IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
03 May 2024
Adobe expands bug bounty programme to account for GenAI
Adobe has expanded the scope of its HackerOne-driven bug bounty scheme to incorporate flaws and risks arising from the development of generative artificial intelligence Continue Reading
-
News
03 May 2024
Patch GitLab vuln without delay, users warned
The addition of a serious vulnerability in the GitLab open source platform to CISA’s KEV catalogue prompts a flurry of concern Continue Reading
-
Feature
19 Feb 2018
Getting a handle on mobile security in your enterprise
Everyone now has a mobile device at work, so how can enterprises ensure they are secure? Continue Reading
-
News
19 Feb 2018
Lauri Love can stay in UK: prosecutors will not appeal extradition ruling
Crown Prosecution Service gives undertaking to Lauri Love that it will not appeal against a court decision not to extradite him to the US – but prosecutors are seeking leave to appeal over part of the court ruling on extradition procedure Continue Reading
-
News
19 Feb 2018
Google reveals Edge flaw after Microsoft fails to meet deadline
Google’s Project Zero has gone public with another Microsoft security vulnerability after the software giant failed to issue a fix within allotted time Continue Reading
-
News
16 Feb 2018
Tech industry signs cyber security charter
Nine technology organisations have signed a cyber security charter aimed at raising the level of cyber security internationally Continue Reading
-
News
16 Feb 2018
A third of Brits plan to exercise right to be forgotten
After the General Data Protection Regulation compliance deadline, a third of Britons polled say they plan to exercise their right to be forgotten, but few fully understand the GDPR and how it will affect them Continue Reading
-
News
16 Feb 2018
Few organisations managing cyber risk, survey shows
Cyber risk management practices are not keeping up with rising cyber security concerns among senior executives around the world, a study shows Continue Reading
-
News
15 Feb 2018
F-Secure warns against ‘evil maid’ attacks
Business people are being urged not to underestimate the importance of physical security for their laptops, which can be used as entry points by attackers if not adequately protected Continue Reading
-
News
15 Feb 2018
Atos investigates breach linked to Winter Olympics cyber attack
IT services firm Atos is investigating a potential security breach in response to reports that employee credentials were found in malware used to target the Winter Olympics Continue Reading
-
Feature
14 Feb 2018
How AI will underpin cyber security in the next few years
Cyber security risks are growing in complexity and volume, but artificial intelligence techniques can help businesses track and fight them in real time Continue Reading
-
News
14 Feb 2018
Telegram zero-day exploit is a warning
The discovery of an exploit of a zero-day vulnerability in the Telegram messaging app demonstrates that not all “secure” apps are automatically safe, security experts have warned Continue Reading
-
Opinion
13 Feb 2018
Why police forces need to be honest about mass mobile phone surveillance
Police forces across the UK are covering up their use of sophisticated mass surveillance devices, known as IMSI-catchers - the Bristol Cable and Liberty are campaigning for proper transparency Continue Reading
-
News
13 Feb 2018
Industrial cyber security improving, but needs work
Cyber attacks on industrial and critical infrastructure systems are increasing in number and sophistication, but more attention is being paid to security, says Honeywell at it opens new Dubai facility Continue Reading
-
News
13 Feb 2018
Cyber security awareness top priority in financial sector
Information security chiefs in the financial sector say cyber security awareness needs to be a top priority Continue Reading
-
News
12 Feb 2018
FS-ISAC enables safer financial data sharing with API
The global financial industry's body for cyber and physical threat intelligence analysis and sharing has published an API to facilitate safer sharing of consumer financial information Continue Reading
-
News
12 Feb 2018
Criminals hijack government sites to mine cryptocurrency used to hide wealth
Europol says criminals are hiding billions in cryptocurrencies, as thousands of government and other websites have reportedly been used to hijack computers to mine more Continue Reading
-
News
12 Feb 2018
PyeongChang Winter Games hit by cyber attack
Although critical operations were not affected by the incident, event organisers at the PyeongChang Winter Olympics had to shut down servers and the official games website to prevent further damage Continue Reading
-
News
09 Feb 2018
Europe in the firing line of evolving DDoS attacks
The Europe, Middle East and Africa region accounts for more than half the world’s distributed denial of service attacks, a report from F5 Labs reveals Continue Reading
-
News
08 Feb 2018
Norway’s government backs cyber defence mobilisation
Norway has accelerated plans to scale up its national security infrastructure against threats emanating from the cyber domain Continue Reading
-
News
08 Feb 2018
More POS malware detected in the wild
The first new point of sale malware in many months is stealing data from the magnetic strips on payment cards, security researchers warn Continue Reading
