IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
Opinion
01 May 2025
Explaining what’s happening in a cyber attack is hard but crucial
The recent attacks on Marks & Spencer, Harrods and the Co-op show why it is essential for organisations to have a strategy to communicate effectively with customers affected. Continue Reading
-
Opinion
01 May 2025
Signalgate: Learnings for CISOs securing enterprise data
A leak of information on American military operations caused a major political incident in March 2025. The Security Think Tank considers what can CISOs can learn from this potentially fatal error. Continue Reading
-
News
31 Oct 2017
Cyber security professionals urged to embrace AI and automation
IBM security intelligence head says professionals should embrace artificial intelligence and automation to ensure they do not become obsolete Continue Reading
-
News
26 Oct 2017
NAO calls on NHS to ‘get its act together’ after WannaCry attack
The NHS could have prevented the WannaCry cyber attack had it followed basic IT security best practice, according to National Audit Office boss Continue Reading
-
News
26 Oct 2017
IOActive warns of security flaws in maritime communication system
Researcher discovers critical security flaws in an Inmarsat maritime communication system, highlighting the cyber risks facing the shipping industry Continue Reading
-
News
25 Oct 2017
Oversight of intelligence agencies’ data sharing has ‘failed’, court hears
UK’s intelligence services lack adequate oversight and written guidelines when sharing databases of sensitive information, Privacy International argues in secret court Continue Reading
-
Opinion
25 Oct 2017
A history of hacking and hackers
A security professional’s view on criminal hacking has shifted away from the traditional stereotype of the hacker, towards a much more diverse cross-section of wider society Continue Reading
-
News
25 Oct 2017
Bad Rabbit malware raises fears of third global ransomware attack
A ransomware attack that has commonalities with WannaCry NotPeya is reportedly hitting organisations in Russia, Ukraine, Turkey, Bulgaria and Germany Continue Reading
-
News
19 Oct 2017
IT security hindering productivity and innovation, survey shows
IT security is hindering productivity and innovation across enterprises, research has revealed Continue Reading
-
News
19 Oct 2017
Infoblox partners with McAfee to combine web and DNS security
Infoblox is to collaborate with McAfee to combine web and DNS security to deliver unified protection Continue Reading
-
News
18 Oct 2017
McAfee forges ahead with analytics, deep learning and AI
McAfee is forging ahead with its innovation efforts in advanced analytics, deep learning and artificial intelligence Continue Reading
-
News
18 Oct 2017
Focus needs to shift to breach impact, says McAfee researcher
Breach investigations commonly focus on the attackers and their motives, but a security researcher believes there needs to be more emphasis on business impact Continue Reading
-
News
17 Oct 2017
RSA’s Middle East cyber security conference gains its own identity
RSA Abu Dhabi conference focuses on region’s cyber security needs as digital technology deployments expand Continue Reading
-
News
17 Oct 2017
UK intelligence agencies ‘unlawfully’ sharing sensitive personal data, court hears
A secret court will decide whether Intelligence agencies are “unlawfully” sharing huge datasets containing sensitive information about the population with industry, government departments and overseas intelligence services. Continue Reading
-
News
16 Oct 2017
Pizza Hut data breach shows need for board control
The poor handling of the data breach by fast food chain Pizza Hut shows that company boards need to take control, a London-based law firm advises Continue Reading
-
News
16 Oct 2017
SMEs more vulnerable than ever to cyber attacks, survey shows
The biggest cyber threat to UK and US small businesses is employees’ weak passwords, as the frequency, intensity and cost of cyber attacks continue to rise, a study has revealed Continue Reading
-
E-Zine
12 Oct 2017
CW Middle East: Internet of things can help Gulf countries to diversify
The Middle East’s push towards economic diversification is driving innovation in internet of things (IoT) applications for emerging services sectors, such as transport and logistics, telecommunications, financial services and tourism. Also read how the Dubai Health Authority is rolling out Salama, a unified electronic medical record (EMR) system, and a survey shows organisations in the Middle East are not offering IT staff enough training and don’t employ enough women in IT. Continue Reading
-
News
11 Oct 2017
Dutch government agreement increasingly focuses on IT security
