IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
Opinion
01 May 2025
Explaining what’s happening in a cyber attack is hard but crucial
The recent attacks on Marks & Spencer, Harrods and the Co-op show why it is essential for organisations to have a strategy to communicate effectively with customers affected. Continue Reading
-
Opinion
01 May 2025
Signalgate: Learnings for CISOs securing enterprise data
A leak of information on American military operations caused a major political incident in March 2025. The Security Think Tank considers what can CISOs can learn from this potentially fatal error. Continue Reading
-
News
12 Aug 2019
Phishing top security threat to business
A new Telefónica security service for business shows that phishing is the most-blocked threat and smaller businesses are a popular attack target in the first two months of deployment Continue Reading
-
News
12 Aug 2019
Digital transformation driving security rethink
Organisations are focusing on internet of things and cloud in developing cyber defence systems, study shows Continue Reading
-
Opinion
12 Aug 2019
Security Think Tank: Balancing data accessibility with security controls
How can infosec pros and data architects work together to support business goals and achieve a good level of cyber security? Continue Reading
-
News
09 Aug 2019
McAfee warns of serious security flaw in building controller
Security researchers have demonstrated how simple flaws in building controllers could allow malicious actors to manipulate control systems with devastating effect, highlighting the importance of operational technology security Continue Reading
-
News
09 Aug 2019
F-Secure warns of F5 Big IP-related security issue
F-Secure has discovered security issues relating to an F5 device that it says could potentially turn hundreds of thousands of load balancers into beachheads for cyber attacks Continue Reading
-
Opinion
09 Aug 2019
Security Think Tank: Communication, processes and tech: A new beginning for security
How can infosec pros and data architects work together to support business goals and achieve a good level of cyber security? Continue Reading
-
News
09 Aug 2019
NCC Group warns of security risks of leading printers
Researchers uncover more than 35 vulnerabilities in six leading enterprise printers, many of which could allow access to corporate networks, underlining the need to counter security risks of embedded systems Continue Reading
-
News
09 Aug 2019
Whistleblowers: James Glenn’s battle with Cisco opens new front on cyber security
James Glenn, a 42-year-old security specialist, fought a 10-year legal battle with Cisco after blowing the whistle on serious security flaws. He lost his job, but has no regrets Continue Reading
-
News
08 Aug 2019
Ransomware a continued threat to business, report warns
Businesses are increasingly becoming the most popular targets for ransomware, which remains a top cyber threat around the world, especially in the US, a report reveals Continue Reading
-
News
08 Aug 2019
Cyber criminals hijacking legitimate website comms
Criminals are exploiting firms’ use of online feedback methods to distribute spam and phishing emails, security researchers warn Continue Reading
-
News
08 Aug 2019
Can you trust pen-testers?
