience and global support, Ukraine’s defences against cyber incidents are holding strong in the face of Russian attacks Continue Reading
-
Opinion
18 Mar 2022
National Cyber Strategy will enhance UK’s cyber power status
The UK punches above its weight when it comes to wielding cyber power around the world, but challenges to this status are clear. The National Cyber Strategy has a clear role to play in maintaining and enhancing this status, writes Paddy Francis of Airbus Cybersecurity Continue Reading
-
News
17 Mar 2022
Online Safety Bill introduced in Parliament
The government has introduced its long-awaited Online Safety Bill in Parliament, alongside new criminal offences and sanctions for tech company execs Continue Reading
-
News
17 Mar 2022
Alarm raised over ‘trickster’ LokiLocker ransomware
The new LokiLocker ransomware is, like its namesake, adept at tricks and misdirection, say BlackBerry researchers Continue Reading
-
News
16 Mar 2022
Biden signs ransomware reporting mandate into law
CNI operators in the US must now report cyber attacks within 72 hours, and ransomware payments within 24 hours Continue Reading
-
News
16 Mar 2022
German authorities warn on Kaspersky but stop short of ban
Germany authorities warn Kaspersky users to consider alternatives to the firm’s flagship antivirus software, citing national security concerns and the war on Ukraine Continue Reading
-
News
15 Mar 2022
Supreme Court refuses Julian Assange extradition appeal
The case will be referred to the home secretary Priti Patel to make a decision. The WikiLeaks founder has yet to say whether he will file further appeals Continue Reading
-
E-Zine
15 Mar 2022
How the tech sector is supporting Ukraine
In this week’s Computer Weekly, we examine the global tech sector response to the invasion of Ukraine, and how hackers are responding to calls for an IT army to target Russia. Our latest buyer’s guide looks at cloud-based ERP and other business applications. And IBM’s UK chief tells us how Big Blue is reinventing itself. Read the issue now. Continue Reading
-
Opinion
14 Mar 2022
Encryption myths versus realities of Online Safety Bill
The UK government can’t legislate the impossible – a safer society depends on encryption, not breaking it Continue Reading
-
Opinion
10 Mar 2022
National Cyber Strategy misses the mark in one important way
The National Cyber Strategy is full of fine words, says Petra Wenham, but as the old expression goes, fine words butter no parsnips, and it misses the mark in one very important way Continue Reading
-
News
09 Mar 2022
Paid-for advertising measures included in Online Safety Bill
New measures to deal with fraudulent paid-for advertising have been included in the government’s draft Online Safety Bill, marking the fourth extension in two months Continue Reading
-
News
09 Mar 2022
Microsoft serves up three zero-days on March Patch Tuesday
Three zero-days pop up in Microsoft’s March update, along with a number of other noteworthy concerns for defenders Continue Reading
-
Feature
08 Mar 2022
How APAC organisations can mitigate edge security threats
The move to the edge expands an organisation’s attack surface. Here are some measures that organisations can take to minimise their edge security risks Continue Reading
-
Opinion
07 Mar 2022
When more is too much in security
The view that more security tools equals better protection still persists, but security researcher Etay Maor argues that success in cyber lies in simplicity Continue Reading
-
Opinion
04 Mar 2022
Assessing the aims of the Government Cyber Security Strategy
The clear aims of the Government Cyber Security Strategy are welcome, but are they realistic or achievable? Continue Reading
-
News
03 Mar 2022
Direct action is a risky business for Ukraine's volunteer hackers
Hackers have been responding to Ukraine’s call to create an IT army, but there are many reasons why taking direct action in a kinetic conflict is a bad idea Continue Reading
-
Definition
02 Mar 2022
North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan is a set of standards aimed at regulating, enforcing, monitoring and managing the security of the Bulk Electric System (BES) in North America. Continue Reading
-
News
02 Mar 2022
Cyber companies step up support for Ukraine
Security companies Bitdefender and Vectra AI are both to offer products and services in support of Ukraine Continue Reading
-
News
02 Mar 2022
SunSeed malware hits those involved in Ukraine refugee relief
European governments involved in managing the logistics of hundreds of thousands of people fleeing Ukraine have been targeted by a suspected state-backed actor Continue Reading
-
News
02 Mar 2022
Ban predictive policing systems in EU AI Act, says civil society
A coalition of civil society groups has called on European lawmakers to use the upcoming Artificial Intelligence Act as an opportunity to ban predictive policing systems Continue Reading
-
News
01 Mar 2022
DCMS opens consultation on telecoms cyber standards
Proposed rules will set out the specific measures telecoms providers need to take to fulfil their legal duties under the Telecommunications Security Act Continue Reading
-
Definition
28 Feb 2022
risk assessment framework (RAF)