The coalition government in the Netherlands has agreed its plan for the next four years, with IT security prominent Continue Reading
-
News
10 Oct 2017
Global cyber security collaboration initiative launched in Krakow
Cyber security ecosystems around the world have launched an initiative aimed at strengthening collaboration between regional ecosystems Continue Reading
-
News
05 Oct 2017
Singapore’s public sector finds agility and speed in AWS
City-state’s government has been able to meet peak demands and address security issues through a cloud-based web-hosting platform powered by Amazon Web Services Continue Reading
-
News
04 Oct 2017
How Australia is tackling cyber crime
Telcos such as Telstra and industry associations in Australia are chipping in to help enterprises that are being targeted by cyber criminals with phishing and social engineering exploits Continue Reading
-
Feature
28 Sep 2017
Where the device hits the network – a mobile device management update
As business becomes increasingly mobile, we look at the latest trends in mobile device management to give businesses the edge Continue Reading
-
News
28 Sep 2017
WannaCry an example of pseudo-ransomware, says McAfee
The global WannaCry and NotPetya attacks were both examples of pseudo-ransomware, according to McAfee researchers Continue Reading
-
News
27 Sep 2017
Global hacker botnet tops 6 million hijacked devices
A year after the first Mirai botnet attacks, the global botnet has grown, with many countries and cities unwittingly hosting large number of bot-infected devices Continue Reading
-
News
26 Sep 2017
Mac OS passwords at risk of theft, researcher warns
Some Apple Mac users are at risk of password theft due to a zero-day vulnerability discovered in some versions of the operating system Continue Reading
-
News
25 Sep 2017
Cage director found guilty of terrorism offence after refusing to disclose passwords
Muhammad Rabbani, international director of Cage, is convicted of an offence under the terrorism act after refusing to disclose his mobile phone PIN and laptop password under Terrorism Act Continue Reading
-
News
25 Sep 2017
NotPetya attack cost up to £15m, says UK ad agency WPP
Advertising giant was one of many companies hit in June 2017 by malware distributed through Ukrainian accounting software Continue Reading
-
News
22 Sep 2017
Malware hidden in CCleaner targeted tech firms
Major tech firms were targeted by malware hidden in Avast’s Piriform CCleaner software, researchers have found, leading to speculation that it may have been state-sponsored espionage attack Continue Reading
-
News
22 Sep 2017
Nation-state actors responsible for most cyber attacks
Companies of all sizes may find themselves faced with highly capable state-sponsored cyber attacks, but steps can be taken to shore up defences Continue Reading
-
News
20 Sep 2017
Most UK councils hit by cyber attacks
A study has revealed that most UK local authorities have suffered cyber attacks in the past year, showing local government is a key target for cyber criminals and that legacy software is a top security concern Continue Reading
-
News
20 Sep 2017
Cyber crime a significant risk to individuals and organisations
Cyber crime is still a significant risk to individuals and organisations, a report claims, with the top threats including business email compromise, ransomware, and banking and mobile malware Continue Reading
-
News
14 Sep 2017
Government aligns data laws with GDPR
The UK government announces details of its data protection law that will align with the EU’s GDPR Continue Reading
-
E-Zine
14 Sep 2017
CW Europe: The Macedonian surveillance scandal that brought down a government
In this issue, we look at evidence that Macedonia may have been running covert internet surveillance using sophisticated software supplied by a western technology company. We also look at how politics is changing IT buying habits in France, with French CIOs looking at alternatives to storing data with US-based suppliers as a result of one of President Trump’s executive orders. Download the issue now. Continue Reading
-
News
12 Sep 2017
Government wants to remain in EU cyber security club after Brexit
The UK government wants to maintain deep links with the European Union’s cyber security working groups following Britain’s exit from the bloc in 2019 Continue Reading
-
News
05 Sep 2017
People with non-IT backgrounds could help fill cyber security skills gap
Organisations should look to fill cyber security roles with people who are curious and have work experience rather than focusing solely on graduates Continue Reading
-
News
30 Aug 2017
Researcher finds over 711 million compromised email accounts