Pen-testers have knowingly posted security workarounds on the public internet that are now commonly used by hackers Continue Reading
-
Opinion
08 Aug 2019
Security Think Tank: Security is a business, not an IT function
How can infosec pros and data architects work together to support business goals and achieve a good level of cyber security? Continue Reading
-
E-Zine
08 Aug 2019
CW Benelux: Dutch academic hunts the personality behind the hacker
Rutger Leukfeldt, senior researcher on cyber crime at the Netherlands Institute for the Study of Crime and Law Enforcement, is working to help organisations understand the personalities behind criminal hackers. Also in this issue, read about research that shows over half of Dutch organisations admit their knowledge of blockchain is substandard. We also feature an article about ABN Amro’s work with researchers to explore how quantum computing can be used to secure online banking. Continue Reading
-
News
07 Aug 2019
Southeast Asian ‘white hat’ urges more countries to sign the Paris Call
A renowned ethical hacker in Malaysia has called for more nations to support the Paris Call for Trust and Security in Cyberspace to counter the threat of cyber warfare Continue Reading
-
Opinion
07 Aug 2019
Security Think Tank: Dialogue between data architects and security leads is essential
How can infosec pros and data architects work together to support business goals and achieve a good level of cyber security? Continue Reading
-
News
07 Aug 2019
Shared files in the cloud are a top ransomware target
Vectra 2019 Spotlight report shows recent ransomware attacks cast a wider net to ensnare cloud, datacentre and enterprise infrastructures Continue Reading
-
News
07 Aug 2019
FireEye identifies dual nature Chinese cyber threat group
Security researchers have identified a China-based cyber threat group engaged in state-spored espionage in parallel with cyber criminal activities targeting multiple industries worldwide Continue Reading
-
News
07 Aug 2019
Industry collaborates to patch SwapGS CPU vulnerability
Newly disclosed SwapGS vulnerability in modern processors has been patched in Windows, Linux and ChromeOS, underlining the importance of keeping systems up to date Continue Reading
-
News
06 Aug 2019
African bank foils suspected North Korean cyber attack
An African bank is among the financial institutions to be targeted by North Korea’s multi-billion dollar cyber theft campaign to support its weapons programmes Continue Reading
-
News
06 Aug 2019
Most UK firms lack confidence in disaster recovery
Only a third of UK firms are confident in their ability to recover from cyber attacks and other disasters, with business continuity still relatively low on the agenda, a study reveals Continue Reading
-
E-Zine
06 Aug 2019
Using tech to boost staff morale
In this week’s Computer Weekly, we look at the emerging technologies being used to improve employee experience and raise staff loyalty and motivation. The CIO of the Football Association explains how IT is changing the way the national game is administered. And we examine the growing role of AI in preventing cyber attacks. Read the issue now. Continue Reading
-
Opinion
06 Aug 2019
Security Think Tank: Close interdisciplinary ties are key to security integration
How can infosec professionals and data architects work together to support business goals and achieve a good level of cyber security? Continue Reading
-
News
05 Aug 2019
DDoS on the rise, warns Kaspersky
Security researchers at Kaspersky are among those warning business that, more than ever, mitigation of distributed denial of service attacks needs to be a key element of cyber defence strategies Continue Reading
-
Feature
05 Aug 2019
Enhancing business purpose with privacy compliance
Computer Weekly looks at the importance of building on basic GDPR compliance and making privacy a key foundation of business culture Continue Reading
-
Opinion
05 Aug 2019
Security Think Tank: CIA at heart of infosec-data architect partnership
How can infosec professionals and data architects work together to support business goals and achieve a good level of cyber security? Continue Reading
-
News
05 Aug 2019
Most UK university applicants at risk of email fraud
The majority of hundreds of thousands of applicants to UK universities are at risk of email fraud before and after A-level results day, due to a failure to implement full Dmarc protection, a study reveals Continue Reading
-
Feature
02 Aug 2019
Developing innovative security analytics approaches in the digital age
With security threats growing in scale and complexity, security analytics provide a way for IT teams to stay one step ahead of cyber attackers. The challenge is to ensure this technology continues to be effective in the face of new security challenges Continue Reading