A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure. Continue Reading
-
News
28 Feb 2022
Cloudflare: Our network is our product
Cloudflare’s chief product officer explains why its network is its product and how it protects organisations against cyber threats Continue Reading
-
Feature
24 Feb 2022
Define RPO and RTO tiers for storage and data protection strategy
We look at RPO and RTO in defining data protection and disaster recovery strategies and how to specify tiers that reflect the importance of different systems in your organisation Continue Reading
-
Opinion
24 Feb 2022
The UK’s cyber security sector is thriving, but our work has only just begun
The government’s Annual Cyber Sector Report painted a positive picture of the UK security industry. CIISec’s Amanda Finch thinks we can go further in developing cyber talent and opening up the sector Continue Reading
-
News
24 Feb 2022
KnowBe4 cyber drama tackles Colonial Pipeline in fourth season
KnowBe4’s ongoing cyber security training drama, The Inside Man, reaches its fourth season with a plot drawing inspiration from one of the most impactful cyber attacks of 2021 Continue Reading
-
News
24 Feb 2022
Security organisations form Nonprofit Cyber coalition
Founding members of the Nonprofit Cyber coalition pledge to enhance joint action on cyber security around the world Continue Reading
-
News
24 Feb 2022
New cyber guidelines to safeguard construction sector
NCSC launches sector-specific security guidance for organisations in the construction industry, with input from the Chartered Institute of Building Continue Reading
-
E-Zine
24 Feb 2022
CW Nordics: Swedish drone app gets life-saving equipment to heart attack victims
Thanks to an app developed in Sweden, drones can get life-saving equipment to heart-attack victims before emergency services can arrive on the scene, potentially increasing patient survival rates. Also in this issue, read about a Swedish bank's time-saving robots, and how Finland aims to democratise the ‘wild west’ of AI. Continue Reading
-
News
24 Feb 2022
Russia behind dangerous Cyclops Blink malware
Joint NCSC CISA advisory attributes a dangerous malware, dubbed Cyclops Blink, to Russia’s Sandworm APT, likely a GRU unit, with WatchGuard users at particular risk Continue Reading
-
News
23 Feb 2022
Backups ‘no longer effective’ for stopping ransomware attacks
Traditional methods of mitigating ransomware are less efficacious thanks to the rise in double and triple extortion techniques Continue Reading
-
News
23 Feb 2022
No imminent cyber threat to UK from Russia
Intelligence officials say they have no evidence or indication that Russian cyber attackers are preparing offensive assaults on infrastructure or organisations in Britain Continue Reading
-
News
23 Feb 2022
IBM opens cyber security hub in India
Big Blue’s new cyber security hub, comprising a cyber range, software development facilities and a security operations centre, will serve enterprises across the Asia-Pacific region Continue Reading
-
News
22 Feb 2022
UK organisations swift to chide phishing victims
While UK organisations are doing better at security training, many are quick to punish employees who fall victim to phishing attacks, whether real or simulated Continue Reading
-
Opinion
22 Feb 2022
Security Think Tank: Good training is all about context
In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service? Continue Reading
-
E-Zine
22 Feb 2022
Think nation-state cyber attacks won’t hit you? Think again…
In this week’s Computer Weekly, with Russian state cyber attacks in the news, we find out why security professionals in every organisation need to remain alert. Our buyer’s guide looks at the tools and programmes helping improve IT training. And we look at how the traditional sport of golf is undergoing a digital transformation. Read the issue now. Continue Reading
-
News
21 Feb 2022
Zoom gains NCSC Cyber Essentials Plus and NHS security badges
Video platform Zoom has added a number of UK-specific cyber certifications to help it demonstrate its platform is safeguarded against common threats Continue Reading
-
Feature
17 Feb 2022
It takes a village: Protecting kids online is everyone’s responsibility
The rapid uptake of smartphones among children has contributed to the increasing number of cases of cyber bullying and online grooming. Is this an educational issue or a cultural problem, and can modern enterprise help? Continue Reading
-
News
17 Feb 2022
Red Cross cyber attack the work of nation-state actors
The International Committee of the Red Cross now believes the January 2022 attack on its systems to have been the work of an undisclosed nation state Continue Reading
-
News
16 Feb 2022
2021 another record year for UK cyber investment
Total revenue generated by the UK’s cyber sector was up 14% last year, and UK-registered security firms raised over £1bn in investment Continue Reading
-
News
16 Feb 2022
DDoS attacks hit Ukrainian defence ministry and banks
A further wave of cyber attacks has taken place against targets in Ukraine amid heightened tension in the region Continue Reading
-
News
16 Feb 2022
Cloud Security Alliance publishes guidelines to bridge compliance and DevOps