A security researcher has discovered a spambot using more than 711 million compromised email accounts to spread data-stealing malware Continue Reading
-
News
25 Aug 2017
Security professionals name top causes of breaches
Security professionals have named the top reasons for successful cyber attacks, which are affecting more than half of organisations Continue Reading
-
E-Zine
24 Aug 2017
CW Nordics: Banks and startups increase collaboration
First they were deemed a threat, now they are potential partners. According to a new report by Nordic accelerator Fintech Mundi, banks are increasingly turning to financial technology (fintech) startups in their hunt for new ideas and market opportunities. Also in this issue, read now Baker Brun, a bakery company in Norway, is modernising its business processes through the latest technologies, and hear how Stockholm’s CIO is relishing the challenge of trying to make the Swedish capital the smartest city in the world. Continue Reading
-
E-Zine
22 Aug 2017
How banking technology has changed since the crash
In this week’s Computer Weekly, 10 years after the financial crash, we examine how banking technology has changed as a result of the economic crisis. We look at how GDPR, the EU’s new data protection laws, will affect your data storage strategies. And we ask if the cryptocurrency boom will remain a niche pursuit or whether the underlying technologies can bring benefits for enterprise IT. Read the issue now. Continue Reading
-
News
21 Aug 2017
NotPetya highlights cyber risk in shipping industry
Malware attack has shown that the shipping industry is vulnerable to cyber attacks, with Danish shipping giant Maersk reporting potential cost of up to $300m Continue Reading
-
News
17 Aug 2017
Developers lack skills needed for secure DevOps, survey shows
The growing demand for developers with security skills is outpacing supply, but a survey reveals that a lack of formal security education and training by employers is contributing to the growing skills gap Continue Reading
-
News
16 Aug 2017
NotPetya attack cost up to $300m, says Maersk
Danish shipping line Maersk estimates that the NotPetya cyber attack in June cost the company up to $300m Continue Reading
-
News
16 Aug 2017
Hackers hit Holyrood with Westminster-style brute-force attack
The Scottish parliament has been hit by a cyber attack similar to the one that struck Westminster in June Continue Reading
-
News
15 Aug 2017
Leaked SMB exploits make malware powerful, warns Cylance
Four key exploits at the heart of hacking tools leaked by the Shadow Brokers have given malware authors a lot of power, say security researchers Continue Reading
-
News
11 Aug 2017
Malicious email spikes in Q2, reports Proofpoint
Malicious email campaigns saw a spike in volume and increased variety in the second quarter of 2017, a cyber security report reveals Continue Reading
-
News
10 Aug 2017
IT pros urged to support ‘WannaCry hero’ Marcus Hutchins
Computer experts fear chilling effect on security research over US arrest of Marcus Hutchins who halted the spread of the WannaCry ransomware Continue Reading
-
E-Zine
10 Aug 2017
CW Benelux: IoT Tech Day showcases innovation
Read about this year’s IoT Tech Day in Utrecht, Netherlands, which featured hobby projects such as light-sensing curtains that automatically open and close, but also showed that the IoT is growing up to encompass more serious applications. Also read about the lessons to be learned from the ‘Petya’ ransomware attack that has hit 60 countries, and find out how Dutch railway stations are monitoring the movement of travellers to reduce people jams. Continue Reading
-
News
07 Aug 2017
Gaming apps ‘main source’ of mobile phishing attacks, research shows
Analysis of 100,000 corporate devices shows more than a quarter of traffic going to phishing domains was from gaming apps Continue Reading
-
News
03 Aug 2017
Ransom DDoS attacks on the rise
The use of distributed denial of service (DDoS) attacks to extort money from organisations is on the rise, warns security firm Kaspersky Lab Continue Reading
-
E-Zine
01 Aug 2017
The fields of Athenry – how Apple’s datacentre plans are causing turmoil in a small Irish town
In this week’s Computer Weekly, we look into Apple’s controversial plans to build a huge datacentre in a small town in the west of Ireland, and hear the local arguments it has caused. We find out how the Met Office is managing the vast quantities of data it uses for weather forecasting. And we examine Google plans to bring artificial intelligence tools to the job recruitment market. Read the issue now. Continue Reading
-
News
01 Aug 2017
Why Facebook’s AI termination raises safety concerns