-
News
02 Aug 2019
Lack of resources top challenge to IT security
A lack of resources is the top challenge to information security professionals, followed by a lack of experience and skills, a survey reveals Continue Reading
-
News
02 Aug 2019
Government continues probe of UK cyber security labour market
The government has announced a second phase of research to help understand the UK's cyber security labour market Continue Reading
-
News
01 Aug 2019
Industrial control system cyber security risk high, report warns
The industrial control system cyber risk to global oil and gas companies is high and rising, as new attack groups continue to enter the arena Continue Reading
-
News
01 Aug 2019
Leaked Sephora databases peddled on dark web
Cyber security firm finds two databases likely to be related to the Sephora data breach that affected online customers in Southeast Asia, Australia and New Zealand Continue Reading
-
News
31 Jul 2019
Cisco pays $8.6m after whistleblower discloses security flaws in video surveillance system
James Glenn, a video surveillance expert working for a Cisco reseller in Denmark, alerted Cisco to security faults and stands to gain a share of a multimillion-dollar settlement with the US government Continue Reading
-
News
31 Jul 2019
How Singapore’s NTUC Enterprise is embracing digital transformation
NTUC Enterprise is starting to look more like a technology company, employing DevOps to speed up software development and developing new digital business models even as cultural barriers to transformation remain Continue Reading
-
News
31 Jul 2019
Financial services top cyber attack target
Financial services are among the most attractive targets for cyber attackers, security researchers reveal, with phishing and credential stuffing among the top threats Continue Reading
-
News
30 Jul 2019
Australian firms grappling with “train-smash” of security legislation
While businesses should avoid going into checkbox compliance mode, the constant flux of regulations on cyber security and privacy has led to calls for more legislative coherence from regulators Continue Reading
-
News
30 Jul 2019
Mobiles top target of nation state surveillance
Nation states are targeting individual mobile users for intelligence gathering and disruption of rivals as security on mobile devices lags behind traditional computing, a report reveals Continue Reading
-
Feature
29 Jul 2019
Think beyond tick-box compliance
A year on since GDPR, many organisations are yet to stop fretting over fines and focus instead on business value Continue Reading
-
News
29 Jul 2019
Cyber kill chain is outdated, says Carbon Black
The chief cyber security officer of Carbon Black calls for a new cognitive paradigm to fend off cyber adversaries that are now attacking in cycles Continue Reading
-
News
26 Jul 2019
Email security as important as ever, report shows
Cyber security professionals need to keep up to date with email-borne threats because they continue to evolve and have a major impact on business, research reveals Continue Reading
-
News
26 Jul 2019
86 million reasons to support No More Ransom
Anti-ransomware cross-industry initiative says it has prevented more than £86m in ransom payments as it marks its third anniversary, which coincides with a resurgence in ransomware in many parts of the world Continue Reading
-
News
25 Jul 2019
F-Secure talks up threat-hunting to stay ahead of cyber attacks in APAC
Cyber security firm calls for organisations to double up on threat-hunting now that nearly all attack and reconnaissance traffic is automated Continue Reading
-
News
25 Jul 2019
Mobile banking malware surges in 2019
Mobile banking malware surged in the first half of the year, email scams geared up and attacks on cloud increased, while illicit cryptocurrency miners declined, report reveals Continue Reading
-
News
25 Jul 2019
Most SMEs severely underestimate cyber security vulnerabilities
Small businesses are the primary target for cyber attacks, yet most are unprepared and do not think they will be targeted, a survey reveals Continue Reading
-
Opinion
25 Jul 2019
Why investment is needed in the cyber insurance market
The number of cyber insurance policies on offer is beginning to grow, but insurers still have a long way to go to develop policies that address market concerns Continue Reading
-
News
24 Jul 2019
Internet crime costs global economy £2.3m a minute
Cyber crime cost the global economy £2.3m every minute in 2018, reveals a report aimed at defining the scale of cyber attacks taking place over the internet Continue Reading
-
News
24 Jul 2019
Global malware down but ransomware up, with UK hard hit
