IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
20 Jun 2025
Cyber Essentials certifications rising slowly but steadily
The number of businesses attaining the NCSC Cyber Essentials certification continues to increase, but much more can be done to raise awareness of the scheme. Continue Reading
-
News
20 Jun 2025
M&S, Co-op attacks a ‘Category 2 cyber hurricane’, say UK experts
The UK’s Cyber Monitoring Centre has published its first in-depth assessment of a major incident, reflecting on the impact of and lessons learned from Scattered Spider attacks on M&S and Co-op Continue Reading
-
News
10 Oct 2018
Detail of Dutch reaction to Russian cyber attack made public deliberately
Four Russian intelligence officials were expelled from the Netherlands after an attempted hack on the global chemical weapons watchdog. The Dutch government has been open about the detail Continue Reading
-
News
10 Oct 2018
Bug bounties not a silver bullet, Katie Moussouris warns
Targeted bug bounties have a role to play in cyber security, but they are not a "silver bullet", and run the risk of wiping out talent pipelines if poorly implemented, warns bug bounty pioneer Continue Reading
-
News
10 Oct 2018
NCSC head says attribution of GRU attacks important
The head of the UK’s National Cyber Security Centre has described the attribution of a wave of cyber attacks to Russia’s military intelligence service as “historically important” at a conference in Poland Continue Reading
-
Opinion
09 Oct 2018
Security Think Tank: Monitoring key to outcomes-based security
What is the first step towards moving from a tick-box approach to security to one that is outcomes-based, and how can an organisation test if its security defences are delivering the desired outcome? Continue Reading
-
News
09 Oct 2018
Cooperation vital in cyber security, says former Estonian minister
States acting alone cannot be efficient in cyber security and need to cooperate with others to build trust, says a former foreign minister of Estonia Continue Reading
-
News
08 Oct 2018
NCSC head calls for technocratic partnership to fix cyber risks
The UK’s National Cyber Security Centre is appealing for collaboration with the technology industry to remedy key vulnerabilities in current IT Continue Reading
-
Opinion
08 Oct 2018
Security Think Tank: Enable outcomes-based security in software development
What is the first step towards moving from a tick box approach to security to one that is outcomes based, and how can an organisation test if its security defences are delivering the desired outcome? Continue Reading
-
Opinion
05 Oct 2018
Security Think Tank: C-suite needs to drive outcomes-based security
What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome? Continue Reading
-
News
04 Oct 2018
Business email compromise made easy for cyber criminals
Poor security practices and access to hacking services are making it easy for cyber criminals to compromise business email, research reveals Continue Reading
-
News
04 Oct 2018
Apps are gateway to business data for cyber attackers
Application security is becoming increasingly important because apps are often the main way cyber attackers are getting into corporate networks, a threat researcher warns Continue Reading
-
News
04 Oct 2018
UK and allies accuse Russia of cyber attack campaign
The UK National Cyber Security Centre has identified a campaign by the Russian military intelligence service of “indiscriminate and reckless” cyber attacks Continue Reading
-
News
03 Oct 2018
Companies failing to recognise the internal cyber threat
The focus at many companies is on external cyber threats, and internal threats are being overlooked as a consequence, a researcher warns Continue Reading
-
News
03 Oct 2018
Majority of businesses believe they are open to cyber attack
More than two-thirds of businesses believe their network is open to attack, a report on the state of web application security reveals Continue Reading
-
News
03 Oct 2018
Rise in data-stealing Betabot malware
Researchers are warning about an increase in Betabot malware after detecting multiple infections in recent weeks, underlining the importance of software patching Continue Reading
-
News
03 Oct 2018
AI full of possibilities with the right tools and understanding
Artificial intelligence has the potential to assist in the analysis of data in a range of topics, but businesses need to understand its limitations and have the right tools to get the most benefit, says a Swiss entrepreneur Continue Reading
-
Opinion
03 Oct 2018
Security Think Tank: Shift to outcomes-based security by focusing on business needs
What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome? Continue Reading
-
Opinion
02 Oct 2018
Everyone, everywhere is responsible for IIoT cyber security
Cyber security in the industrial internet of things is not limited to a single company, industry or region – it is an international threat to public safety, and can only be addressed through collaboration that extends beyond borders and competitive interests Continue Reading
