IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
Opinion
01 May 2025
Explaining what’s happening in a cyber attack is hard but crucial
The recent attacks on Marks & Spencer, Harrods and the Co-op show why it is essential for organisations to have a strategy to communicate effectively with customers affected. Continue Reading
-
Opinion
01 May 2025
Signalgate: Learnings for CISOs securing enterprise data
A leak of information on American military operations caused a major political incident in March 2025. The Security Think Tank considers what can CISOs can learn from this potentially fatal error. Continue Reading
-
Feature
09 Jan 2020
Whisper it… but could a cyber attack be good for your career?
All too often it’s the CISO who carries the can for an enterprise security failure, but this might not be a bad thing. There’s lots of evidence to suggest that falling victim to a cyber attack may actually enhance your CV Continue Reading
-
News
09 Jan 2020
New GDPR service aims to ease compliance challenges
Security consultants claim their software platform will address a pressing need for an effective and efficient means of complying with data protection rules Continue Reading
-
Opinion
09 Jan 2020
Security Think Tank: Changing attitudes to cyber is a team sport
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Opinion
08 Jan 2020
Why the banking industry needs an IT makeover
UK banks face huge challenges keeping their service availability levels at 99.99% Continue Reading
-
Opinion
08 Jan 2020
Security Think Tank: Hero or villain? Creating a no-blame culture
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
News
07 Jan 2020
Broadcom flogs Symantec enterprise security unit to Accenture
Acquisition is set to make Accenture a global leader in managed cyber security services Continue Reading
-
Opinion
07 Jan 2020
Security Think Tank: Get your users to take pride in security
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
News
06 Jan 2020
Cyber gangsters demand payment from Travelex after ‘Sodinokibi’ attack
Cyber criminals are demanding payment to decrypt Travelex’s computer files after a devastating malware attack. New questions have been raised about the security of Travelex’s computer network after it emerged the company waited eight months to patch vulnerable VPN servers Continue Reading
-
News
06 Jan 2020
Iran likely to hit back with cyber attacks, security experts warn
The possibility of cyber attack by threat groups acting on behalf of the Iranian government has dramatically increased following US actions in Iraq Continue Reading
-
Blog Post
03 Jan 2020
Y2.02K
So here we are in 2020, and almost everything is still working as normal. The apocalyptic Y2K bug that caused such a thrill 20 years ago found its sequel in Y2.02K, but rather than nuclear reactor ... Continue Reading
-
News
03 Jan 2020
Survey about Swedish people’s attitude to the internet reveals growing distrust of social media
Swedish citizens are becoming more concerned about the activities of social media companies and are reducing their online interaction with them as a result Continue Reading
-
Opinion
03 Jan 2020
Security Think Tank: Put information at the heart of security
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading
-
News
03 Jan 2020
How Darktrace is riding the AI boom
Cyber security firm known for its artificial intelligence smarts doubled its headcount across Asia-Pacific last year in key markets including Australia and South Korea Continue Reading
-
News
24 Dec 2019
Top 10 cyber crime stories of 2019
Here are Computer Weekly’s top 10 cyber crime stories of 2019 Continue Reading
-
News
23 Dec 2019
Top 10 cyber security stories of 2019
Here are Computer Weekly’s top 10 cyber security stories of 2019 Continue Reading
-
News
20 Dec 2019
Finnish government supports local authorities in cyber security initiative
The Finnish government has committed resources to a cyber security project aimed at local authorities Continue Reading
-
Feature
19 Dec 2019
Human factors are critical to securing digital transformation
Sourcing the latest cyber security technology to support digital transformation projects is all well and good, but it’s meaningless if you fail to address your organisational culture and the people within it Continue Reading
-
News
18 Dec 2019
Top 10 Australia IT stories of 2019
Here are Computer Weekly’s top 10 Australia IT stories of 2019 Continue Reading
-
News
17 Dec 2019
Group-IB CEO talks up global threat landscape
Public attribution of cyber attacks could backfire while a global cyber norms framework won’t emerge until a catastrophic incident occurs, says the head of Singapore-based Group-IB Continue Reading
-
Opinion
16 Dec 2019
Security Think Tank: Data-centric security requires a holistic approach
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading
-
News
16 Dec 2019
Barco fixes ClickShare wireless flaw, but users still at risk
Supplier patches a major vulnerability in its popular ClickShare wireless presentation system with a firmware upgrade, but experts warn that users are not out of the woods yet Continue Reading
-
Opinion
11 Dec 2019
Security Think Tank: Risk-based response critical to protect data
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading
-
E-Zine
10 Dec 2019
Who should get the technology vote in the UK General Election?
