IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
Opinion
01 May 2025
Explaining what’s happening in a cyber attack is hard but crucial
The recent attacks on Marks & Spencer, Harrods and the Co-op show why it is essential for organisations to have a strategy to communicate effectively with customers affected. Continue Reading
-
Opinion
01 May 2025
Signalgate: Learnings for CISOs securing enterprise data
A leak of information on American military operations caused a major political incident in March 2025. The Security Think Tank considers what can CISOs can learn from this potentially fatal error. Continue Reading
-
News
27 Feb 2020
Redcar & Cleveland Council confirms ransomware attack
Local authority’s systems are still offline nearly three weeks after being attacked Continue Reading
-
E-Zine
27 Feb 2020
CW Nordics: Swedes lose faith in social media as data security fears increase
Swedish citizens are becoming more concerned about the activities of social media companies and are reducing their online interaction with them as a result. Also read about new mobility-as-a-service projects gaining traction across Denmark, Finland, Norway and Sweden, and why the Finnish government has committed resources to a cyber security project aimed at local authorities. Continue Reading
-
News
27 Feb 2020
Kr00k vulnerability compromises billions of Wi-Fi devices
Billions of Wi-Fi chips used in IoT devices, laptops, smartphones and tablets are vulnerable to a serious vulnerability Continue Reading
-
News
26 Feb 2020
Fake CDNs obscuring credit card fraudsters
Fake content delivery networks and ngrok servers are being pressed into service to obscure credit card skimming activities Continue Reading
-
News
26 Feb 2020
Cloud Snooper firewall bypass may be work of nation state
Cloud Snooper deploys a combination of specialised techniques to sneak past enterprise firewalls, warns Sophos Continue Reading
-
News
26 Feb 2020
WikiLeaks founder Julian Assange cannot be legally extradited for ‘political offences’, say lawyers
Lawyers for WikiLeaks founder Julian Assange argue that he has been charged with political offences and cannot be legally extradited to the US under the US-UK extradition treaty Continue Reading
-
News
26 Feb 2020
FCA data breach could happen to anybody, but easy to avoid
Minor data breach at the Financial Conduct Authority was the result of simple human error, and highlights the need for organisations to consider a wide range of potential threats Continue Reading
-
News
25 Feb 2020
Google warns users not to mess with Huawei devices
Google tells users of Huawei devices to try to avoid bypassing controls preventing them from loading its apps Continue Reading
-
News
25 Feb 2020
Sports retailer Decathlon left employee data exposed
More than 123 million records were accidentally exposed on an unsecured ElasticSearch server Continue Reading
-
News
25 Feb 2020
The Security Interviews: Gil Shwed’s 10-year vision for security
Check Point founder Gil Shwed discusses his new Infinity Next concept and how he plans to remodel the world of cyber security in the next 10 years Continue Reading
-
News
25 Feb 2020
Cloud data leaks compounded by lack of automation tools
Data leaks caused by misconfigured clouds are being compounded because security teams lack appropriate automation and integration tools, according to a report Continue Reading
-
News
25 Feb 2020
Cyber criminals targeting UK motorists, warns DVLA
Cyber criminals are offering various services and tax refunds that purport to be from the DVLA Continue Reading
-
E-Zine
25 Feb 2020
Using meteorological data to prepare for the worst
In this week’s Computer Weekly, after the storms that swept across the UK, we look at the technology behind Weather Source’s meteorological data service. Oracle and SAP are battling over customers to upgrade their ERP systems to the cloud. And we report from the world’s biggest retail tech show. Read the issue now. Continue Reading
-
News
24 Feb 2020
Assange extradition is a politically motivated ‘abuse of power’, court hears
US government’s attempt to extradite WikiLeaks founder Julian Assange to face espionage charges in the US is politically motivated and an abuse of process, court told Continue Reading
-
News
24 Feb 2020
WikiLeaks founder Assange ‘put lives at risk’ by disclosing names in leaked documents, court hears
WikiLeaks founder Julian Assange ‘put lives of US informants at risk’ by publishing unredacted documents, lawyers for the US argued at the first day of a week-long extradition hearing Continue Reading
-
News
24 Feb 2020
Open security group unveils common OpenDXL language
