IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
25 Mar 2025
Public Accounts Committee calls out legacy IT
Unsupported and out-of-date software and hardware are hindering the government’s artificial intelligence plans for the public sector Continue Reading
-
News
24 Mar 2025
Why I am challenging Yvette Cooper’s ‘secret back door’ order against Apple’s encryption
I took steps to lock down all personal data after I was named as an opponent of Russia. Now I am again worried about my family's safety after the home secretary issued a secret order against Apple Continue Reading
-
News
24 Oct 2024
Prudential taps AI to improve health insurance experience
Insurance giant Prudential teams up with Google Cloud to streamline claims processing, personalise healthcare journeys and improve health outcomes Continue Reading
-
News
23 Oct 2024
Government hails Cyber Essentials success
Scheme to help keep organisations’ IT safe and secure has given businesses more confidence they won’t fall victim to a cyber attack Continue Reading
-
News
23 Oct 2024
ServiceNow touts Now platform as AI engine for transformation
At the ServiceNow World Forum in Melbourne, company executives touted the transformative power of AI in streamlining workflows, improving user experiences and driving business value Continue Reading
-
News
22 Oct 2024
Danish government reboots cyber security council amid AI expansion
Denmark’s government relaunches digital security initiative to protect business sectors and society at large Continue Reading
-
News
21 Oct 2024
Can AI be secure? Experts discuss emerging threats and AI safety
International cyber security experts call for global cooperation and proactive strategies to address the security challenges posed by artificial intelligence Continue Reading
-
News
17 Oct 2024
NCSC chief warns of gap in cyber threats and defence capabilities
The UK and its allies must take collective action to improve their cyber resilience and repel the increasing volume of severe cyber attacks, says NCSC chief Continue Reading
-
News
17 Oct 2024
EU cyber security bill NIS2 hits compliance deadline
The EU’s NIS2 bill will harmonise how companies and member states approach cyber security, but its success will depend on how well it is implemented and enforced Continue Reading
-
News
15 Oct 2024
NCSC expands school cyber service to academies and private schools
The National Cyber Security Centre is expanding its PDNS for Schools service to encompass a wider variety of institutions up and down the UK Continue Reading
-
Feature
15 Oct 2024
Reinventing security operations for the modern threat landscape
The growing pace of digital transformation has opened new avenues for attackers, making traditional security measures obsolete. Organisations must modernise their security operations to fortify their defences and navigate the evolving threat landscape Continue Reading
-
Opinion
11 Oct 2024
Robust cloud IAM should align to zero-trust principles
The Security Think Tank considers best practices in identity and access management and how can they be deployed to enable IT departments to combat cyber-attacks, phishing attacks and ransomware. Continue Reading
-
News
10 Oct 2024
NCSC issues fresh alert over wave of Cozy Bear activity
The NCSC, FBI and NSA publish updated warning about Cozy Bear’s activities, highlighting a range of vulnerabilities the threat actor is using to set up its cyber attacks Continue Reading
-
Definition
10 Oct 2024
What is threat intelligence?
Threat intelligence, also known as cyberthreat intelligence, is information gathered from a range of sources about current or potential attacks against an organization. Continue Reading
-
News
10 Oct 2024
Government launches cyber standard for local authorities
Local government bodies are being invited to take advantage of a new NCSC-derived Cyber Assessment Framework to help enhance their resilience and ward off cyber attacks Continue Reading
-
News
10 Oct 2024
How Recorded Future finds ransomware victims before they get hit
Threat intel specialists at Recorded Future have shared details of newly developed techniques they are using to disrupt Rhysida ransomware attacks before the gang even has a chance to execute them Continue Reading
-
News
10 Oct 2024
UK and US pledge closer working on children’s online safety
In their first agreement on the subject of children’s online safety, the UK and US governments have said they will create a new working group to boost cooperation Continue Reading
-
News
10 Oct 2024
Australia bolsters cyber defences with security bill
Legislation tackles IoT security and establishes a Cyber Incident Review Board to bolster Australia’s cyber resilience Continue Reading
-
News
09 Oct 2024
Five zero-days to be fixed on October Patch Tuesday
Stand-out vulnerabilities in Microsoft’s latest Patch Tuesday drop include problems in Microsoft Management Console and the Windows MSHTML Platform Continue Reading
-
Definition
09 Oct 2024
What is OPSEC (operations security)?