-
News
08 Feb 2018
Swisscom downplays data breach
Telecommunication provider Swisscom has downplayed a data breach affecting around 800,000 customers, but security experts warn of potential long-term risks Continue Reading
-
E-Zine
08 Feb 2018
CW Benelux: Dutch IT expert on a mission to expose vulnerabilities
Dutch ethical hacker Victor Gevers took full-time leave from his IT job last year and used the time to hunt for vulnerabilities. Read about his mission to find vulnerabilities, report them responsibly and then, hopefully, get them fixed by the vulnerable parties involved. Also in this issue, read how Proximus, Belgium’s largest telecommunications operator, is leaning on Cloudify to support its adoption of network functions virtualisation, and how journalists showed that the email addresses of Dutch politicians are easy to spoof. Continue Reading
-
News
08 Feb 2018
Teenager suspected of crippling Dutch banks with DDoS attacks
A large distributed denial of service attack on banks and other organisations in the Netherlands, first thought to emanate from Russia, is now thought to have been launched by a local teenager Continue Reading
-
Opinion
08 Feb 2018
Mobile biometrics set to be game-changer in APAC
Telcos, financial institutions and other industry players risk losing market share if they do not keep up with the demand for security, convenience and mobility Continue Reading
-
News
07 Feb 2018
Third party cyber breach risk set to rise
Third party cyber security risk should always have been a priority, but this has never been more important than it is now in light of new technology risks and data protection regulations Continue Reading
-
Opinion
07 Feb 2018
Security Think Tank: How to evolve SecOps capacity
How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments? Continue Reading
-
Opinion
06 Feb 2018
Security Think Tank: Take care of security basics before automating
How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments? Continue Reading
-
News
06 Feb 2018
Many UK firms ill-equipped to deal the cloud security risks
Many UK firms do not have the security tools, processes and skills required to ensure their cloud implementations are secure, a security researcher and advocate warns Continue Reading
-
News
05 Feb 2018
Lauri Love plans to use ‘internet as a force for good’
Engineering student Lauri Love says he plans to help businesses fight cyber crime, after the court of appeal ruled that he can be tried in the UK for allegedly hacking US computer systems, rather than face extradition to the US Continue Reading
-
Opinion
05 Feb 2018
Security Think Tank: How automation can reduce the load on the security operations team
How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments? Continue Reading
-
News
05 Feb 2018
NCSC shows how first year affected cyber attacks on the UK
Initiatives by the UK’s National Cyber Security Centre (NCSC) have detected and prevented millions of online commodity attacks, the agency’s first annual report shows Continue Reading
-
News
05 Feb 2018
Appeals court rules Lauri Love will not be extradited over US hacking charges
The lord chief justice, Lord Burnett, says 33-year-old engineering student Lauri Love will not be extradited to the US to face hacking charges, in a landmark legal decision, and the Crown Prosecution Service should bring proceedings against Love in the UK Continue Reading
-
News
05 Feb 2018
Researchers discover malicious Chrome extensions
Security researchers have discovered a new botnet delivered via malicious Chrome extensions designed to hijack computers to mine cryptocurrency and record victims’ every move Continue Reading
-
Opinion
02 Feb 2018
Security Think Tank: Approaches to strengthening security operations
How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments? Continue Reading
-
News
02 Feb 2018
GDPR: Don’t panic, but seize the chance to build trust, says ICO
With the compliance deadline for the EU’s GDPR just 112 days away, the UK’s information commissioner has urged organisations not to panic, but to seize the chance to build trust with customers Continue Reading
-
News
02 Feb 2018
Appeal Court to give landmark verdict on Lauri Love extradition
The Appeal Court will decide whether Lauri Love, who has serious health issues, should be extradited to the US to face hacking charges, or face trial in the UK. The landmark case is the first test of legal protections introduced by Theresa May to protect vulnerable people Continue Reading
-
News
02 Feb 2018
CIO interview: Aaron Powell, CDO, NHS Blood and Transplant
NHS Blood and Transplant chief digital officer Aaron Powell explains why pushing a digital transformation agenda has a real impact on people’s lives Continue Reading
-
Opinion
02 Feb 2018
Europe’s shameful role in spy-tech exports that led to torture and jail
Governments in Europe actively assisted in government oppression in Iran, Bahrain and Russia by providing states with sophisticated surveillance equipment. The European Parliament is pressing for changes in the law to restrict exports of spy-technology to countries with poor human rights records Continue Reading
-
News
02 Feb 2018
Faster data is a safer bet for risk exposure
Betting platform service supplier FSB Technology (UK) has used GridGain’s in-memory database to support its existing PostgreSQL transactional system Continue Reading