Open Cybersecurity Alliance announces the availability of OpenDXL Ontology, the first open source language for connecting disparate security tools through a common messaging framework Continue Reading
-
News
24 Feb 2020
Cisco goes all-in on security integration with SecureX platform
CISOs are struggling to stitch together disparate cyber security products and services – Cisco believes its cloud-native SecureX platform will change their working lives for the better Continue Reading
-
News
21 Feb 2020
F-Secure’s AI reads mean tweets to fight abuse and trolls
Researchers working on F-Secure’s Project Blackfin have developed a model for clustering tweets to help pinpoint abuse and harassment Continue Reading
-
Opinion
21 Feb 2020
The greatest contest ever – privacy versus security
Examining the technical, legal and ethical challenges around the privacy versus security debate Continue Reading
-
Opinion
21 Feb 2020
Addressing the IoT security challenge
We consider how best to address some of the critical security challenges around the internet of things Continue Reading
-
News
20 Feb 2020
UK and US accuse Russian spooks of Georgia cyber attacks
Foreign secretary describes 2019 campaign of cyber attacks as reckless, brazen and unacceptable Continue Reading
-
News
20 Feb 2020
Google plans to send Brits’ data to US after Brexit
Move puts British user data beyond the reach of the EU’s GDPR, makes it more accessible to UK and US law enforcement agencies, and has prompted anger Continue Reading
-
News
20 Feb 2020
Facilities firm ISS World crippled by ransomware attack
An apparent ransomware attack has compromised some IT and email systems at Danish facilities firm ISS World Continue Reading
-
News
19 Feb 2020
Cost of cloud misconfigurations set at $5tn
Cloud security outfit DivvyCloud says more than 33 billion records have been exposed in cloud misconfiguration incidents in the past 24 months Continue Reading
-
News
19 Feb 2020
Blasé directors put business data at risk
The higher up within a business you go, the more likely you are to find people intentionally leaking confidential data, says Egress Continue Reading
-
News
19 Feb 2020
Questions raised over Office 365 shared content policy
Buried 300 words into Microsoft’s standard service level agreement is a clause that affects intellectual property and privacy Continue Reading
-
News
18 Feb 2020
US ‘breached due process’ in spying operation against Julian Assange’s lawyers
Surveillance footage of Julian Assange’s meetings with lawyers and doctors in the Ecuadorian Embassy in London was an “abuse of process” Continue Reading
-
News
18 Feb 2020
Untrusted security teams being left out of business decisions
Only a third of organisations are involving their cyber security function at the planning stage of business initiatives Continue Reading
-
Feature
18 Feb 2020
Is this Netflix-style thriller the future of security training?
Cyber awareness specialists at KnowBe4 reckon that bringing Netflix-style production values to corporate videos heralds a new approach to security training Continue Reading
-
Opinion
18 Feb 2020
Security Think Tank: Zero trust strategies must start small, then grow
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs approach moving their organisations from traditional network security to a zero-trust architecture? Continue Reading
-
E-Zine
18 Feb 2020
Trust no one – the benefits of zero-trust security
In this week’s Computer Weekly, we take an in-depth look at zero-trust security and examine how it changes traditional IT risk models. After SAP extended the support deadline for its ECC ERP system, we find out the options for users. And we analyse explainable AI and the ethical importance of understanding algorithms. Read the issue now. Continue Reading
-
News
17 Feb 2020
Australians more savvy about cyber security
More Australians look out for signs of security features such as SSL encryption even as they remain sceptical of the data protection capabilities of small businesses Continue Reading
-
News
17 Feb 2020
Mastercard opens European security resilience unit
Mastercard’s European Cyber Resilience Centre will bring together its partners and other industry bodies to support enterprise resilience Continue Reading
-
Opinion
17 Feb 2020
Security Think Tank: Ask yourself if zero trust is right for you
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading
-
Opinion
14 Feb 2020
Security Think Tank: How zero trust lets you take back control
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero trust architecture? Continue Reading
-
News
13 Feb 2020
Cyber criminals spread coronavirus conspiracy theories
The latest email campaigns identified by Proofpoint are spreading conspiracy theories about the coronavirus outbreak Continue Reading
-
E-Zine
