IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
Opinion
22 Apr 2025
Beyond baselines - getting real about security and resilience
In an increasingly contested world, the UK government needs a security certification that goes beyond baseline measures. Continue Reading
-
News
22 Apr 2025
AI-powered APIs proving highly vulnerable to attack
The growth of AI is proving a double-edged sword for API security, presenting opportunities for defenders to enhance their resilience, but also more risks from AI-powered attacks, according to report Continue Reading
-
News
27 Oct 2023
Google launches bug bounties for generative AI attack scenarios
Google expands its bug bounty programme to encompass generative AI and takes steps to grow its commitment to supply chain security as it relates to the emerging technology Continue Reading
-
News
27 Oct 2023
Germany: European Court opinion kicks questions over EncroChat back to national courts
Germany lawfully obtained data on German EncroChat users from France, but whether the evidence is legally admissible is a matter for national courts Continue Reading
-
News
26 Oct 2023
ChatGPT, Bard, lack effective defences against fraudsters, Which? warns
Consumer advocacy Which? warns that popular generative AI tools are vulnerable to loopholes that render existing protections against malicious usage easily bypassed Continue Reading
-
News
26 Oct 2023
Sunak sets scene for upcoming AI Safety Summit
Prime minister Rishi Sunak has outlined how the UK will approach making AI safe, but experts say there is still too big a focus on catastrophic but speculative risks over real harms the technology is already causing Continue Reading
-
News
26 Oct 2023
Boardrooms losing control in generative AI takeover, says Kaspersky
C-suite executives are increasingly fretful about what they perceive as a ‘silent infiltration’ of generative AI tools across their organisations Continue Reading
-
News
25 Oct 2023
Demystifying the top five OT security myths
Goh Eng Choon, president of ST Engineering’s cyber business, outlines the common myths around OT security in a bid to raise awareness of the security challenges confronting OT systems Continue Reading
-
Definition
25 Oct 2023
integrated risk management (IRM)
Integrated risk management (IRM) is a set of proactive, businesswide practices that contribute to an organization's security, risk tolerance profile and strategic decisions. Continue Reading
-
News
24 Oct 2023
Research team tricks AI chatbots into writing usable malicious code
Researchers at the University of Sheffield have demonstrated that so-called Text-to-SQL systems can be tricked into writing malicious code for use in cyber attacks Continue Reading
-
Opinion
24 Oct 2023
The new data landscape: how will the new UK-US data bridge affect businesses?
With the UK-US data bridge coming into effect on 12 October 2023, find out what steps your organisation can take to take advantage of, and remain compliant with, the new framework Continue Reading
-
News
24 Oct 2023
Suzy Lamplugh Trust treads path to improved cyber resilience
Personal safety charity enlists the support of the London Cyber Resilience Centre to improve staff awareness and strengthen its overall cyber resilience Continue Reading
-
News
24 Oct 2023
NetApp ‘unified storage’ adds new ASA block storage at Insight
Las Vegas event sees NetApp continue its evolution to hybrid cloud and data management player announce ASA C-series and Keystone and Kubernetes storage enhancements Continue Reading
-
News
23 Oct 2023
How Ensign is leading the charge in cyber security
Lee Fook Sun, chairman of Ensign InfoSecurity, traces the company’s journey and how it is leading the charge in cyber security by doing things differently, investing in R&D and engaging with the wider ecosystem Continue Reading
-
News
20 Oct 2023
Computer Weekly contributor named Godfather of UK Security
Advent IM founder Mike Gillespie was among those honoured at the eighth annual Security Serious Unsung Heroes Awards Continue Reading
-
Feature
20 Oct 2023
Five key questions about disaster recovery as a service
Disaster recovery as a service builds recovery data and systems into the cloud, accessible from anywhere. We look at the difference vs cloud backup, DRaaS use cases, the cost, and the firms that provide it Continue Reading
-
E-Zine
20 Oct 2023
CW APAC: Buyer’s guide to IAM
Identity access management tools are proving pivotal in the race to outwit cyber criminals. In this handbook, focused on IAM in the Asia-Pacific region, Computer Weekly takes a closer look at their capabilities, CyberArk’s growth, the uses of automation and how ForgeRock enhances user experience. Continue Reading
-
News
19 Oct 2023
Nuclear regulator raps EDF over cyber compliance
The Office for Nuclear Regulation says EDF has come up short on needed measures to improve cyber security standards at several critical UK nuclear facilities Continue Reading
-
News
19 Oct 2023
Sellafield local authority unsure if data was stolen six years on from North Korea ransomware attack
Senior managers at an ‘Achilles heel’ local authority for Europe’s biggest nuclear site ‘still don’t know what was lost’ in a 2017 cyber attack, according to a council source Continue Reading
-
Opinion
19 Oct 2023
DORA: Moving into a new era of digital resilience
The EU’s Digital Operational Resilience Act will come into force in just over a year, the majority of risk management professionals are only at the beginning of their planning journey. Kate Needham-Bennett of Fusion Risk Management explains how to get things moving Continue Reading
-
News
18 Oct 2023
What are the cyber risks from the latest Middle Eastern conflict?