OPSEC (operations security) is an analytical process that military, law enforcement, government and private organizations use to prevent sensitive or proprietary information from being accessed inappropriately. Continue Reading
-
News
08 Oct 2024
Secureworks: Ransomware takedowns didn’t put off cyber criminals
The number of active cyber criminal ransomware gangs has surged by almost a third in the space of 12 months, according to the latest intelligence from Secureworks Continue Reading
-
News
08 Oct 2024
UK’s cyber incident reporting law to move forward in 2025
The UK government says that enforced cyber incident and ransomware reporting for critical sectors of the economy will help to build a better picture of the threat landscape and enable more proactive and preventative responses Continue Reading
-
News
07 Oct 2024
IBM: Data breach cost in ASEAN hits new high
The average cost of a data breach in ASEAN grew by 7% from last year, as organisations grapple with increasingly distributed IT environments and complex security systems Continue Reading
-
News
04 Oct 2024
NCSC celebrates eight years as Horne blows in
Outgoing NCSC interim leader Felicity Oswald shares her thoughts on the body’s work over the past eight years as she hands over the reins to incoming CEO Richard Horne Continue Reading
-
News
04 Oct 2024
Cups Linux printing bugs open door to DDoS attacks, says Akamai
The Cups Linux printing vulnerabilities disclosed at the end of September would seem to have a nasty sting in their tail, according to researchers at Akamai Continue Reading
-
News
04 Oct 2024
Detective wrongly claimed journalist’s solicitor attempted to buy gun, surveillance tribunal hears
Darren Ellis, who led a surveillance operation against journalists who exposed police failures, wrongly accused a solicitor of attempting to buy arms Continue Reading
-
News
03 Oct 2024
Ex-PSNI officer seeking legal advice over comments made at Investigatory Powers Tribunal
Ex PSNI officer ‘deeply angered’ by comments made by a former detective at a tribunal investigating allegations of unlawful surveillance against journalists Continue Reading
-
News
03 Oct 2024
Microsoft files lawsuit to seize domains used by Russian spooks
Microsoft has been given permission to seize multiple domains used by the Russian state threat actor Star Blizzard as part of a coordinated disruption effort undertaken ahead of the US elections Continue Reading
-
Opinion
03 Oct 2024
Rise of the cyber clones: When seeing isn’t believing
It is frighteningly easy to clone someone else's identity using readily-available artificial intelligence tools Continue Reading
-
News
02 Oct 2024
Detective behind ‘unlawful’ surveillance blamed Catholics for ‘perverse’ court decisions
A former detective claimed Irish judges were ‘sectarians in robes’ after a court found police had unlawfully arrested journalists who produced a film exposing collusion with paramilitary murderers Continue Reading
-
News
01 Oct 2024
Unmasked: The Evil Corp cyber gangster who worked for LockBit
The NCA has named and shamed a prominent member of the Evil Corp cyber crime collective who also worked as an affiliate of the LockBit ransomware gang as the UK unveils new sanctions against 16 Russian cyber criminals Continue Reading
-
News
01 Oct 2024
Businesses are getting some value from AI, but struggling to scale
Survey from KPMG reveals IT leaders struggling to keep up with the pace of technology innovation Continue Reading
-
News
01 Oct 2024
Cyber teams say they can’t keep up with attack volumes
Over 60% of European security pros say their teams are understaffed, and over 50% don’t have enough budget, according to data from ISACA Continue Reading
-
Opinion
30 Sep 2024
The cyber industry needs to accept it can't eliminate risk
The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading
-
News
27 Sep 2024
Printing vulnerability affecting Linux distros raises alarm
Security pros need to get in front of a series of vulnerabilities affecting the Cups Linux printing service after an apparently botched disclosure process saw technical details published in advance of a patch Continue Reading
-
Opinion
27 Sep 2024
Defaulting to open: Decoding the (very public) CrowdStrike event
The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading
-
Opinion
27 Sep 2024
Cyber companies need a best practice approach to major incidents.