Revelations that researchers at Facebook had to switch off two bots that went rogue have raised questions about the safety of artificial intelligence Continue Reading
-
News
28 Jul 2017
CIA hacking tools for Mac OS and Linux exposed by WikiLeaks
WikiLeaks has exposed hacking tools targeting the Mac and Linux operating systems in the latest of its series of leaks allegedly from the US Central Intelligence Agency Continue Reading
-
News
25 Jul 2017
Big data means big risk, Swedish Transport Agency leak shows
The Swedish Transport Agency exposed sensitive information by transferring its databases to a third party cloud provider without following data protection procedures Continue Reading
-
News
24 Jul 2017
Tech disruption forces CEOs to rethink leadership
Headline figures from KPMG’s Outlook 2017 survey of 1500 CEOs shows that 40% expect technology innovation to cause major disruption Continue Reading
-
News
20 Jul 2017
Retail data breaches still high as GDPR deadline looms
As the EU’s General Data Protection Regulation compliance deadline approaches, retail data breaches remain unacceptably high, a data threat report reveals Continue Reading
-
E-Zine
19 Jul 2017
CW ANZ: Cyber security plan bears fruit
Australia’s Cyber Security Strategy, aimed at protecting citizens, companies and critical infrastructure, has made significant headway over the past year, but the jury is still out on its long-term impact. In this month’s CW ANZ, we take a look at the progress of Australia’s national cyber security blueprint and what else needs to be done to better protect Australia’s interests in the global cyber security landscape. Also, read about what the Australian government is doing to better guard public sector IT systems against cyber attacks. Continue Reading
-
E-Zine
19 Jul 2017
CW ASEAN: Stay alert to threats
With cyber threats intensifying in recent years, from the global outbreak of ransomware to intrusions of university networks to access government data, the role of threat intelligence in anticipating and mitigating threats has become more important than ever. In this month’s CW ASEAN, learn how organizations can make the most out of threat data feeds in an intelligence-driven security strategy. Also, find out how companies can navigate the ominous cyber threat landscape by investing in cyber security technology and processes. Continue Reading
-
News
19 Jul 2017
Newcastle council data leak shows need for security automation
Leak of child adoption information by Newcastle City Council resulted from accidental email attachment by employee Continue Reading
-
E-Zine
18 Jul 2017
Airbus helps secure critical infrastructure
In this week's ezine, Computer Weekly explores how to secure industrial control systems, which have often lagged behind the leading edge of IT security and pose serious risks to critical national infrastructure. Airbus believes that despite the vulnerabilities of individual components, industrial control systems as a whole are quite resilient. We also speak to the head of technology at Centrica about how the utility company is becoming a specialist provider of data lake integration tools, and we explore the 802.11ac Wave 2 standard. Continue Reading
-
News
17 Jul 2017
IBM claims breakthrough in mainframe encryption
IBM says its new mainframe ushers in a new era of data protection in response to a call to action from chief information security officers and security experts worldwide Continue Reading
-
News
13 Jul 2017
Encryption keys too predictable, warn security researchers
Encryption keys are not as random as most people think, which means encrypting data is often not as secure as it could be, according to security researchers Continue Reading
-
E-Zine
13 Jul 2017
CW Middle East: How women can fill the tech skills gap
The growth of the IT sector continues to drive both innovation and employment in the Gulf, but women – as with all industries in the region – are under-represented in technology by significant margins, and could help to fill the tech skills gap. Also in this issue, read about growing threats in Saudi Arabia’s cyber sector, and how Dubai is becoming a world leader in smart city developments. Continue Reading
-
News
13 Jul 2017
Verizon denies data loss but admits potentially huge breach
Verizon has responded to reports of millions of customer records being exposed to the internet by saying no data was accessed by malicious third parties, but the incident raises thorny issues Continue Reading
-
News
13 Jul 2017
What Singapore can learn from Israel’s cyber security playbook
A former Unit 8200 captain from the Israel Defense Forces shares what Singapore can learn from Israel’s approach to cyber security Continue Reading
-
Opinion
12 Jul 2017
Criminal law: Are Twitter threats taken seriously?