-
News
01 Feb 2018
Industrial cyber security continues to be poor, warns report
The number of internet-accessible industrial control systems is increasing every year, researchers warn Continue Reading
-
News
01 Feb 2018
Businesses urged to patch against cryptocurrency-mining botnet
Researchers have uncovered further evidence that cyber criminals are cashing in on the popularity of cryptocurrencies, with the discovery of a global cryptocurrency-mining botnet Continue Reading
-
Opinion
01 Feb 2018
Security Think Tank: Automating basic security tasks
How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments? Continue Reading
-
News
01 Feb 2018
Dutch companies not ready for GDPR despite approaching deadline
Organisations in the Netherlands are racing towards General Data Protection Regulation compliance, but there is still much to be done Continue Reading
-
News
31 Jan 2018
Many businesses still using outdated security, says Troy Hunt
Too many businesses are using out-of-date approaches to security, a world-renowned cyber security author and trainer warns Continue Reading
-
Opinion
31 Jan 2018
Security Think Tank: Don’t automatically automate security
How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments? Continue Reading
-
News
31 Jan 2018
UK finance sector cyber security pros admit shocking practices
UK financial sector IT security teams face immense challenges that are undermining business opportunities and continuity in financial services, a survey reveals Continue Reading
-
Feature
31 Jan 2018
Navigating ASEAN’s patchy cyber security landscape
Cyber resilience remains low across Southeast Asia, a regional economic powerhouse that is increasingly susceptible to cyber threats as its digital economy grows Continue Reading
-
Opinion
30 Jan 2018
Security Think Tank: Establish best practice before automating security processes
How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments? Continue Reading
-
News
30 Jan 2018
Cyber security salaries will rise 7% in 2018, says research
Salaries for increasingly popular technology roles such as cyber security are set to rise over the next year Continue Reading
-
News
30 Jan 2018
Government surveillance regime unlawful, court rules in Tom Watson case
Appeal court ruled in favour of Labour MP Tom Watson in a legal battle with the government over the UK’s surveillance laws, leading to calls to rethink controversial Investigatory Powers Act Continue Reading
-
News
30 Jan 2018
Most online retail sites put customers at risk of phishing
Most top online retail sites fail to protect consumers from phishing attacks, a study has revealed Continue Reading
-
Opinion
29 Jan 2018
Security Think Tank: Humans and AI machines in harmony
How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments? Continue Reading
-
News
29 Jan 2018
Millennials set to disrupt authentication, shows IBM study
Young adults are lax on passwords, but are more comfortable than older generations with biometric and multifactor authentication, an IBM study shows Continue Reading
-
News
29 Jan 2018
Hefty fines confirmed for CNI providers with poor cyber security
The government has confirmed that critical infrastructure providers with poor cyber security face fines of millions of pounds as the National Cyber Security Centre publishes new guidance for the industry Continue Reading
-
News
29 Jan 2018
Business cyber crime up 63%, UK stats show
Despite an overall decrease in fraud and computer misuse in 2017, the latest Office for National Statistics (ONS) reports show that incidents involving computer misuse and malware against business are way up Continue Reading
-
News
26 Jan 2018
ICO launches data protection excellence award
UK’s privacy watchdog launches data protection excellence award to mark international Data Protection Day, as security suppliers issue data protection tips and guidelines Continue Reading
-
News
25 Jan 2018
IoT security risks need immediate action, says report
The security failings in today’s internet-connected devices will only become more pervasive unless action is taken immediately, according to industry experts Continue Reading
-
News
25 Jan 2018
Ransomware was most popular cyber crime tool in 2017
Detections of ransomware increased by more than 90% last year compared with 2016 Continue Reading
-
News
25 Jan 2018
Security spending not on most-effective controls, report reveals
While planned spending on IT security is up globally, so too are data breaches, with evidence mounting that hackers are hitting the bottom line, a global security survey reveals Continue Reading
-
News
24 Jan 2018
Most UK organisations unaware of new data protection laws
The UK’s digital and culture secretary is urging businesses and charities to prepare for stronger data protection laws in the light of new information Continue Reading
-
News
24 Jan 2018
Sweden puts government IT outsourcing under increased scrutiny
Government introduces rules to tighten security in IT outsourcing deals following a very public data leak last year Continue Reading
-
News
24 Jan 2018
Dark web Dream Market drives cyber fraud industry
An international operation shut down the AlphaBay and Hansa marketplaces in July 2017, but new ones have sprung up on the dark web, with one in particular helping to drive cyber fraud Continue Reading