The outbreak of war between Hamas and Israel in October 2023 has seen a wide variety of accompanying cyber attacks from hacktivists and other groups. We look at the risks to organisations Continue Reading
-
News
17 Oct 2023
Five Eyes issues five tips on thwarting nation state threats
Intelligence chiefs from the UK, Australia, Canada, New Zealand and the US have published guidance on building resilience against nation state cyber threats Continue Reading
-
Definition
17 Oct 2023
speculative risk
Speculative risk is a type of risk the risk-taker takes on voluntarily and will result in some degree of profit or loss. Continue Reading
-
News
17 Oct 2023
Hacktivist attacks against Israeli websites mirror attacks following Russian invasion of Ukraine
Hacktivists supporting Gaza and Palestine have launched hundreds of website defacement attacks against Israeli websites, mirroring the pattern of attacks that occurred after Russia’s invasion of Ukraine Continue Reading
-
News
17 Oct 2023
What it takes to succeed in DevSecOps
Providing engineering leadership and balancing between speed and security are some areas that organisations will need to focus on in their DevSecOps journey Continue Reading
-
News
13 Oct 2023
US SEC launches probe into mass MOVEit breach
Progress Software is facing an investigation from the SEC for the breach of its MOVEit tool, as well as dozens of legal battles resulting from the exfiltration of personal data from the roughly 2,000 organisations affected Continue Reading
-
News
10 Oct 2023
MGM faces £100m loss from cyber attack on its casinos
MGM Resorts has provided further details on the fallout of the hack targeting its casinos in early September, confirming that a range of personal information has been stolen and that it will likely cost the firm around $100m Continue Reading
-
News
05 Oct 2023
Microsoft: Nation-state cyber espionage on rise in 2023
Microsoft’s latest Digital Defence Report outlines how nation-state cyber activity has largely moved from destructive attacks to espionage and intelligence gathering Continue Reading
-
News
05 Oct 2023
Red Cross issues rules of engagement for hackers in conflicts
The digital rules of engagement are the first time cyber activity has been looked at by the conflict watchdog, but a number of hacker groups have already come out and said they will not be following them Continue Reading
-
News
05 Oct 2023
Policing minister wants to use UK passport data in facial recognition
The policing minister’s plans to integrate the UK’s passport database with police facial-recognition systems have been met with criticism from campaigners, academics, and the biometrics commissioner for England and Wales Continue Reading
-
News
05 Oct 2023
Ransomware dwell times now measured in hours, says Secureworks
Ransomware payloads are now being deployed and executed within 24 hours in more than 50% of cases, according to Secureworks’ annual report Continue Reading
-
Feature
04 Oct 2023
Ransomware: All the ways you can protect storage and backup
We survey the key methods of ransomware protection, including immutable snapshots, anomaly detection, air-gapping, anomaly detection, and supplier monetary guarantees Continue Reading
-
News
04 Oct 2023
ICO issues guidance on workplace surveillance
Guidance on employee monitoring covers how employers can conduct their digital surveillance lawfully, transparently and fairly, and warns against businesses intruding on their workers’ private lives Continue Reading
-
Definition
03 Oct 2023
Whistleblower Protection Act
The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from retaliatory action for voluntarily disclosing information about dishonest or illegal activities occurring in a government organization. Continue Reading
-
News
03 Oct 2023
IT decision-makers confident they can handle tech disruptions
The majority of IT decision-makers polled in a recent survey have admitted their organisations has been adversely affected by IT failures Continue Reading
-
News
03 Oct 2023
Cyber experts urge EU to rethink vulnerability disclosure plans
The European Union’s proposed cyber security vulnerability disclosure measures are well-intentioned but ultimately counterproductive, as making unmitigated vulnerabilities public knowledge increases the risk of their exploitation by various actors, experts claim Continue Reading
-
News
03 Oct 2023
CIISec scores DSIT funding to expand successful CyberEPQ scheme
DSIT has committed to enhanced funding to expand CIISec’s CyberEPQ education programme after recording excellent results to date Continue Reading
-
E-Zine
03 Oct 2023
Where next for quantum computing?