The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading
-
Opinion
27 Sep 2024
Closing the curtain on cyber security theatre
Leaders must redefine expectations, rethink responsibility and eliminate unproductive practices to move towards real security, says Gartner vice-president analyst Richard Addiscott Continue Reading
-
News
25 Sep 2024
CrowdStrike apologises to US government for global mega-outage
CrowdStrike executive Adam Meyers appears before a US government committee to explain the series of errors that led directly to one of the biggest IT outages in history Continue Reading
-
News
25 Sep 2024
Splunk and Cisco integration moving apace
Splunk is rapidly integrating with Cisco’s technology to enable seamless transitions between their platforms while delivering advanced threat detection capabilities Continue Reading
-
News
24 Sep 2024
Unique malware sample volumes seen surging
BlackBerry’s latest ‘Global threat intelligence’ report details a surge in unique malware samples as threat actors ramp up the pace of targeted attacks Continue Reading
-
Opinion
24 Sep 2024
How to respond when your cyber company becomes the story
The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading
-
News
23 Sep 2024
Microsoft shares progress on Secure Future Initiative
Microsoft has published a progress report on its Secure Future Initiative, launched last year in the wake of multiple security incidents, and made a series of commitments to improve its internal cyber culture Continue Reading
-
E-Zine
23 Sep 2024
Powering Britain’s economy – datacentres gain in status
In this week’s Computer Weekly, the UK government has finally classified datacentres as critical national infrastructure – we ask, what took it so long? We assess the impact of the EU’s new energy efficiency rules on datacentre operators. And we discuss the power of information and diversity with the chief data officer at Legal & General. Read the issue now. Continue Reading
-
Opinion
23 Sep 2024
Security Think Tank: Win back lost trust by working smarter
The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading
-
News
23 Sep 2024
Home Office eVisa scheme is ‘broken’, says Open Rights Group
Digital rights campaigners say the Home Office’s plan to make its new electronic Visa scheme a real-time online-only process is part and parcel of the 'hostile environment' around immigration status Continue Reading
-
Opinion
23 Sep 2024
Gartner: Mitigating security threats in AI agents
Agents represent a step-change in the use of artificial intelligence in the enterprise - as attendees at Salesforce's annual conference saw first hand this month - but do not come without their risks Continue Reading
-
News
23 Sep 2024
UK, US and Canada to collaborate on AI and cyber security
International collaboration agreement will see the governments of Canada, the UK and the US work together to research, evaluate and test new defence technologies Continue Reading
-
Opinion
20 Sep 2024
CrowdStrike incident shows we need to rethink cyber
The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading
-
News
18 Sep 2024
NCSC exposes Chinese company running malicious Mirai botnet
The NCSC and its Five Eyes allies have published details of the activities of a China-based cyber security company that is operating a Mirai IoT botnet in the service of government-backed intrusions Continue Reading
-
News
18 Sep 2024
Europol provides detail on Ghost encrypted comms platform takedown
Law enforcement bodies from across the world have revealed how they collaborated to bring down encrypted network Ghost and the new ways of working that have been established with Europol at the centre Continue Reading
-
Feature
17 Sep 2024
Misinformation runs deeper than social media
While social media may contribute to the increasing rapid spread and reach of misinformation, the root causes of the problem go much deeper than the role of a particular company or way of using technology to communicate Continue Reading
-
News
17 Sep 2024
Salesforce’s agentic AI platform to transform business automation
CRM giant’s Agentforce lets organisations build and deploy autonomous agents to automate business processes through advanced learning and data integration Continue Reading
-
News
17 Sep 2024
First CyberBoost Catalyse startup cohort named
The first group of companies named to a cyber incubator programme run by Plexal and the National University of Singapore includes two growing UK businesses Continue Reading
-
Feature
16 Sep 2024
Will autonomous weapons make humans passive participants in war?