-
News
23 Jan 2018
Intel recalls botched Spectre fix
The inventor of Linux, Linus Torvalds, vents his frustration and suggests Intel has no plans to fix Spectre flaw Continue Reading
-
News
23 Jan 2018
Thousands of critical systems affected by serious security flaws
Multiple and serious vulnerabilities have been found in a software management system widely used in corporate and industrial control environments, researchers warn Continue Reading
-
News
23 Jan 2018
New controversies as Trump passes US Foreign Intelligence Surveillance Act
The amended Foreign Intelligence Surveillance Act, which seeks to legitimise US surveillance on foreigners, has been signed off by president Trump Continue Reading
-
News
22 Jan 2018
Taking complexity out of cyber security
The key to improving the cyber security posture of organisations is to keep complexity at bay, according to a senior Microsoft executive Continue Reading
-
News
22 Jan 2018
Judge will take time to seek answers from EU court over Max Schrems Facebook privacy fight
The Irish High Court will take time to decide what questions to put before the European Court of Justice in a case with significant implications for EU and US trade and the privacy of EU citizens Continue Reading
-
News
22 Jan 2018
European Parliament votes to restrict exports of surveillance equipment
European Parliament votes to tighten export controls to restrict supply of surveillance and encryption technology to states with poor human rights records amid fears British companies may not have to comply after Brexit Continue Reading
-
News
22 Jan 2018
Cyber attackers exploiting trust in FTP servers
Some cyber attackers are exploiting trust in FTP servers to distribute malware, security researchers warn Continue Reading
-
News
22 Jan 2018
Powerful Zyklon malware exploiting MS Office flaws
Cyber attackers are exploiting three recently discovered vulnerabilities in Microsoft Office to spread multifunction Zyklon malware, security researchers warn Continue Reading
-
Feature
22 Jan 2018
The rights and wrongs about GDPR compliance
We explore some common myths surrounding the forthcoming General Data Protection Regulation Continue Reading
-
News
18 Jan 2018
Create security culture to boost cyber defences, says Troy Hunt
Security suffers when there is tension between software developers and security professionals, but it is common in many organisations, says world-renowned security blogger and trainer Continue Reading
-
News
18 Jan 2018
Cyber attackers upped their game in 2017, warns report
Cyber attackers ranging from criminals to nation states have upped their game in the past year, “moving the needle” in terms of tactics, techniques and procedures, a report by a cyber security firm warns Continue Reading
-
News
17 Jan 2018
North Korean hackers tied to cryptocurrency attacks in South Korea
North Korea's Lazarus Group targeted South Korean cryptocurrency exchanges and users in late 2017, but may soon go after exchanges and users in other countries, warns report Continue Reading
-
News
17 Jan 2018
Davos: Disintegration of the internet could create economic turmoil
Politicians and business leaders will discuss the risks posed by fake news, cyber attacks, and artificial intelligence to jobs, political stability and global security, at the World Economic Forum in Davos Continue Reading
-
News
16 Jan 2018
Vulnerability exploit report shows importance of patching
Latest vulnerability exploit report by security firm AlienVault shows the most popular vulnerabilities remain exploited for several years Continue Reading
-
News
16 Jan 2018
Skygofree Android spyware active since 2014, say researchers
Powerful, highly advanced spyware has been targeting Android mobiles for the past four years, security researchers have discovered Continue Reading
-
News
16 Jan 2018
Beware fake Meltdown and Spectre patches
Security experts have warned that cyber attackers will be quick to use the Meltdown and Spectre exploits, but the first attempt to capitalise on them has come in the form of fake updates Continue Reading
-
News
16 Jan 2018
Most UK enterprise mobiles not patched for Meltdown and Spectre
Very few UK enterprise mobile devices have been patched against the recently discovered Meltdown and Spectre exploits and almost a quarter cannot be patched, a study shows Continue Reading
-
News
12 Jan 2018
Call for statutory regulation of police number plate cameras amid concerns over accuracy
The UK’s automatic number plate recognition database – one the largest non-military data-gathering systems – records up to 1.2 million false readings of number plates every day. It should be subject to statutory regulation, says an independent watchdog Continue Reading
-
News
12 Jan 2018
Intel makes security-first pledge
As it scrambles to deal with the Meltdown and Spectre processor exploits, Intel has made a series of security commitments Continue Reading
-
News
12 Jan 2018
F-Secure highlights another critical Intel security issue
As Intel scrambles to issue security updates to address the Meltdown and Spectre exploits, researchers have highlighted another, unrelated, critical security issue that could affect millions of corporate laptops Continue Reading
-
Feature
11 Jan 2018
How secure are smart energy grids?