Despite a global decrease in the volume of malware in the past year, ransomware is surging once again, and the UK is one of the worst-hit countries, a report reveals Continue Reading
-
News
24 Jul 2019
AI to advance Swedish military systems
Swedish report into use of artificial intelligence in military systems reveals opportunities and concerns Continue Reading
-
News
23 Jul 2019
Phishing attack highlights cyber security need at universities
UK university cyber security is once again under the spotlight after Lancaster University reveals that it has been targeted by a phishing attack used to send fake invoices Continue Reading
-
News
23 Jul 2019
Norsk Hydro cyber attack could cost up to $75m
March 2019 ransomware attack could cost Norwegian aluminium giant up to $75m in the first half of the year, according to latest estimates Continue Reading
-
News
23 Jul 2019
Data breach costs on the rise, IBM study shows
Data breach costs have risen in the past decade, and the financial impact can be felt for years. Breaches posing a growing risk for small businesses, a study shows, underlining the importance of incident response Continue Reading
-
News
23 Jul 2019
Microsoft talks up benefits and pitfalls of machine learning in security
Software giant Microsoft uses machine learning models to detect emerging threats while keeping an eye on potential bias in security data points that could derail its analysis Continue Reading
-
News
22 Jul 2019
Big tech firms back UK cyber security initiative
Big technology firms have pledged their support for UK investment in an initiative to “design out” of new tech the most damaging cyber security threats Continue Reading
-
News
19 Jul 2019
Latest ICO fine highlights privacy due diligence
A week after issuing the first serious GDPR fines, the ICO has further underlined the importance of data stewardship and due diligence regarding privacy practices Continue Reading
-
News
19 Jul 2019
Second CyberThreat Summit announced by NCSC and SANS Institute
CyberThreat 2019 aims to bring together a more diverse set of technical professionals in cyber security from the private and public sectors in the UK and abroad to encourage collaboration Continue Reading
-
News
19 Jul 2019
MPs warn of data adequacy hole in no-deal Brexit
Transferring data to and from the EU will only be possible if an agreement is in place before the UK leaves. No deal means no data agreement Continue Reading
-
News
19 Jul 2019
Warzone bulletproof hosts protecting Magecart group
Security researchers have discovered a Magecart group operating with impunity using bulletproof hosting services, including one in battle-scarred Ukraine Continue Reading
-
Feature
19 Jul 2019
How IT pros are building resilience against email security threats
For most people, emails are an easy and harmless way to communicate in the workplace, but they could also be a security disaster waiting to happen Continue Reading
-
News
19 Jul 2019
HID weighs in the glacial move towards digital ID
There are still concerns over data integrity, security and privacy of digital identities, but the convenience of the technology outweighs the risks, says a HID expert Continue Reading
-
E-Zine
18 Jul 2019
CW ASEAN: Trend Watch – Security
Artificial intelligence tools are becoming a vital part of the security arsenal for organizations and cyber criminals alike. In this handbook, Computer Weekly looks at how ASEAN firms are using AI to combat cyber threats and experts discuss the latest smart cyber security tools. Continue Reading
-
E-Zine
18 Jul 2019
CW ANZ: Trend Watch – Security
With regulations pushing data protection up the business agenda, we look at how Australia’s Notifiable Data Breaches scheme has been received and consider why a survey that found Australian firms are experiencing fewer cyber breach incidents appears to conflict with anecdotal evidence that suggests the opposite. Continue Reading
-
News
18 Jul 2019
UK poor cyber security practice undermining controls
UK firms investing in the latest cyber security products and services risk this being undermined by poor security practices, a survey reveals Continue Reading
-
News
18 Jul 2019
Lateral phishing used to attack organisations on global scale
Lateral phishing is a growing type of account takeover that has enabled attackers to target more than 100,000 people by hijacking just 154 email accounts Continue Reading
-
News
17 Jul 2019
Most security pros still concerned about public cloud security
Despite accelerated adoption of public cloud services by companies keen to benefit from increased efficiency, scalability and agility, most security professionals have reservations Continue Reading
-
News
17 Jul 2019