In this week’s Computer Weekly, we take an in-depth look at the technology and digital policies in the main political parties’ election manifestos. We examine the rise of alternatives to relational databases that better support a big data environment. And we assess the security issues around container technology. Read the issue now. Continue Reading
-
News
09 Dec 2019
Public sector still losing user devices in high numbers
The Ministry of Justice has lost 354 smartphones, PCs, laptops and tablets in the past 12 months, according to a Freedom of Information request, and other government departments are in the same boat Continue Reading
-
News
06 Dec 2019
How commodities firm ED&F Man solved its threat detection challenges
After a minor server breach, leading commodities trader turned to Vectra’s Cognito service to expose hidden threats, spot privilege misuse, and conduct conclusive investigations Continue Reading
-
News
06 Dec 2019
Dutch government must facilitate and coordinate a broad eID system
The Dutch government should push for an electronic ID system for its citizens that works across the public and private sectors, according to a report Continue Reading
-
News
06 Dec 2019
Cyber security takes its place alongside UK’s armed services
Head of armed services says cyber security will take its place alongside the army, navy and air force as a key pillar of the UK’s defence strategy Continue Reading
-
Opinion
06 Dec 2019
Security Think Tank: Is data more or less secure in the cloud?
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading
-
News
06 Dec 2019
Great Cannon DDoS operation fires on Hong Kong protesters
AT&T’s security unit has evidence that China is pressing its Great Cannon DDoS tool into service once again, specifically to target pro-democracy protests in Hong Kong Continue Reading
-
Opinion
05 Dec 2019
Security Think Tank: Time for a devolution of responsibility
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading
-
News
05 Dec 2019
Black Hat Europe: Mental health websites are leaking user data
At Black Hat Europe in London, researchers reveal the extent to which confidential data is being leaked to third parties by online mental health websites Continue Reading
-
News
05 Dec 2019
Aviatrix VPN vulnerability left user endpoints wide open
Immersive Labs has disclosed a serious vulnerability in VPN supplier Aviatrix’s enterprise client that could have granted hackers elevated user privileges across enterprise targets Continue Reading
-
Opinion
04 Dec 2019
Security Think Tank: Optimise data-centric strategies with AI
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading
-
Opinion
03 Dec 2019
Cyber security: How to avoid a disastrous PICNIC
Fieldfisher’s David Lorimer examines how individual employees often facilitate cyber attacks, and what can be done to reduce the risk Continue Reading
-
News
03 Dec 2019
Tenable buys Indegy to integrate IT and OT security
Acquisition of industrial security specialist Indegy will create a unified, risk-based platform spanning both IT and OT security for Tenable Continue Reading
-
Opinion
03 Dec 2019
Security Think Tank: In-depth protection is a matter of basic hygiene
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading
-
News
03 Dec 2019
Chinese web users take more risks than Brits or Americans
A research paper published by the University of Birmingham seems to show that differences in cultural values have an impact both on risky behaviour online and legal regulation Continue Reading
-
News
29 Nov 2019
TfL locks down Oyster accounts to ward off credential stuffing
Mandatory password reset for all travellers who use Oyster and contactless payment systems follows minor breach incident earlier in 2019 Continue Reading
-
Feature
28 Nov 2019
Get ready for CCPA: Implications for UK businesses
The California Consumer Privacy Act, a wide-ranging data privacy and consumer protection law, comes into effect on 1 January 2020. How does CCPA differ from the EU GDPR regulations and what are the responsibilities for UK businesses operating in the US? Continue Reading
-
News
28 Nov 2019
The Security Interviews: Do cyber weapons need a Geneva Convention?