Experts warn the emergence and adoption of AI-powered military systems may eventually push battlefield decision-making beyond the limits of human cognition Continue Reading
-
News
16 Sep 2024
Crest secures FCDO funding to help overseas countries increase their cyber-readiness
Non-profit Crest is launching an initiative to help overseas, private-sector firms get better prepared for cyber threats Continue Reading
-
News
15 Sep 2024
UK unites nations to discuss closing global cyber skills gap
The UK government invites representatives from around the world to a summit to discuss how to address global IT security skills gap Continue Reading
-
News
13 Sep 2024
Cyber workforce must almost double to meet global talent need
Research from ISC2 finds global cyber workforce needs additional 4.8 million people to fully secure businesses Continue Reading
-
News
11 Sep 2024
Datacentres granted critical national infrastructure status
The global IT outage caused by CrowdStrike has shown why keeping datacentres secure and safe is critical to the UK Continue Reading
-
News
11 Sep 2024
September Patch Tuesday: Update before 1 October
Four critical remote code execution bugs in Windows and three critical elevated privileges vulnerabilities will keep admins busy Continue Reading
-
News
11 Sep 2024
How Sonar is elevating code quality in the age of AI
Sonar’s code quality platform helps developers maintain secure, high-quality code amid the rise of artificial intelligence-based coding assistants, now expanding into the Asian market Continue Reading
-
News
10 Sep 2024
JFrog and GitHub unveil open source security integrations
Secure software specialist JFrog is working with code development service GitHub to integrate the onboard capabilities of its Software Supply Chain Platform service into GitHub’s platform Continue Reading
-
News
10 Sep 2024
ANZ CIOs to prioritise cyber security investments in 2025
Cyber security remains high on the agenda for ANZ CIOs, followed by data analytics, cloud and generative AI Continue Reading
- 09 Sep 2024
-
Opinion
09 Sep 2024
Developing nations need the UN cyber crime treaty to pass
The UN cyber crime treaty is flawed but represents a move in the right direction for developing nations seeking greater digital sovereignty Continue Reading
-
News
05 Sep 2024
NCSC and allies call out Russia's Unit 29155 over cyber warfare
The NCSC and counterpart agencies from the US and other countries have exposed a long-running campaign of Russian cyber espionage and warfare conducted by GRU Unit 29155 Continue Reading
-
News
05 Sep 2024
Fog ransomware crew evolving into wide-ranging threat
The emergent Fog ransomware gang appears to be changing up its victimology in search of more cash-rich victims Continue Reading
-
News
05 Sep 2024
Canadian arrested by France after cooperating with US on Sky ECC cryptophone investigation
Thomas Herdman, who faces charges in France over his involvement in distributing Sky ECC encrypted phones, was arrested by French police despite agreeing to cooperate with US law enforcement Continue Reading
-
News
04 Sep 2024
Retailers question using live facial recognition for shoplifting
Retailers praise benefits of retrospective over live facial recognition in dealing with shoplifting, but stress there are ongoing concerns around the ethical, legal and safety implications of using the technology in stores Continue Reading
-
News
04 Sep 2024
Fraud and scam complaints hit highest ever level in UK
The Financial Ombudsman Service says it recorded almost 9,000 complaints about fraud and scams from April to June, the most ever recorded Continue Reading
-
Opinion
04 Sep 2024
Cyber firms need to centre their own resilience
The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading
-
News
03 Sep 2024
Chief data officers highlight data integrity woes
In a report from the company co-founded by web inventor Tim Berners-Lee, CDOs discuss the challenges of artificial intelligence and using increasing amounts of personal data Continue Reading
-
News
03 Sep 2024
Transport for London hit by cyber attack
London’s transport network provider TfL experiences cyber security incident, but reassures customers there is no impact on services Continue Reading
-
Opinion
29 Aug 2024
Cyber law reform should be top of Labour's policy list
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
29 Aug 2024
Met Police deploy LFR in Lewisham without community input
The Met’s latest live facial recognition deployment in Catford has raised concerns over the lack of community engagement around the police force’s use of the controversial technology Continue Reading
-
Opinion
28 Aug 2024
A coherent Labour cyber strategy depends on consistency
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
28 Aug 2024
Global cyber spend to rise 15% in 2025, pushed along by AI
Security spending will increase at pace in 2025, with artificial intelligence, cloud and consultancy services all pushing outlay to new highs, according to Gartner Continue Reading
-
News
28 Aug 2024
Cambridge Enterprise saves big with Keepit SaaS backup
University innovation body avoids hardware spend and saves management time as it switches from tape to cloud-to-cloud backup, instant recovery and decades-long retention from Keepit Continue Reading
-
News
28 Aug 2024
Telegram founder Pavel Durov questioned over cyber crime charges
Billionaire founder of Telegram accused of failing to co-operate with law enforcement requests for lawful interception Continue Reading
-
News
28 Aug 2024
How Kaspersky is driving growth in APAC