As threats of violence become increasingly common online, law enforcement is taking stronger action against the perpetrators Continue Reading
-
News
06 Jul 2017
Kaspersky researcher in Asia develops cyber forensics tool
The open source tool lets cyber forensics investigators access infected machines remotely to collect malware artefacts without compromising system integrity Continue Reading
-
Feature
30 Jun 2017
Why immutable buckets are a worthy risk management tool
Immutable buckets offer businesses benefits in terms of data compliance, backup, archiving and security Continue Reading
-
News
30 Jun 2017
Danish shipping giant Maersk recovering from major Petya cyber attack
Company confirms attack took down its IT system across multiple sites and business units, but has now been contained Continue Reading
-
Opinion
29 Jun 2017
Security Think Tank: Focus on high risk by automating low-risk patching
How should organisations address the need to keep software up to date with security patches without it costing too much or being too labour intensive? Continue Reading
-
News
29 Jun 2017
Key lessons from ‘Petya’ ransomware attack
While the cyber security community is still working to understand the latest ransomware attack that has reportedly hit 60 countries, there are key lessons to be learned Continue Reading
-
Opinion
29 Jun 2017
Security Think Tank: Patching is vital and essentially a risk management exercise
How should organisations address the need to keep software up to date with security patches without it costing too much or being too labour intensive? Continue Reading
-
News
28 Jun 2017
Singapore authorities issue alert on Petya ransomware
The country’s emergency response team has called for users to boost their cyber defences as the Petya ransomware rages through IT systems in Asia and Australia Continue Reading
-
News
21 Jun 2017
Microsoft admits Windows 10 disables third-party security software
Microsoft has admitted Windows 10 disables some third-party security software, but claims this is purely because of compatibility issues Continue Reading
-
News
21 Jun 2017
Pirated software used to spread malware in APAC
A regional study by a Singapore university has found that counterfeit software distributed through discs and file-sharing networks is plagued by malware Continue Reading
-
News
20 Jun 2017
Web hosting firm agrees to pay $1m ransomware demand
South Korean hosting firm Nayana agrees to pay more than $1m to restore data that was encrypted by a ransomware attack on its Linux servers on 10 June 2017 Continue Reading
-
Feature
20 Jun 2017
What it takes for the internet of things to take off in ASEAN
Besides lowering adoption costs, an ecosystem of governments, technology suppliers and telcos is necessary for the internet of things to flourish in Southeast Asia Continue Reading
-
News
19 Jun 2017
Abu Dhabi uses surveillance tech to protect Grand Prix
Police use surveillance technology and monitoring software to ensure public safety when Formula One visits the UAE each year Continue Reading
-
Feature
19 Jun 2017
The Macedonian surveillance scandal that brought down a government
Macedonia has been accused of using surveillance technology for covert spying - the subsequent political protests were instrumental in the ruling party losing power after 10 years Continue Reading
-
News
16 Jun 2017
Australia’s decryption plan seen as untenable
Experts say efforts to get technology and social media firms to cooperate with the authorities in decrypting communications will be hard to achieve Continue Reading
-
News
16 Jun 2017
10 ways to prevent breaches and minimise impact
Attackers are continually adapting to security technologies to fly under the radar, but taking action in 10 key areas can reduce the risk of breaches and minimise their impact, according to a resilience expert Continue Reading
-
News
14 Jun 2017
SAP users look to software suppliers to help with fast-approaching GDPR
An SAP UK and Ireland user group survey has found user organisations crying out for help as GDPR approaches, with cloud delivery a special concern Continue Reading
-
News
14 Jun 2017
Microchips implanted in hands could be in use for payments in 20 years
UK consumers are becoming more accepting that biometric authentication will become the norm for payments Continue Reading
-
E-Zine
13 Jun 2017
Tips for buying hyper-converged systems
In this week’s Computer Weekly, we examine the growing market for hyper-converged infrastructure - combining processing, storage and networking into an integrated design - and assess the options available to IT leaders. We ask mature users of the cloud what’s next for their migration to off-premise systems. And we analyse how retail supply chains are developing to keep up with online and mobile shopping trends. Read the issue now. Continue Reading
-
News
09 Jun 2017
Infosec17: Society needs to address encryption dilemma
There needs to be a discussion about how to balance the interests of privacy, security and the tech industry, says Infosecurity Europe Hall of Fame inductee Continue Reading