On a cold afternoon in Finland, F-Secure’s Mikko Hypponen discusses cyber weapons and nation state threats, and explains why arms limitations treaties might one day expand to include malware and other threats Continue Reading
-
News
28 Nov 2019
Top APAC security predictions for 2020
More attacks on critical infrastructure, supply chain vulnerabilities and file-less attacks are some of the security threats that enterprises should keep an eye on next year Continue Reading
-
News
27 Nov 2019
Security skills gap will take a decade to fill
The British education systems cannot move fast enough to address the security skills crisis, and in the absence of government action increased reliance on automation may be the least worst solution Continue Reading
-
Opinion
27 Nov 2019
The super-resilient organisation
We need to build super-resilient organisations that can not only survive in a tempestuous world, but become energised by it Continue Reading
-
News
26 Nov 2019
Enterprises muddled over cloud security responsibilities
A McAfee study suggests that 2020 will be a big year for cloud adoption, but confusion still persists over who is responsible for securing it Continue Reading
-
News
26 Nov 2019
Facebook undermined rivals in bid to dominate global messaging
Facebook used buyouts and bullying tactics towards competitors to grow its business empire, documents leaked to Computer Weekly reveal Continue Reading
-
News
25 Nov 2019
AI may open dangerous new frontiers in geopolitics
Truly artificial intelligence has the potential to provoke an international geopolitical crisis, warns F-Secure’s Mikko Hypponen Continue Reading
-
News
25 Nov 2019
Uber app exploit posed safety risk to passengers
A flaw in Uber’s system meant thousands of trips in London were taken with unauthorised drivers at the wheel Continue Reading
-
News
25 Nov 2019
Conservatives propose national cyber crime force
Manifesto also says Tories would “empower the police to safely use new technologies like biometrics and artificial intelligence, along with the use of DNA, within a strict legal framework” Continue Reading
-
Video
22 Nov 2019
CW500 Interview: Paddy Francis, CTO, Airbus CyberSecurity
In this CW500 video, Paddy Francis, CTO, Airbus CyberSecurity shares his advice and experiences of keeping tabs on security when trying to introduce emerging digital technologies into large organisations. Continue Reading
-
News
22 Nov 2019
Mystery surrounds leak of four billion user records
Threat researchers uncover four billion user records on a wide-open Elasticsearch server but who left them there is a mystery Continue Reading
-
News
22 Nov 2019
Some 29,000 UK web domains suspended for criminal activity
Domain suspensions for criminal activity over the past year has dropped for the first time since 2014 Continue Reading
-
Opinion
21 Nov 2019
Security Think Tank: Stopping data leaks in the cloud
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading
-
News
20 Nov 2019
Mimecast blocked 99 billion suspicious emails in third quarter
Latest threat intelligence report reveals the scale of the threat posed by malicious emails, with the transport, legal and financial sectors hit hardest Continue Reading
-
News
20 Nov 2019
Massive increase in fraud attacks on TSB customers during IT meltdown
There was a massive spike in attempts by fraudsters to steal from TSB customers when the bank’s IT systems failed in 2018 Continue Reading
-
News
19 Nov 2019
Public sector risks downplayed by senior IT leaders
Sophos reveals a significant cyber security perception gap between senior IT and security leaders in the public sector and their front-line teams Continue Reading
-
News
19 Nov 2019
Businesses failing to wipe data from old endpoints
Organisations are not taking adequate precautions to sanitise data held on endpoints when refreshing their PC or mobile device estates Continue Reading
-
News
19 Nov 2019
Huawei shrugs off latest US reprieve
Chinese tech giant dismisses the latest extension of the US Temporary General Licence and maintains that the US government is harming its own interests in banning it Continue Reading
-
News
19 Nov 2019
Managed services fuelling APAC security market
Spending on managed security services will account for almost half of Asia-Pacific’s cyber security market by 2023, as global and local providers shore up their offerings in the region Continue Reading
-
News
14 Nov 2019
Home Office Brexit app contains multiple security flaws
The Home Office’s Brexit app may be putting EU citizens’ personal data at risk Continue Reading
-
E-Zine
14 Nov 2019
CW APAC: Expert advice on container security
For all the promises of containers, changes in architecture and practices associated with the technology bring new challenges and opportunities. In this handbook, Computer Weekly looks at the security challenges associated with container technology. Continue Reading
-
News
13 Nov 2019
Business leaders fibbing to cover up lax security posture
Nominet study finds evidence that many businesses tout the robustness of their security posture as a selling point even though their security teams lack confidence in themselves Continue Reading