Kaspersky is leveraging its threat intelligence capabilities and local market knowledge to navigate geopolitical tensions and expand its footprint across the Asia-Pacific region Continue Reading
-
Opinion
27 Aug 2024
Extending zero-trust principles to endpoints
By combining zero-trust principles with other security strategies and continuously monitoring and improving their security posture, organisations can effectively mitigate risks and protect their resources, says Gartner's Nikul Patel Continue Reading
-
Opinion
27 Aug 2024
The US courts may have thrown a wrench into cyber regulation
A recent decision by the US Supreme Court to overrule the longstanding Chevron Deference has serious implications for global cyber security regulation Continue Reading
-
Opinion
27 Aug 2024
Public education on security must be a top priority for Labour
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
27 Aug 2024
Palo Alto Networks bets on ‘precision AI’
Palo Alto Networks’ regional leader, Steven Scheurmann, explains how machine learning, neural networks and generative AI can help to prevent breaches in what it calls ‘precision AI’ Continue Reading
-
News
22 Aug 2024
New Qilin tactics a ‘bonus multiplier’ for ransomware chaos
Sophos X-Ops caught the Qilin ransomware gang stealing credentials stored by victims' employees in Google Chrome, heralding further cyber attacks and breaches down the line. Continue Reading
-
Podcast
21 Aug 2024
Podcast: Ransomware and what data storage can do about it
We talk to NetApp’s Chris McKean about ransomware attacks and the role of data storage in protecting against them Continue Reading
-
News
20 Aug 2024
ICO launches privacy notice tool for SMEs
ICO tool designed to make it easier for small businesses and sole traders operating online to create bespoke data privacy notices for compliance purposes Continue Reading
-
News
20 Aug 2024
Phishing links becoming bigger threat than email attachments
Phishing techniques are evolving away from malicious email attachments, according to a report Continue Reading
-
20 Aug 2024
Mitigating the risks of modern application development
Organisations need to have visibility over their software supply chain, secure and monitor interfaces to legacy systems and adopt zero trust to mitigate the risks of modern application development. Continue Reading
-
News
19 Aug 2024
Challenges of deploying PQC globally
Quantum computers will eventually be powerful and reliable enough to crack strong encryption. PQC is the answer, but it could take years to deploy Continue Reading
-
News
19 Aug 2024
Popular Microsoft apps for Mac at risk of code injection attacks
Researchers at Cisco Talos turn up evidence suggesting that Microsoft apps running on the Apple macOS operating system are not as secure as they seem Continue Reading
-
News
16 Aug 2024
New Relic CEO on APAC growth and future of observability
New Relic CEO Ashan Willy talks up growth trajectory in APAC, the company’s long-term vision, and how going private has enabled it to make strategic investments Continue Reading
-
News
16 Aug 2024
Campaigners criticise Starmer post-riot public surveillance plans
A UK government programme to expand police facial recognition and information sharing after racist riots is attracting criticism from campaigners for exploiting the far-right unrest to generally crack down on protest and increase surveillance Continue Reading
-
Opinion
15 Aug 2024
With the right tools and strategy, public cloud should be safe to use
Despite the complexity and evolving nature of threats, with the right strategy, tools, and constant vigilance, businesses can safely and securely leverage public cloud services Continue Reading
-
Opinion
15 Aug 2024
'Black swans' take flight: the legal ramifications of the CrowdStrike incident
A ‘guinea pig’ approach to testing software could lead to class actions against technology companies Continue Reading
-
News
14 Aug 2024
Automated police tech contributes to UK structural racism problem
Civil society groups say automated policing technologies are helping to fuel the disparities that people of colour face across the criminal justice sector, as part of wider warning about the UK’s lack of progress in dealing with systemic racism Continue Reading
-
News
13 Aug 2024
NIST debuts three quantum-safe encryption algorithms
NIST has launched the first three quantum-resistant encryption algorithms, and as the threat of quantum-enabled cyber attacks grows greater, organisations are encouraged to adopt them as soon as they can Continue Reading
-
Opinion
13 Aug 2024
Labour's first cyber priority must be the NHS
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
13 Aug 2024
Australia’s cyber security skills gap remains pressing issue
Study reveals Australia’s critical shortage of cyber security professionals, escalating the risk of data breaches Continue Reading
-
Feature
09 Aug 2024
Deep dive into quantum-resistant cryptography for email security
Quantum computers have the potential to crack many of the encryption methods we currently rely on to keep our digital communications safe. Quantum-resistant cryptography may be the answer Continue Reading
-
Feature
09 Aug 2024
How UK firms can get ready for the implementation of NIS2
Many British companies will need to adhere to NIS2’s cyber security risk management and reporting requirements if they want to continue operating in the EU market and avoid huge fines Continue Reading
-
News
08 Aug 2024
Royal ransomware crew puts on a BlackSuit in rebrand
The Royal ransomware gang is back, with a new name and refreshed capabilities, including an apparently unique ‘partial encryption’ gambit, according to CISA Continue Reading