-
Opinion
02 Oct 2018
Security Think Tank: Start outcomes-based security with asset identification
What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome? Continue Reading
-
News
01 Oct 2018
UK firms’ password security score ‘average’
While businesses are making strides in strengthening password security, there is more work to be done, with the UK password score lagging behind the frontrunners, a survey shows Continue Reading
-
News
01 Oct 2018
Tesco Bank gets first cyber-related FCA fine
UK’s financial watchdog issues its first cyber-related fine to Tesco Bank in connection with a multimillion-pound cyber fraud in 2016 Continue Reading
-
Opinion
01 Oct 2018
Security Think Tank: Security governance key to outcomes-based approach
What is the first step towards moving from a tick-box approach to security to one that is outcomes based, and how can an organisation test if its security defences are delivering the desired outcome? Continue Reading
-
News
28 Sep 2018
Cyber attackers are increasingly exploiting RDP, warns FBI
Businesses should to act to reduce the likelihood of compromise from cyber attackers exploiting the remote desktop protocol, warns the FBI Continue Reading
-
News
27 Sep 2018
Blockchain is no ‘magic wand’ for cyber security
The decentralised nature of blockchain networks may deter some cyber crooks, but ASEAN organisations still need to pay heed to the security of their blockchain infrastructure Continue Reading
-
News
27 Sep 2018
Business is at inflection point for proactive cyber security
The time is ripe for proactive cyber security, but many organisations must first overcome four key obstacles to achieve effective protection, according to a research report Continue Reading
-
News
27 Sep 2018
Explosion in fake data-stealing shopping sites
Cyber attackers are ramping up efforts to steal personal data by setting up look-alike domains that pose a phishing risk to online shoppers, researchers warn Continue Reading
-
News
27 Sep 2018
Norwegian state discusses vulnerabilities with IT sector
Government is collaborating with the country’s IT industry to improve the availability of security expertise Continue Reading
-
News
27 Sep 2018
Replication won’t protect VMs against ransomware
Seamless replication is among the benefits of virtualisation, but many organisations fail to back up virtual machines properly Continue Reading
-
Feature
27 Sep 2018
Prepare now for quantum computers, QKD and post-quantum encryption
The predicted processing power of quantum computers is likely to make existing encryption algorithms obsolete. Quantum key distribution (QKD) is a possible solution - we investigate whether QKD is viable Continue Reading
-
News
26 Sep 2018
Financial services firms face potential security bombshell
UK financial services are facing a security crisis over outdated services and applications, a survey shows Continue Reading
-
Opinion
26 Sep 2018
Why the government should rethink the UK’s surveillance laws
The European Court of Human Rights has made clear that the Snoopers’ Charter is an unlawful violation of people’s rights and freedoms Continue Reading
-
News
25 Sep 2018
PCI DSS compliance falls despite security benefit
Despite the benefits of the payment card industry security standard, there is a concerning downward trend in compliance, a report reveals Continue Reading
-
News
25 Sep 2018
MI5 admits to ‘unlawful’ spying on Privacy International
The UK's intelligence agencies acted unlawfully by intercepting communications data on NGO, Privacy International, the UK's most secret court ruled. Continue Reading
-
News
25 Sep 2018
WannaCry and NotPetya inspiring new attacks
Designs and techniques used in 2017’s global cyber attacks have inspired a new breed of malware that exploits software vulnerabilities, according to a McAfee report Continue Reading
-
News
25 Sep 2018
Mac OS Mojave zero-day warning
The latest version of Apple’s Mac operating system contains a vulnerability that could be exploited by attackers to access protected files, a researcher warns Continue Reading
-
News
24 Sep 2018
NHS Digital hires chief information security officer
Robert Coles will lead the health and care sector’s response to cyber attacks and help local organisations meet the government’s cyber security standards Continue Reading
-
News
24 Sep 2018
Business leaders expect suppliers to ensure they are cyber secure
Most UK business leaders expect suppliers to be cyber secure and nearly a third of businesses would terminate contracts because of suppliers’ security failings, a survey has revealed Continue Reading
-
News
21 Sep 2018
Foreshadow mitigation obscures licensing impact
Performance of virtual machines could be severely affected by the workaround for Intel’s latest processor flaw. To compensate, more processors will be needed Continue Reading
-
News
19 Sep 2018
Equifax fined by ICO for security failings