-
News
13 Nov 2019
Attack on Labour shows need for DDoS defence but should alarm few
After being hit by two DDoS attacks in the space of 24 hours, many commentators are convinced the UK’s Labour Party is the victim of foreign interference in the General Election campaign. It probably isn’t Continue Reading
-
Feature
13 Nov 2019
Taking responsibility for security in the cloud
From accidental leaks to full-on data breaches, maintaining security across cloud services is becoming a headache for enterprises. What questions should organisations be asking of their cloud service provider and, ultimately, whose responsibility is cloud security anyway? Continue Reading
-
News
13 Nov 2019
Cyber risk insurance is more than just insurance
Insurance companies such as Chubb are offering incident response services and security tools to help companies improve their cyber security posture and better cope with cyber attacks Continue Reading
-
News
12 Nov 2019
Nordic SMEs lack the money needed for cyber security
Businesses and governments in Denmark and Norway are working together to address a cyber security shortfall for SMEs in each country Continue Reading
-
News
12 Nov 2019
PCI DSS payment security compliance drops again
Worldwide, barely one-third of companies are maintaining full compliance with the PCI DSS security standard – and the numbers are falling Continue Reading
-
News
12 Nov 2019
IBM drums up quantum computing future
IBM’s head honcho, Ginni Rometty, welcomes Australia’s Woodside Energy to the quantum computing fold through a partnership to harness the technology to shore up cyber security and plant operations Continue Reading
-
News
08 Nov 2019
Security pros urged to get ahead of incoming BlueKeep exploits
The BlueKeep RDP vulnerability is beginning to be exploited in the wild, and security teams have no excuse for not trying to get in front of it, says Microsoft Continue Reading
-
Opinion
08 Nov 2019
Security Think Tank: Base cloud security posture on your data footprint
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading
-
Opinion
07 Nov 2019
Security Think Tank: Cloud security is a shared responsibility
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading
-
Opinion
07 Nov 2019
Security in the supply chain – a post-GDPR approach
A year and a half after the introduction of the EU’s General Data Protection Regulation, Fieldfisher's James Walsh reviews the fundamentals of supply chain security Continue Reading
-
News
06 Nov 2019
Trend Micro insider breach exposes need for data-centric protection
Simple measures could have saved consumer security product supplier from insider breach Continue Reading
-
News
06 Nov 2019
Global security workforce must more than double to meet demand
There are about 2.8 million cyber security professionals working today, and the world needs four million more Continue Reading
-
Opinion
06 Nov 2019
What changes are needed to create a cyber-savvy culture?
PA Consulting's Cate Pye considers the people and process changes that are necessary to build a security aware business culture Continue Reading
-
Opinion
06 Nov 2019
Security Think Tank: Adapt security posture to your cloud model
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading
-
Opinion
05 Nov 2019
Security Think Tank: The cloud needs security by design
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading
-
E-Zine
05 Nov 2019
The benefits of API-first software development
In this week’s Computer Weekly, we find out how organisations are using an API-based approach to software development to boost digital initiatives. We examine the potential pitfalls in using cloud storage. And we talk to the Department for Work and Pensions about its four-year project to move from outsourced IT to the cloud. Read the issue now. Continue Reading
-
Opinion
04 Nov 2019
Security Think Tank: Secure the cloud when negotiating contracts
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading
-
News
04 Nov 2019
EU patches 20-year-old open source vulnerability
Ethical hackers taking part in a bug bounty programme on behalf of the European Union have uncovered a 20-year-old vulnerability Continue Reading
-
Feature
04 Nov 2019
Making the case for integrated risk management
Security experts discuss how an integrated approach to risk and governance can be effectively managed Continue Reading
-
News
01 Nov 2019
CIO must focus on easing data access to help data scientists build models more quickly
Data scientists struggle to get the right data in the right format to build artificial intelligence models, so to benefit from AI, CIOs will need to simplify data access Continue Reading
-
News
31 Oct 2019
Alibaba Cloud earns security credentials in automotive and healthcare sectors
Alibaba Cloud’s compliance with Tisax and GxP follows earlier efforts by major public cloud suppliers to win over enterprises with strict data protection and security rules Continue Reading
-
News
30 Oct 2019
What will succeed the National Cyber Security Strategy?