13 Feb 2020
CW Benelux: Ericsson helps driverless buses hit European streets
Ericsson has revealed its plans for new technologies including 5G, the internet of things and self-driving buses. Also read about the Dutch government lacking the knowledge and skills for its own IT strategy, and the Dutch government’s need to push for an electronic ID system for its citizens. Continue Reading
-
Opinion
13 Feb 2020
Security Think Tank: Practical steps to achieve zero trust
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading
-
News
12 Feb 2020
Internet Explorer zero day among 99 Patch Tuesday problems
After an eventful January Patch Tuesday that marked the end of support for Windows 7, the February 2020 update is another whopper, fixing close to 100 vulnerabilities Continue Reading
-
Feature
12 Feb 2020
Inside the SOC: the nerve centre of security operations
Security operations centres are the bedrock of any cyber defence strategy, but operating one is increasingly challenging, with mounting workloads and a shortage of skilled personnel Continue Reading
-
News
11 Feb 2020
Mac-based security threats outpacing Windows
Security threats targeting Apple endpoints are growing more quickly than those targeting Windows machines, according to Malwarebytes Continue Reading
-
News
11 Feb 2020
Chinese military personnel accused of Equifax hack
A US federal grand jury has indicted four Chinese army personnel over the 2017 Equifax breach Continue Reading
-
News
10 Feb 2020
What should be in Australia’s next cyber security strategy
The Australian government is reviewing the nation’s cyber security strategy, but is it looking at the right issues? Continue Reading
-
News
10 Feb 2020
AI in public service must be accountable
Committee on Standards in Public Life recommends that government departments make ethics a top priority when tendering artificial intelligence systems Continue Reading
-
Feature
10 Feb 2020
Choosing the right disaster recovery for your business
We look at the various options available when implementing disaster recovery, and how much they’re worth Continue Reading
-
Opinion
10 Feb 2020
Security Think Tank: Zero trust is complex, but has rich rewards
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading
-
News
07 Feb 2020
Joaquin Phoenix’s Joker is ‘most dangerous’ movie
Ahead of the 2020 Oscars, Kaspersky researchers say they found more than 300 files masquerading as the Joker movie Continue Reading
-
Opinion
07 Feb 2020
Security Think Tank: No trust in zero trust need not be a problem
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading
-
News
06 Feb 2020
Stressed, overworked CISOs losing £23k a year in unpaid overtime
Nominet’s latest CISO Stress Report has revealed the extent to which organisations are taking advantage of their security staff, and the deleterious effects of overwork and stress on mental health Continue Reading
-
News
05 Feb 2020
Darktrace signs to McLaren for 2020 F1 season
McLaren Racing has enlisted Darktrace to become its official artificial intelligence cyber security partner Continue Reading
-
News
05 Feb 2020
Web app ubiquity gives cyber criminals new opportunities
The popularity and ubiquity of web-based apps such as Office 365 and Salesforce is a temptation too good to miss for cyber criminals Continue Reading
-
News
05 Feb 2020
Check Point pledges end to security updates
Check Point’s Gil Shwed expands on a vision for the next 10 years of cyber security, which he calls Infinity Next Continue Reading
-
Opinion
05 Feb 2020
Security Think Tank: Zero trust is not the answer to all your problems
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading
-
Opinion
04 Feb 2020
The fight against cyber crime: Why cooperation matters
With the WEF’s Global Risk Report 2019 ranking cyber attack in the top five global risks, we now see rising consensus at institutional level that no individual stakeholder can address the breadth of security challenges we face today Continue Reading
-
Opinion
04 Feb 2020
Security Think Tank: Facing the challenge of zero trust
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading
-
News
03 Feb 2020
Brexit messes up IT project plans
With no firm plans for a managed departure from the Europe Union, the UK’s IT spending is set to be curbed, and CIOs will need to start cutting costs as IT budgets decline Continue Reading
-
News
03 Feb 2020
NHS adds supplier security audits to procurement platform
A new feature in the NHS’s Edge4Health procurement platform will help NHS suppliers improve their cyber security posture and NHS organisations make better buying decisions Continue Reading
-
Opinion
03 Feb 2020
Security Think Tank: Zero trust – just another name for the basics?