The Information Commissioners Office has fined Equifax UK in relation to a data breach at its UK parent last year Continue Reading
-
News
19 Sep 2018
Europol cyber crime report highlights emerging threats to enterprise security
Research highlights increase in sophistication of ransomware attacks, while revealing details of new and emerging threats to enterprises Continue Reading
-
News
19 Sep 2018
IT sector advises Swedish government on elections and voting system
Swedish IT secure is helping the government make election systems more secure and reduce external influence Continue Reading
-
News
17 Sep 2018
Singapore government to start bug bounty programme
Singapore’s bug bounty programme will help the authorities identify cyber blind spots and benchmark its defences against skilled hackers Continue Reading
-
News
17 Sep 2018
Danske Bank invests in anti-money laundering systems following Estonian problems
Danske bank improves its anti money laundering software, utilising artificial intelligence and machine learning Continue Reading
-
Podcast
14 Sep 2018
Printing, document capture and compliance risk in the GDPR era
Printers, scanners and mobile devices that capture data from documents all store data in some way or other. How can you be sure to be compliant with GDPR with regard to that data? Continue Reading
-
Opinion
14 Sep 2018
Security Think Tank: Supplement security with an MSSP to raise the bar
What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
News
13 Sep 2018
GCHQ mass surveillance regime was in breach of human rights law, European court rules
The European Court of Human Rights in Strasbourg has ruled that the UK’s collection of bulk interception of communications data lacked adequate oversight and safeguards and was in breach of human rights law Continue Reading
-
Feature
13 Sep 2018
Outcomes-based security is the way forward
Every security technology is effective for a limited time, but understanding data assets and their value to attackers is key to effective cyber defence, according to an industry veteran of 20 years’ experience Continue Reading
-
Opinion
13 Sep 2018
Security Think Tank: Adopt a proactive approach to software vulnerabilities
What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
News
12 Sep 2018
NCSC issues core questions to help boards assess cyber risk
The National Cyber Security Centre has published its first in a series of guidance for board members which highlights what businesses should be asking security teams Continue Reading
-
News
12 Sep 2018
FCA warns it cannot manage financial crime risks without sharing data with EU
FCA admits it will be unable to manage financial crime effectively if it cannot share data with EU authorities. Continue Reading
-
News
12 Sep 2018
Two-thirds of emails not clean, says research
Two-thirds of emails don't make it to the inbox because security systems consider them unsafe, according to research Continue Reading
-
Opinion
12 Sep 2018
Security Think Tank: Four key steps to managing software vulnerabilities
What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
News
11 Sep 2018
Higher education sector's poor response to cyber threats laid bare in EfficientIP report
The 2018 EfficientIP Global DNS Report shines a light on how ill-prepared the higher education sector is for handling cyber threats Continue Reading
-
Opinion
11 Sep 2018
Security Think Tank: Four steps to managing software vulnerabilities
What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
News
11 Sep 2018
British Airways data breach: Security researchers name suspects and query attack timeline
Security researchers claim to have pinpointed the cause and perpetrators of the British Airways data breach, and also claim the attackers may have had access to its customer data for far longer than previously thought Continue Reading
-
News
11 Sep 2018
UK security vetting IT system failing, says NAO
The National Audit Office is critical of the government’s project to centralise its security vetting process, as the IT system has been plagued by failures from the start and has led to serious delays Continue Reading
-
News
10 Sep 2018
Cyber criminals outspend businesses in cyber security battle
Cybercriminals are flexing their financial might and UK organisations are facing more attacks as a result Continue Reading
-
Opinion
10 Sep 2018
Security Think Tank: Balancing cost and risk in software vulnerability management
What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
Opinion
07 Sep 2018
Security Think Tank: No shortcuts to addressing software vulnerabilities
What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
News
07 Sep 2018
North Korean programmer charged for WannaCry attacks
The US has charged a member of a group of North Korean hackers linked to the WannaCry, Sony Pictures and other cyber attacks around the world Continue Reading
-
News
07 Sep 2018
Ransomware down, but not out, report reveals