Vulnerable firmware in enterprise server supply chain
Researchers are warning of vulnerabilities in firmware from a third-party supplier that put some servers from Lenovo, Gigabyte and six other manufacturers at risk Continue Reading
-
News
16 Jul 2019
NCSC calls out Microsoft over Dmarc reports
The UK’s cyber security agency has called out Microsoft for seriously undermining global email security by failing to provide crucial reports from its email platforms Continue Reading
-
News
16 Jul 2019
NCSC reports on second year of cyber defence at scale
The UK’s National Cyber Security Centre releases a report on the second year of its Active Cyber Defence programme to demonstrate its effects in the public sector and wider UK cyber ecosystem Continue Reading
-
Opinion
16 Jul 2019
Security Think Tank: Aligning data privacy with business objectives
What strategies can infosec pros use to shift focus from GDPR fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose? Continue Reading
-
Podcast
16 Jul 2019
BA/Marriott GDPR fines: What they were for and how to avoid them
We talk to Mathieu Gorge, CEO of Vigitrust, about the BA and Marriott GDPR fines and what organisations can do to ensure they achieve compliance with GDPR and similar regulations Continue Reading
-
News
15 Jul 2019
No technical grounds to ban Huawei, DCMS told
Science and Technology Committee tells Department for Digital, Culture, Media and Sport that there are no technical grounds for it to exclude Huawei Continue Reading
-
News
15 Jul 2019
Organisations turn to AI in race against cyber attackers
Businesses are racing to automate their defences as hackers and nation states launch increasingly sophisticated cyber attacks Continue Reading
-
News
15 Jul 2019
UK public sector needs to prioritise mobile device security
Only 10% of public service stolen and lost mobile are recovered, underlining the need for mobile-centric, zero-trust model to reduce the risk, says MobileIron Continue Reading
-
News
15 Jul 2019
UK boards ignoring £30bn cyber risk
Despite the danger posed by cyber attacks to mid-sized companies, boards are not prepared to manage the risk and firms are over-confident in their cyber capabilities, report finds Continue Reading
-
News
15 Jul 2019
How Apollo 11 influenced modern computer software and hardware
On 16 July 1969, Apollo 11 began its historic journey to send man to the Moon. We look at the pioneering computer technology developed by Nasa Continue Reading
-
News
12 Jul 2019
New FinSpy versions extend surveillance capabilities
New versions of the FinSpy malware for iOS and Android smartphones have extended targeted surveillance capabilities, warn security researchers Continue Reading
-
News
12 Jul 2019
Windows 10 to enable passwordless sign-in
Windows 10 users will soon be able to sign in to devices without using a password to encourage the use of two-factor authentication methods to improve security Continue Reading
-
Feature
11 Jul 2019
APAC IoT adoption improves amid challenges
More enterprises across the region are using the internet of things to track fleet vehicles and improve operations, but technology integration and security concerns are still holding back widespread adoption Continue Reading
-
News
11 Jul 2019
Attacks against AI systems are a growing concern
European research group says attacks against AI systems are already occurring, difficult to identify, and could be far more common than currently understood Continue Reading
-
News
11 Jul 2019
RiskIQ uncovers new Magecart campaign
A fresh Magecart campaign is breaching websites on a massive scale using indiscriminate attacks exploiting misconfigured Amazon S3 buckets, say researchers Continue Reading
-
Opinion
11 Jul 2019
Security Think Tank: Align compliance objectives with business goals
What strategies can information security professionals use to shift focus from GDPR fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose? Continue Reading
-
News
10 Jul 2019
Agent Smith mobile malware hits millions of devices
New mobile malware that exploits Android vulnerabilities has infected millions of devices, security researchers have discovered Continue Reading
-
Opinion
10 Jul 2019
Security Think Tank: Changing the GDPR focus to business benefit
What strategies can information security professionals use to shift focus from General Data Protection Regulation fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose? Continue Reading
-
Opinion
09 Jul 2019
Security Think Tank: Benefits of GDPR compliance
What strategies can information security professionals use to shift focus from General Data Protection Regulation fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose? Continue Reading
-
News
09 Jul 2019