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading
-
News
30 Jan 2020
NCSC launches study on cyber security diversity
The UK’s National Cyber Security Centre wants to improve the diversity of the cyber security sector Continue Reading
-
Blog Post
30 Jan 2020
Technology is losing its battle to be a unifying force
The pioneers of the internet and the web saw themselves as liberators. They believed, passionately, they were creating a better world – one that was open, collaborative, broke down barriers, and ... Continue Reading
-
News
29 Jan 2020
UK cyber security sector worth more than £8bn
The UK’s cyber security industry employs 43,000 full-time workers, and contributed nearly £4bn to the UK economy in 2019, according to DCMS Continue Reading
-
News
29 Jan 2020
NHS suffers fewer ransomware attacks, but threat persists
Ransomware attacks against the NHS have tapered off dramatically, according to statistics obtained under FoI legislation, but this does not mean the threat has diminished Continue Reading
-
News
29 Jan 2020
Apple posts record-breaking quarter, but prepares for Coronavirus impact
The Coronavirus outbreak is having a direct impact on Apple’s supply chain and its Chinese retail stores and channel partners Continue Reading
-
News
28 Jan 2020
Fintechs fear deepfake fraud
New research reveals the majority of CISOs working in the financial services sector are increasingly concerned about the potential use of deepfakes Continue Reading
-
News
28 Jan 2020
Organisations losing control of cloud data
Data is more widely dispersed in enterprise clouds than most organisations think, and as a result they are at risk of losing control of it, according to a report Continue Reading
-
E-Zine
28 Jan 2020
IT must play its part in tackling the climate crisis
In this week’s Computer Weekly, we look at this year’s World Economic Forum and find out how the IT sector is aiming to help tackle climate change. Our buyer’s guide assesses onsite, offsite and cloud-based disaster recovery. And IT contractors are up in arms about the government’s loan charge policy – we examine the issues. Read the issue now. Continue Reading
-
News
28 Jan 2020
Data privacy benefits outweigh spend, says Cisco
Cisco’s 2020 data privacy study shows organisations can generate substantial returns on their data privacy and protection spending Continue Reading
-
News
27 Jan 2020
Interpol uncovers cyber crime operation in Indonesia
An Interpol-coordinated cyber operation leads to the arrest of three people in Indonesia who allegedly used a JavaScript-sniffer malware to steal payment card details of online shoppers Continue Reading
-
Opinion
27 Jan 2020
Security Think Tank: Bug bounties are changing the image of hackers
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
News
27 Jan 2020
SANS Institute calls on Manchester security pros
Manchester will play host to a week-long cyber security training event during February Continue Reading
-
News
24 Jan 2020
NHS alerted to severe vulnerabilities in GE health equipment
A series of vulnerabilities in patient monitoring equipment manufactured by General Electric could have left patient data exposed in hospitals around the world, including the UK Continue Reading
-
News
24 Jan 2020
Milan hosts Cisco’s first European security innovation unit
Cisco has cut the ribbon on its first Cyber Security Co-Innovation Centre in Europe, at Milan’s Leonardo da Vinci Science and Technology Museum Continue Reading
-
News
23 Jan 2020
Seven projects funded to explore CAV security
The winners of the Cyber Securities Feasibility Studies contest, exploring cyber security for self-driving cars, have been revealed Continue Reading
-
News
23 Jan 2020
End-user security ignorance laid bare in new report
Proofpoint’s 2020 State of the Phish report highlights an urgent need for better user training and reporting Continue Reading
-
News
22 Jan 2020
Internal error left Microsoft customer service data exposed
Customer service and support records of nearly 250 million Microsoft customers left exposed after database misconfiguration Continue Reading
-
News
22 Jan 2020
Computer Misuse Act ‘crying out for reform’
Group of campaigners says the Computer Misuse Act of 1990 risks criminalising cyber security professionals and needs reforming Continue Reading
-
News
21 Jan 2020
Singapore updates model AI governance framework
Second edition of Singapore’s artificial intelligence governance framework includes new guidance, use cases and a self-assessment guide Continue Reading
-
News
21 Jan 2020
5G builders test vulnerabilities in Finnish hackathon
University hackathon puts 5G security to the test as new wireless technology’s roll-out nears Continue Reading
-
20 Jan 2020
Don’t become the next Travelex: Get ready for ransomware
With Travelex’s IT still in disarray and banks and travellers left without access to funds more than a week after it was hit by a ransomware attack, we ask what others can learn from the foreign exchange services company’s response to the incident. Continue Reading
-
E-Zine