Cryptojacking has taken over from ransomware as the top money spinner for cyber criminals, but the threat is not over and spam is also seeing a resurgence as an attack method, a report reveals Continue Reading
-
News
06 Sep 2018
Chrome 69 security improvements welcomed
The cyber security community has welcomed the improvements in the latest version of the Chrome browser, especially when it comes to generating strong, unique passwords Continue Reading
-
Opinion
06 Sep 2018
Security Think Tank: How to manage software vulnerabilities
What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
News
05 Sep 2018
Half a million UK firms hit by CEO fraud, Lloyds Bank estimates
Nearly 500,000 UK businesses are being hit by impersonation fraud, according to estimations by Lloyds Bank, with the legal sector most at risk Continue Reading
-
News
05 Sep 2018
People top target for cyber attackers, report confirms
As security controls have improved, cyber attackers are increasingly focusing their efforts on people within organisations as a way into corporate IT systems, a report confirms Continue Reading
-
Opinion
05 Sep 2018
Security Think Tank: How to achieve software hygiene
What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
Opinion
04 Sep 2018
Security Think Tank: Eight controls to manage software vulnerabilities
What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
News
04 Sep 2018
UK and allies call for backdoors in encryption products
The Five Eyes intelligence alliance is calling on tech firms to include backdoors in their encrypted products to give access to law enforcement authorities or face various measures Continue Reading
-
Opinion
03 Sep 2018
Security Think Tank: Follow good practice to reduce risk of software vulnerabilities
What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
News
03 Sep 2018
Majority of UK firms not insured for data breaches
Many UK firms are not insured against information security breaches and data loss, and would have to spend £1m on average to recover from a breach, a report reveals Continue Reading
-
News
31 Aug 2018
Security Serious Week to feature flash mob event
“Flash mob” event will create a human collage, highlighting cyber security advice Continue Reading
-
News
31 Aug 2018
Fraudulent money transfers are top aim of business email compromise
Business email compromise is increasingly popular with cyber criminals to steal money and information as well as spread malware, security researchers find Continue Reading
-
News
30 Aug 2018
Cobalt cyber heist group mounts new campaign
Security researchers discover new campaign using two malicious links to double the chances of infection, which is believed to be linked to a notorious cyber crime group Continue Reading
-
News
30 Aug 2018
Machine identity management crisis looming
Managing machine identities is looming as the next big security challenge, a study reveals, with few organisations capable of protecting them as they increasingly form the basis of online communications Continue Reading
-
News
29 Aug 2018
Improving security is top driver for ISO 27001
Organisations are implementing the ISO 27001 standard in recognition of the fact that cyber attacks are increasingly inevitable and that it is best to be well-prepared to fend off attacks and mitigate their effect Continue Reading
-
News
29 Aug 2018
Security teams and C-suite exec views not aligned
There are key differences and potential challenges when it comes to security teams and C-suite executives communicating and aligning about cyber threats, a study shows Continue Reading
-
News
29 Aug 2018
IT leaders at a crossroads as they grapple with digital technology
CIOs have the opportunity to influence their company strategy as digital technology reshapes business. A survey of CIOs across 70 countries charts a path for IT leaders through emerging technologies Continue Reading
-
News
28 Aug 2018
Cyber attackers switching to covert tactics
Cyber criminals are moving away from mass, high-profile attacks to ones that are stealthy and more subtle – as well as attacks targeting systems typically used in critical infrastructure, researchers say Continue Reading
-
Opinion
28 Aug 2018
Information security risk – keeping it simple
Organisations should start with risk management to understand information security risks and communicate them better internally Continue Reading
-
News
28 Aug 2018
Sharp rise in business email compromise
Cyber attackers are expanding their attack methods to steal money and to gain access to corporate and employee data, a report reveals Continue Reading
-
News
24 Aug 2018
UK universities targeted by Iranian hackers
UK universities are among those targeted by a cyber threat group associated with the Iranian government Continue Reading
-
News
24 Aug 2018
North Koreans add Mac OS to cryptocurrency-stealing malware attacks
A North Korean hacking group is targeting cryptocurrency exchanges using Trojanised cryptocurrency trading software designed for both Microsoft’s Windows and Apple’s Mac OS, say researchers Continue Reading
-
News
23 Aug 2018