The improved efficiency of smart grids need to be weighed against the cost of security - presenting a unique opportunity for the tech sector and a new market for security companies Continue Reading
-
News
11 Jan 2018
Mobile app flaws are a risk to industrial IT systems, says report
Cyber security vulnerabilities in mobile applications could be exploited to compromise industrial network infrastructure, a report warns Continue Reading
-
News
11 Jan 2018
Nuclear weapons’ cyber attack risk relatively high, says report
With the potential for catastrophic consequences from a nuclear weapons detonation attack, it is crucial to have the most robust nuclear policies in place, says an international affairs think-tank Continue Reading
-
News
10 Jan 2018
Cyber criminals exploit Oracle WebLogic flaw
Researchers are urging companies to apply a security update to patch a flaw in Oracle’s WebLogic Server component that is being exploited to mine cryptocurrency Continue Reading
-
News
10 Jan 2018
UAE tech growth prompts firms to review internal IT security
As IT becomes more prominent in the UAE economy, more and more internal connections between people and systems are created, all of which need to be secured Continue Reading
-
News
10 Jan 2018
ICO fines Carphone Warehouse £400,000
Mobile retailer hit with one of the highest fines for putting personal data at risk as UK privacy watchdog warns that more stringent data protection laws will apply from 25 May 2018 Continue Reading
-
News
10 Jan 2018
Spectre: How reverse-engineering a microprocessor revealed a fundamental flaw
Researchers have published their work on Spectre, a flaw that affects every modern CPU. We find out what went wrong from one of the engineers Continue Reading
-
News
09 Jan 2018
Meltdown and Spectre a big deal for enterprises
Although consumers are relatively unaffected by the recently disclosed security vulnerabilities in most modern processors, enterprises need to take the threat seriously. Computer Weekly looks at how enterprise IT and security professionals should be approaching these threats Continue Reading
-
News
09 Jan 2018
Cyber attacks in 2017 drive Nordic security efforts
The volume of cyber attacks last year has increased boardroom focus on security in the Nordic region Continue Reading
-
News
09 Jan 2018
Intel to set up new group to focus on hardware security
Chip maker is reportedly planning to form a new group to focus on hardware security as it scrambles to limit the impact of recently discovered security flaws in chip designs Continue Reading
-
News
08 Jan 2018
Sweden steps up cyber defence measures
Sweden is tightening up its cyber security defences as part of a wider national security strategy Continue Reading
-
Feature
08 Jan 2018
Get tooled up to meet GDPR requirements
We look at options for tools to help organisations comply with the EU’s General Data Protection Regulation Continue Reading
-
News
05 Jan 2018
Patch systems against Meltdown and Spectre, urges ICO
UK’s data protection watchdog is calling for organisations to apply security updates to mitigate against exploits of microprocessor flaws as soon as possible to safeguard personal data Continue Reading
-
News
05 Jan 2018
2018 could be year of critical infrastructure attacks, says report
The coming year is likely to see an increase in the number of cyber attacks on critical national infrastructure (CNI), according to a report based on experts’ forecasts Continue Reading
-
News
05 Jan 2018
Apple confirms all devices affected by Meltdown and Spectre
Apple has confirmed that all iPhones, iPads and Mac computers are affected by the recently discovered microprocessor exploits as the financial services industry assesses the risk Continue Reading
-
Opinion
04 Jan 2018
Zero in on your zero-day vulnerabilities
A zero-day attack comes, by definition, out of the blue. You cannot predict its nature or assess how much damage it might cause, but you can take some basic steps to protect yourself from a potentially crippling cyber strike Continue Reading
-
News
04 Jan 2018
Meltdown and Spectre: AWS, Google and Microsoft rush to patch cloud chip flaws
Amazon, Google and Microsoft rush to fix chip flaws that could leave cloud customers at risk of having their data accessed or stolen by other users Continue Reading
-
News
03 Jan 2018
Critical Intel security patch will slow PCs, servers and Macs
AMD shares rise on news that the performance of millions of Windows PCs, Linux servers and Apple Macs is to be impacted by critical updates for a recently discovered security flaw in Intel chips manufactured in the past 10 years Continue Reading
-
News
03 Jan 2018
What the EU’s new data protection regime means for ASEAN
A large proportion of businesses in the regional economic grouping will be affected by Europe’s General Data Protection Regulation, but awareness of the new rules remains low, even in countries with existing data protection laws Continue Reading