In this week’s Computer Weekly, we talk to the head of Amazon’s Braket quantum computing services about how the technology is progressing. We go behind the scenes at an ethical hacker event to find out how bug bounty programmes work. And we analyse the offerings of the major players in software-defined storage. Read the issue now. Continue Reading
-
News
03 Oct 2023
Top science journal faced secret attacks from Covid conspiracy theory group
A conspiratorial group of extreme Brexit lobbyists mounted an extraordinary campaign against one of the world’s most prestigious science journals – part of a series of joint investigations between Byline Times and Computer Weekly Continue Reading
-
Opinion
29 Sep 2023
The trust deficit in CNI: How to address a growing concern
When it comes to addressing the trust deficit in CNI, technological advancements, evolving threats, inadequate regulations, insufficient investment, public awareness, and international cooperation are all critical components that need attention Continue Reading
-
News
28 Sep 2023
Strasbourg court condemns Turkey for jailing teacher for using ByLock encrypted messaging app
The case is expected to have implications for the use of digital evidence in prosecutions against users of other encrypted phone apps Continue Reading
-
News
28 Sep 2023
Businesses disconnected from realities of API security
Business leaders feel confident they’ve got a handle on API security, but at the same time, incidents are through the roof, according to a report Continue Reading
-
Feature
28 Sep 2023
Automated cloud IR: Empowering cyber with AI-powered playbooks
As cyber threats increasingly target cloud infrastructure, demand for robust and reliable incident response measures is through the roof. Find out why you might want to consider bringing artificial intelligence into play Continue Reading
-
News
28 Sep 2023
Security and risk management spending to grow 14% next year
Growth in public cloud services will stand out over the next 12 months, as Gartner projects an overall 14% increase in cyber spending in 2024 Continue Reading
-
News
27 Sep 2023
Researchers offer free threat briefings on Vegas casino hackers
Permiso, a cloud detection and response startup, is making its threat intel team available to speak on Scattered Spider, the group behind recent cyber attacks on MGM Resorts and Caesars Entertainment Continue Reading
-
News
27 Sep 2023
City of Las Vegas masters cyber incident response with Darktrace
The high-rolling city of Las Vegas experiences unique cyber security challenges rarely seen elsewhere. CIO Mike Sherwood reveals how he turned to Darktrace to help address incidents quicker and with confidence Continue Reading
-
News
26 Sep 2023
Crest and IASME to deliver upcoming NCSC Cyber Exercise programme
Crest and IASME have been tasked with assuring that security services providers signing up to a soon-to-launch NCSC Cyber Incident Exercising scheme are up to the job Continue Reading
-
Opinion
25 Sep 2023
Security Think Tank: Three ways to identify the best encryption use cases
The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading
-
News
22 Sep 2023
UK-US data bridge to open to traffic on 12 October
Government forges ahead with the implementation of the UK-US data bridge, which will come into effect for real just under three weeks from now Continue Reading
-
News
22 Sep 2023
Cyber experts set out plan to secure future US elections
A group of experts are setting out to enhance election cyber security in the United States, and restore public faith in a process tainted by interference and misinformation in the past Continue Reading
-
Opinion
22 Sep 2023
Fear is the mind-killer: Governance key to safety in the cyber dunes
Whether you’re tasked with protecting your organisation against cyber threats or ravenous subterranean worms, getting the basics of governance and risk management right counts for a lot and choosing the right framework will remove a huge burden from security teams and executives Continue Reading
-
News
21 Sep 2023
Poor digital experience a blocker for cyber resilience
Organisations that neglect the digital employee experience are not only vulnerable to employee attrition, but putting themselves at increased cyber risk, an Ivanti report finds Continue Reading
-
Feature
20 Sep 2023
Toyota car plant outage shows database capacity planning is vital