Apache Struts users urged to update due to new security flaw
Another security flaw has been discovered in the Apache Struts, which was at the heart of the massive Equifax data breach in 2017 Continue Reading
-
News
23 Aug 2018
Councils at risk from unsupported Windows Server and SQL Server
Some local authorities are using unsupported server software, while others are not paying for extended support Continue Reading
-
News
22 Aug 2018
European cloud adopters still lack basic security
Despite outpacing the rest of the world, the majority of organisations adopting cloud in Europe, the Middle East and Africa lack basic security, a report reveals Continue Reading
-
News
22 Aug 2018
Superdrug denies data breach
Superdrug has warned online customers it believes may have had personal details exposed, but claims its systems were not compromised, in what could be the first GDPR-related extortion attempt Continue Reading
-
News
21 Aug 2018
New Zealand to run national cyber security exercise
The island-nation will test the resilience of its critical infrastructure in November 2018, bringing together multiple agencies to protect assets of national significance Continue Reading
-
News
21 Aug 2018
Online crime costs more than $1m a minute
More than $1m is lost to cyber crime every minute, a report reveals, underlining the increasing and significant threats businesses face online Continue Reading
-
News
21 Aug 2018
Retail and finance top cyber targets
Retail and finance remain the top cyber attack targets, but the second quarter also saw a spike in attacks against the manufacturing industry and an increase in remote desktop attacks, a report reveals Continue Reading
-
News
21 Aug 2018
Malaysia’s financial sector warms up to cloud, but lacks security leadership
Almost two-thirds of Malaysia’s financial services firms are developing a cloud strategy, but not all have a security plan in place Continue Reading
-
Opinion
20 Aug 2018
AI: Black boxes and the boardroom
Computers can and do make mistakes and AI is only as good its training so relying purely on machine intelligence to make critical decisions is risky Continue Reading
-
News
17 Aug 2018
ASEAN firms need to overcome DevOps hurdles
Southeast Asia has had pockets of success with DevOps, but most organisations across the region will need to overcome cultural and legacy challenges to succeed Continue Reading
-
News
16 Aug 2018
Global infosec spending to top $114bn in 2018, says Gartner
The need for improved detection, response and privacy is driving the demand for security products and services in response to security risks, business needs and industry changes, Gartner reveals Continue Reading
-
Feature
16 Aug 2018
Inside DevOps, containers and enterprise security
Global corporates are waking up to containers and orchestrated containerisation for software development that is fast and safe. Computer Weekly looks at the best approach to ensure security is not compromised along the way Continue Reading
-
News
16 Aug 2018
Google Chrome flaw puts privacy at risk
Imperva security researcher urges Google Chrome users to update to the latest version after discovering a vulnerability that could be exploited to uncover private data Continue Reading
-
News
15 Aug 2018
The National Archives deploys Egress to support FoI requests
Egress Secure Workspace is being used by the Advisory Council for The National Archives, who require a collaboration environment to assess FoI requests Continue Reading
-
News
15 Aug 2018
ICS security at risk in key verticals, report shows
The security of industrial control systems (ICS) is at risk in key verticals due to under staffing, under investment and human error, a report reveals Continue Reading
-
News
15 Aug 2018
Intel releases fix for latest chip security flaws
Businesses and consumers are advised to download security updates from Intel for new security flaws that could allow attackers to access protected data, but some cloud providers could see a performance impact Continue Reading
-
News
14 Aug 2018
Businesses urged to patch Microsoft flaw allowing MFA bypass
Security researchers are urging enterprises to update their software after the discovery of a vulnerability that could undermine the security provided by multifactor authentication Continue Reading
-
Opinion
14 Aug 2018
Security Think Tank: Outsource security operations, not control
What critical security controls can be outsourced and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately? Continue Reading
-
E-Zine
14 Aug 2018
Cyber attackers target infrastructure
In this week’s Computer Weekly, we find out about the growing sophistication of cyber attackers who specialise in industrial control systems. They are fast, efficient and able to move between IT and OT environments. We also discover how few businesses in general are reporting cyber crime, as they should. The issue also tracks Google’s playing court to the C-suite, with respect to cloud computing. Read the issue now. Continue Reading