Nearly half of firms fear cloud apps make them insecure
Survey shows more than one-third of global companies appoint a CISO in the face of data breaches, and the UK is giving CISOs more power despite making fewer appointments Continue Reading
-
News
08 Jul 2019
IISP gains Royal Charter status
The UK finally has its first national professional body for cyber security that will be responsible for setting the standards for skills and knowledge in the industry to reduce the skills gap and increase diversity Continue Reading
-
News
05 Jul 2019
St John Ambulance praised for response to ransomware attack
Charity’s response to ransomware attack demonstrates that it is possible to ensure minimal disruption if properly prepared Continue Reading
-
News
04 Jul 2019
Security and privacy key to smart buildings and cities
Security and privacy capabilities are essential for stakeholders if they are to realise the benefits of smart buildings and cities, says expert whitepaper Continue Reading
-
News
04 Jul 2019
FireEye ties Microsoft Outlook exploit to Iranian hackers
US Cyber Command has issued a warning that a patched Microsoft Outlook vulnerability is being exploited by unnamed threat actors, and recommended immediate patching Continue Reading
-
News
04 Jul 2019
Email still top security vulnerability, survey shows
Email is still the top security vulnerability, a survey shows, but security researchers caution that switching to instant messaging is not necessarily a solution in the longer term Continue Reading
-
News
04 Jul 2019
APAC experts weigh in on cyber security trends
The onslaught of cyber attacks being reported each day has been a wake-up call, but experts say businesses need to be mindful of the limitations of certain security measures Continue Reading
-
News
03 Jul 2019
Sodin ransomware exploiting Windows zero-day, Kaspersky warns
Security researchers are warning that a recently discovered type of ransomware is now exploiting a zero-day Windows vulnerability, and does not require user interaction to trigger an infection Continue Reading
-
News
03 Jul 2019
Top VPNs secretly owned by Chinese firms
Nearly a third of top VPNs are secretly owned by Chinese companies, while other owners are based in countries with weak or no privacy laws, potentially putting users at risk, security researchers warn Continue Reading
-
News
02 Jul 2019
Sweden’s Protective Security Act targets cyber risks
IT suppliers must comply with tighter cyber security requirements, but are being offered help from government agencies Continue Reading
-
Podcast
02 Jul 2019
Podcast: The Computer Weekly Downtime Upload – Episode 22
In this week’s episode of the Computer Weekly Downtime Upload podcast, Brian McKenna, Caroline Donnelly and Clare McDonald talk about digital transformation in the NHS, Sky’s efforts to get more women working in tech and how big businesses could be risking extinction by ignoring IT Continue Reading
-
News
02 Jul 2019
Orvibo data leak puts security spotlight on IoT back end
The security of devices that make up the internet of things (IoT) is a top concern for many in the industry, but leaks from an IoT database highlights the importance of back-end security too Continue Reading
-
News
02 Jul 2019
Singapore to beef up police tech capabilities
Singapore government singles out biometrics, data analytics and digital forensics as promising areas to boost crime-fighting efforts Continue Reading
-
News
02 Jul 2019
Few UK firms are cyber insured despite financial losses
More than one-fifth of UK firms have been impacted financially by cyber attacks, yet potentially more than three-quarters of companies polled have never been insured for cyber-related losses Continue Reading
-
Feature
01 Jul 2019
Facebook’s privacy game – how Zuckerberg backtracked on promises to protect personal data
Facebook promised its users privacy then quietly abandoned its promises in pursuit of profits. Now it faces antitrust regulation Continue Reading
-
News
01 Jul 2019
Huge jump in cyber incidents reported by finance sector
The number of cyber incidents reported by financial services firms increased nearly 12-fold in 2018 from 2017, mainly due to third-party failures, highlighting several key areas that need improvement Continue Reading
-
Feature
01 Jul 2019
How to get the basics of mobile device management right the first time
When adopting mobile device management, there are often fears around implementation and whether or not the strategy is even required Continue Reading
-
News
28 Jun 2019
TIN coalition calls for industry action against cyber fraud
An industry group aimed at improving cyber security by tackling enduring challenges has called for collaboration in the fight against cyber fraud Continue Reading