-
News
08 Jun 2017
Islamic State supporters shun Tails and Tor encryption for Telegram
Confidential communications show terror group’s supporters are turning to simple mobile phone messaging apps to exchange messages and distribute propaganda Continue Reading
-
Opinion
07 Jun 2017
Rethink risk through the lens of antifragility
Antifragility is an exciting alternative that fuses value and risk, and CIOs and IT executives are well positioned to help Continue Reading
-
News
06 Jun 2017
Mainframe blindspots expose companies to insider threats
More than three-quarters of CIOs say their mainframe is more secure than other systems, but most admit they are still exposed to insider threats Continue Reading
-
News
06 Jun 2017
UK firms stockpiling bitcoins for ransomware attacks
Large UK firms are prepared to pay out more than £136,000 on average to cyber criminals who launch ransomware attacks, a survey has revealed Continue Reading
-
News
01 Jun 2017
Enterprises struggle with emergency patching
Companies are struggling to maintain emergency patch cycles, despite the fact that enterprise reliance on legacy systems often means emergency patches are an everyday fact of life, a survey shows Continue Reading
-
News
31 May 2017
WannaCry shows validity of risk-based security, says RSA head
WannaCry and other recent cyber attacks underline the importance of adopting a risk-based approach to security, says RSA president Continue Reading
-
News
31 May 2017
Shadow Brokers prepares zero-day subscription service
Businesses may face an onslaught of zero-day attacks soon as the group that leaked the NSA exploits used in the WannaCry ransomware attacks prepares to release more stolen code Continue Reading
-
News
26 May 2017
People can be strongest link in cyber security, says NCSC
People are often seen as the weakest link when it comes to cyber security, but that must change, says the National Cyber Security Centre Continue Reading
-
News
26 May 2017
EternalRocks author throws in the towel after media attention
Security researcher who discovered worm that could have bigger impact than WannaCry says the author seems to have given up Continue Reading
-
E-Zine
25 May 2017
CW Nordics: The trouble with connected things
In this issue, Finnish cyber security expert Mikko Hyppönen talks about security in the Nordics, Russia and the trouble with connected devices. Also read how Icelandic airline Wow Air averted disaster through the use of application performance monitoring software when it embarked on a major expansion. And find out how, since December 2015, anyone playing popular sandbox game Minecraft has been able to build their worlds on the actual map of Sweden. Continue Reading
-
News
24 May 2017
Singapore government to spend S$2.4bn on technology initiatives
Funding will go towards building a national sensor platform, boosting the government’s cyber security capabilities and driving the use of robots Continue Reading
-
News
24 May 2017
Interview: Nick Bleech, head of information security, Travis Perkins
Last year, Travis Perkins implemented Splunk to help it to respond more quickly to security threats. Now, the business is looking into machine learning and a single customer view Continue Reading
-
News
23 May 2017
Economic and political uncertainty drives organisations to rethink IT strategies
CIO job satisfaction reaches a three-year high as organisations hire more IT staff and invest in innovative digital technology Continue Reading
-
News
23 May 2017
EternalRocks worm combines seven leaked NSA attack tools
Hard on the heels of the WannaCry ransomware attacks, a researcher has found a worm that combines four NSA exploits and associated attack tools, including EternalBlue used by WannaCry Continue Reading
-
E-Zine
23 May 2017
Global ransomware attack could be a security wake-up call
In this week’s Computer Weekly, we look at the global WannaCry ransomware attack that struck the NHS and spread across 150 countries – will it be the wake-up call that finally makes organisations take cyber security seriously? We find out how Moscow is leading the way in smart city digitisation. And our latest buyer’s guide examines customer experience management. Read the issue now. Continue Reading
-
News
22 May 2017
Windows 7 accounts for most WannaCry infections
Statistics show that computers running Windows 7 accounted for the biggest proportion of machines infected with the WannaCry ransomware, while NHS suppliers are blamed for hampering patching by NHS trusts Continue Reading
-
News
19 May 2017
Command and control communications key to detecting threats
Malware command and control (C&C) communications are key to detecting advanced threats, according to a security researcher Continue Reading
-
News
18 May 2017
Strong cyber security posture reduces impact of breaches
There is a direct correlation between data breaches and falls in stock prices, but the impact is lighter on companies with good cyber security, a study has revealed Continue Reading