The Cloud Security Alliance has published a report detailing practices that organisations can adopt to bridge the gap between compliance and software development and operations Continue Reading
-
Definition
15 Feb 2022
proxy hacking
Proxy hacking is a cyber attack technique designed to supplant an authentic webpage in a search engine's index and search results pages to drive traffic to an imitation site. Continue Reading
-
News
15 Feb 2022
TA2451 targets aviation and transport sector with tailored lures
Newly designated cyber criminal group favours highly specific lures and a tried-and-tested modus operandi to compromise targets in the aviation, aerospace and transport sectors Continue Reading
-
News
15 Feb 2022
China emerges as leader in vulnerability exploitation
Threat actors linked to China are emerging as a significant force in the weaponisation of newly discovered CVEs Continue Reading
-
E-Zine
14 Feb 2022
On a mission to track space junk
In this week’s Computer Weekly, we talk to the space experts tracking orbital debris using graph database technology. We meet the startups taking very different approaches in trying to develop commercial quantum computers. And we ask why it’s so difficult to build a data science team and how to overcome the challenges. Read the issue now. Continue Reading
-
News
11 Feb 2022
Lack of knowledge disastrous for effective security strategy within Dutch companies
Most Dutch companies still haven’t realised that security is an integral part of their IT and company strategy Continue Reading
-
News
11 Feb 2022
Why security professionals should pay attention to what Russia is doing
Even though the average organisation is an unlikely target for a Russian state cyber attack, here's why security teams still need to watch what Russian threat groups are up to Continue Reading
-
News
11 Feb 2022
Hackney Council could be forced to answer questions about IT security training after Psya ransomware
Council is negotiating with the information commissioner after refusing to reply to questions under the Freedom of Information Act about staff IT and security training during the pandemic Continue Reading
-
News
10 Feb 2022
How diplomatic immunity silenced the prosecutor who coordinated Sweden’s EncroChat probe
Defence lawyers claim Swedish court decision not to hear evidence from a Swedish prosecutor leaves important legal questions unanswered over international police operation to hack EncroChat cryptophone network Continue Reading
-
E-Zine
10 Feb 2022
CW Benelux: Unesco members adopt AI ethics recommendation
Unesco member state have adopted an AI ethics recommendation that seeks to define a common set of values and principles to guide the development of ethical AI globally. Also read about a large-scale national cyber exercise in the Netherlands, and the Estonian government’s Siri-like digital assistant. Continue Reading
-
News
09 Feb 2022
Linux-based clouds an open door for attackers, says VMware
Its prevalence as a cloud operating system means Linux is becoming a meal ticket for malicious actors, but the security industry does not seem to have cottoned on to this yet, says VMware Continue Reading
-
News
09 Feb 2022
Ransomware ever more sophisticated and impactful, warns NCSC
UK’s National Cyber Security Centre teams up with US and Australian partners in a joint advisory warning organisations of the increasing sophistication exhibited by criminal ransomware gangs Continue Reading
-
News
09 Feb 2022
Microsoft stomps on 48 bugs in February Patch Tuesday update
It’s a light Patch Tuesday for February 2022, as Microsoft issues fixes for just 48 CVEs, including a solitary zero-day Continue Reading
-
News
09 Feb 2022
Tech companies risk being compelled by law to protect children, says online safety expert
John Carr, a child safety campaigner backing a government-funded campaign on the dangers of end-to-end encryption to children, says tech companies have no choice but to act Continue Reading
-
Opinion
09 Feb 2022
Five key tech trends for digital leaders in 2022
The past two years have seen a surge in investment that will bring new challenges to digital leaders over the next year Continue Reading
-
News
08 Feb 2022
The Security Interviews: Building the UK’s future cyber ecosystem
As the government lays out the next iteration of its Cyber Security Strategy, we speak to Plexal and Lorca’s Saj Huq about his work building a cyber ecosystem to support the UK’s future ambitions Continue Reading
-
News
04 Feb 2022
Check Point looks to plug ASEAN’s cyber security gap
Check Point is shoring up its sales force and partner ecosystem to address the cyber security needs of small and mid-sized businesses in a region that is highly targeted by threat actors Continue Reading
-
News
03 Feb 2022
BlackCat crew supposedly behind OilTanking ransomware heist
Preliminary reports from Germany’s national cyber authority indicate the recent OilTanking ransomware attack may have been the work of the BlackCat group Continue Reading
-
News
03 Feb 2022
Crisp supply shortage looms after KP Snacks hit by ransomware
Supplies of Hula Hoops and many other snack brands are under threat after a ransomware attack on the systems of KP Snacks Continue Reading
-
News
03 Feb 2022