20 Jan 2020
How to avoid becoming the next Travelex
In this week’s Computer Weekly, we look at the lessons learned from the ransomware attack on Travelex and how other firms can avoid the same fate. As Microsoft ends support for Windows 7, we examine the issues for the many remaining users of the operating system. And healthcare CIOs explain the tech challenges facing the NHS. Read the issue now. Continue Reading
-
News
20 Jan 2020
Exposed AWS buckets again implicated in multiple data leaks
A series of data leaks in the past week have once again implicated poorly secured Amazon S3 buckets, which are supposed to be private by default Continue Reading
-
News
20 Jan 2020
GDPR nets more than €100m in fines, with more to come
Fines totalling €114m have already been collected under GDPR, and this figure will spike in 2020 if the UK regulator succeeds in imposing record fines on BA and Marriott Continue Reading
-
Opinion
20 Jan 2020
Security Think Tank: Teens in basements don’t represent a positive security culture
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
News
17 Jan 2020
App developers sue Facebook over ‘anti-competitive conduct’
Lawsuit is based on leaked internal Facebook documents obtained and published by Computer Weekly and NBC last year Continue Reading
-
News
17 Jan 2020
Emotet reinvigorated after Christmas break
The high-volume Emotet campaign is back in action after the Christmas holidays, and is just as dangerous as ever Continue Reading
-
News
17 Jan 2020
CAA debuts aviation cyber security assurance scheme
Civil Aviation Authority and Crest announce the first companies to be accredited under the CAA’s new cyber security oversight scheme, Assure Continue Reading
-
Opinion
16 Jan 2020
Security Think-Tank: Tackle insider threats to achieve data-centric security
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading
-
News
16 Jan 2020
Thailand gets ready for data protection law
Thailand’s personal data protection law comes into effect in May 2020, subjecting organisations to new rules that safeguard the personal data of individuals Continue Reading
-
News
15 Jan 2020
NSA Windows 10 security disclosure raises questions
In an unprecedented move, the NSA has got out in front of a critical cryptographic flaw in Windows 10, but in doing so has raised multiple questions Continue Reading
-
News
15 Jan 2020
Threat landscape grew in complexity in 2019, no respite in sight
Check Point’s annual state of security report shares some 2019 trends and looks ahead to 2020 Continue Reading
-
News
14 Jan 2020
Two-thirds of UK healthcare organisations breached last year
The majority of healthcare organisations in the UK experienced a cyber security incident during 2019, with almost half the result of viruses and malware introduced on third party devices Continue Reading
-
News
14 Jan 2020
Researchers find cryptojacker hiding in Wav audio file
Victim network was compromised by obfuscated malware hiding a Monero cryptominer, lurking inside a Wav audio file Continue Reading
-
News
14 Jan 2020
Cyber criminals spend three months lurking in target networks
Cyber criminals are spending longer hiding in target networks before launching their attacks, as more organised groups turn to business disruption to achieve their objectives Continue Reading
-
News
14 Jan 2020
Turn the end of Windows 7 support into a security advantage
CISOs can take advantage of the end of support for Microsoft Windows 7 by making the case for more investment in cyber security Continue Reading
-
News
14 Jan 2020
Citrix NetScaler vulnerabilities won’t be patched until end of January
Some vulnerabilities identified in Citrix products will not be fully patched until the end of January 2020 Continue Reading
-
News
13 Jan 2020
Travelex to begin restoring foreign exchange services two weeks after ‘Sodinokibi’ attack
Travelex says it is making “good progress” in its recovery and is to begin restoring electronic foreign exchange services, but is silent about whether it has agreed to pay hackers a $6m ransom to decrypt computer files Continue Reading
-
Opinion
10 Jan 2020
Security Think Tank: Hooded hackers? More like ruthless competitors
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
News
09 Jan 2020
Don’t become the next Travelex: Get ready for ransomware
With Travelex’s IT still in disarray and banks and travellers left without access to funds more than a week after it was hit by a ransomware attack, we ask what others can learn from the foreign exchange services company’s response to the incident Continue Reading
-
Feature
09 Jan 2020
DRaaS decisions: Key choices in disaster recovery as a service
We examine the key decisions when considering DRaaS. Whether to go full self-service, assisted or managed will depend on what you need to protect and your in-house resources Continue Reading
-
News
09 Jan 2020
PowerTrick backdoor used to target high-value businesses
Threat actors are exploiting a PowerShell-based backdoor called PowerTrick to go after high-value targets, warns SentinelLabs Continue Reading