As the National Cyber Security Strategy nears the end of its working life, the government is considering what comes next, and is asking probing questions of its successes and failures Continue Reading
-
News
29 Oct 2019
Fancy Bear resumes Olympic hacks ahead of Tokyo games
Fancy Bear is back in action and once again targeting anti-doping bodies and sporting organisations, warns Microsoft Continue Reading
-
E-Zine
29 Oct 2019
IR35 reforms – the difficult decisions facing IT contractors
In this week’s Computer Weekly, we examine the difficult choices facing UK IT contractors from the controversial IR35 tax reforms. Social engineering is a major source of cyber security attacks – we look at mitigation strategies. And the IT chief at Mercedes F1 explains what it takes to support a world championship team. Read the issue now. Continue Reading
-
Opinion
28 Oct 2019
Security Think Tank: Embedding security in governance
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading
-
Feature
28 Oct 2019
Security puzzle calls for some joined-up thinking
The age of digitisation brings new risks to organisations, so security needs to be more integrated Continue Reading
-
News
24 Oct 2019
Endpoint security is a procurement issue, says HP, IDC study
Report warns that buyers are falling at the first hurdle on security by not including it in their endpoint RFPs and tenders Continue Reading
-
News
23 Oct 2019
Take responsibility for cyber security basics, urges NCSC CEO
At the launch of its third annual review, NCSC head Ciaran Martin appealed for individuals and businesses to address the fundamentals of cyber security hygiene to help lighten the load Continue Reading
-
News
22 Oct 2019
Banks move to contain impact of Samsung biometric flaw
NatWest and Nationwide have moved to lock down their mobile banking apps after Samsung warned of a biometric security flaw on its Galaxy and Note S10 devices Continue Reading
-
22 Oct 2019
Data management strategies are evolving – so must enterprises
A growing number of data-driven initiatives, alongside heightened demand for security in governance, data management and compliance, has led to the rise of a more holistic approach – integrated risk management. Continue Reading
-
News
22 Oct 2019
Over-30s tend to do better at cyber security than younger colleagues
Attitudes to workplace cyber security differ by age group, but not in the way one might imagine, according to a new study by NTT Security Continue Reading
-
News
21 Oct 2019
Trend Micro buys cloud security firm to broaden offering
Acquisition of Cloud Conformity will address often overlooked cloud security fundamentals Continue Reading
-
News
21 Oct 2019
Sodinokibi emerging as a diverse, multi-vector threat to businesses
McAfee shares insight into the Sodinokibi ransomware campaign gleaned from its network of honeypots Continue Reading
-
News
18 Oct 2019
Amazon consumer devices vulnerable to two-year-old exploit
Millions of older Amazon Echo and Kindle devices are still susceptible to a Wi-Fi vulnerability that was first disclosed in 2017 Continue Reading
-
News
17 Oct 2019
BEIS launches multimillion-pound security investment package
Government is making available more than £50m to support a range of new cyber security initiatives and collaborations, including the latest phase of its Digital Security by Design programme Continue Reading
-
News
17 Oct 2019
NHSX could transform NHS security capabilities
The health sector is increasingly confident that NHSX can deliver a streamlined, effective cyber security policy for the health service Continue Reading
-
News
17 Oct 2019
Security threat landscape becomes more organised and business-like
Approaches to securing the enterprise need to change in the face of a rapidly maturing threat landscape Continue Reading
-
Opinion
17 Oct 2019
Security Think Tank: Focus on metrics to manage risk
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading
-
News
16 Oct 2019
Pitney Bowes ‘considering options’ after malware attack
Mailing and shipping services firm in recovery mode after key systems were encrypted by a malware attack Continue Reading