French Supreme Court raises constitutional questions over EncroChat hacking secrecy
Conseil Constitutionnel to decide whether ‘defence secrecy’ over state EncroChat cryptophone hacking breaches French constitution Continue Reading
-
Opinion
02 Feb 2022
Security Think Tank: How to build a human firewall
In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service? Continue Reading
-
News
02 Feb 2022
Zero-trust to soar in 2022, but dogged by implementation challenges
IT leaders are keen to invest in zero-trust, but face issues around a lack of expertise, and selling the concept into the C-suite Continue Reading
-
News
02 Feb 2022
Reforms needed to tackle economic crime, says Treasury Committee
The Treasury Committee is disappointed at progress towards tackling economic crime and fraud in both the online and offline worlds, and is calling for more action Continue Reading
-
News
02 Feb 2022
British Council data exposed by third-party cyber failure
The British Council entrusted confidential data on its students to a third-party and was let down Continue Reading
-
Feature
02 Feb 2022
What neurodivergent people really think of working in cyber security
Many firms are filling cyber security skills gaps by hiring neurodivergent talent – but more support is needed for neurodivergent cyber security professionals, writes autistic tech journalist Nicholas Fearn Continue Reading
-
News
01 Feb 2022
Over one-fifth of ransomware attacks target financial sector
Newly published data reveals a significant uptick in cyber attacks against the financial services sector during the third quarter of 2021 Continue Reading
-
Opinion
31 Jan 2022
Understand your cyber training ‘need’ before committing to a programme
In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training-as-a-service? Continue Reading
-
News
28 Jan 2022
Cyber skills gap affecting data privacy practice, finds ISACA
Organisations are struggling to fill both legal and technical privacy roles, with potentially damaging consequences, according to a report Continue Reading
-
News
28 Jan 2022
Korean researchers invent silk-based security device
Experts from the Gwangju Institute of Science have built a digital security device based on natural silk fibres that they claim is practically unbreachable Continue Reading
-
News
27 Jan 2022
CISOs must get out in front of Ukraine cyber crisis, says NCSC
The National Cyber Security Centre is urging UK organisations to take steps to bolster their cyber security resilience in response to the ongoing Ukraine crisis Continue Reading
-
Feature
27 Jan 2022
Navigating PIPL: European businesses plot their next steps into China
How does China’s strict new Personal Information Protection Law impact European businesses? Continue Reading
-
Opinion
27 Jan 2022
Security Think Tank: Focus on ‘nudging’ to build effective cyber training
In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training-as-a-service? Continue Reading
-
News
26 Jan 2022
More intel emerges on WhisperGate malware that hit Ukraine
Security experts have been poring over the WhisperGate malware with which alleged Russia-backed entities targeted Ukrainian government websites Continue Reading
-
News
26 Jan 2022
MPs to debate landmark IoT security law
Proposed bill mandates tighter protections for connected products, and adds new rules for broadband roll-out into the bargain Continue Reading
-
News
25 Jan 2022
Prepare, but don’t panic, over supposed Russian cyber threat
A fresh alert from the US Department of Homeland Security may have IT security teams jumpy over the possibility that their organisations could be targeted by Russian state actors Continue Reading
-
News
25 Jan 2022
Cyber Essentials programme gets biggest update since launch
NCSC implements a thorough revision of its Cyber Essentials scheme to reflect the changing security landscape Continue Reading
-
News
25 Jan 2022
UK government launches internal cyber strategy
Multi-pronged government security strategy is designed to protect both core systems and public services Continue Reading
-
News
24 Jan 2022
India’s cyber security industry doubles in size amid pandemic
Revenues from cyber security products and services reached $9.85bn in 2021 thanks to rapid digitalisation and regulatory attention on data and privacy Continue Reading
-
News
21 Jan 2022
Mandiant analysts: Russia-backed APTs likely to ramp up attacks
More cyber attacks like those perpetrated against targets in Ukraine are to be expected, and they may become more destructive Continue Reading
-
News
21 Jan 2022
Cyber pros: Don’t revel in REvil’s downfall just yet
The arrests of REvil’s alleged kingpins is a welcome step, but as with any disruption to cyber criminal activity, it is never wise to assume law enforcement action means the threat has passed entirely Continue Reading
-
News
21 Jan 2022
Scam losses in Australia hit record high
Australians lost a record A$323.7m to scams last year, with investment and romance scams accounting for the bulk of their losses Continue Reading
-
News
20 Jan 2022
Updated cyber security regulations proposed for managed services sector
The Network and Information Systems regulations are to be updated to include MSPs and outsourcers, following a spate of supply chain attacks Continue Reading