How could database deletes and re-organisation take out car production for 36 hours at 14 plants? We drill down into the details of database capacity planning Continue Reading
-
News
20 Sep 2023
Organisations failing to proactively address insider cyber risk
Organisations are spending less than 10% of their annual security budgets on trying to solve one of the costliest problems in cyber: insider risk Continue Reading
-
News
19 Sep 2023
Braverman puts pressure on Meta to pause end-to-end encryption plans
The home secretary is calling on Meta to halt its plans to introduce encrypted messaging services on Facebook and Instagram until the company puts measures in place to detect abuse Continue Reading
-
News
19 Sep 2023
New revelations from the Snowden archive surface
A decade after Snowden exposed NSA’s mass surveillance in cooperation with the British GCHQ, only about 1% of the documents have been published – but three major facts can finally be revealed thanks to a doctoral thesis in applied cryptography by Jacob Appelbaum Continue Reading
-
News
19 Sep 2023
38TB Microsoft data leak highlights risks of oversharing
An accidentally disclosed SAS token with excessive privileges enabled researchers to access nearly 40TB of Microsoft’s data, highlighting the risks of privilege mismanagement and oversharing Continue Reading
-
Definition
19 Sep 2023
total risk
Total risk is an assessment that identifies all the risk factors associated with pursuing a specific course of action. Continue Reading
-
News
19 Sep 2023
Nominet and European counterparts link up on intelligence sharing
The new European TLD ISAC, a collaborative project between top-level domain providers across Europe, aims to enhance their collective security posture to better protect internet users Continue Reading
-
E-Zine
19 Sep 2023
Securing Eurovision’s online voting system against cyber attacks
In this week’s Computer Weekly, we discover how Once.net and Cloudfare defended the 2023 Eurovision Song Contest against cyber attacks. Our buyer’s guide continues to look at integrating software-as-a-service applications, with the governance of SaaS connectivity to the fore. Also, HCLTech’s Ashish Gupta relates how the company has embraced a new, pandemic-influenced, remote working model. And we find out how retail tech leaders influence their boards on transformation projects. Read the issue now. Continue Reading
-
News
18 Sep 2023
Unregulated DeFi services abused in latest pig butchering twist
Pig butchering scammers are taking advantage of the unregulated nature of DeFi crypto trading apps to siphon off even more money from their victims, according to the latest findings of an ongoing investigation Continue Reading
-
Definition
18 Sep 2023
electronically stored information (ESI)
Electronically stored information (ESI) is data that is created, altered, communicated and stored in digital form. Continue Reading
-
Opinion
18 Sep 2023
Security Think Tank: A user’s guide to encryption
The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading
-
News
18 Sep 2023
Government seeks industry views on cyber threat to UK CNI
The Science, Innovation and Technology Select Committee is seeking evidence from the cyber sector as it launches an inquiry into the resilience of the UK's critical national infrastructure Continue Reading
-
News
15 Sep 2023
TikTok fined €345m under GDPR for failing to protect children’s privacy
Data protection regulators warn social media companies to take all necessary measures to protect children’s privacy Continue Reading
-
News
14 Sep 2023
Google, Microsoft and Mozilla push browser updates to foil zero-day
A zero-day in Google’s Chrome browser was first reported by surveillance researchers at The Citizen Lab and Apple, but also affects other browsers Continue Reading
-
News
13 Sep 2023
GCHQ breached privacy rights of IT professional and security researcher, human rights court rules
The European Court of Human Rights in Strasbourg finds UK intelligence services breached the privacy rights of two overseas nationals – an IT professional and a security researcher Continue Reading
-
News
13 Sep 2023
GitHub fixes race condition that could have led to ‘repojacking’
A subtle flaw in how GitHub handled repository creation and user renaming could have had serious consequences for the open source community, but has now been fixed. Learn more about how it worked Continue Reading
-
News
13 Sep 2023
Patch Tuesday: Microsoft fixes zero-days in Word and Streaming Service
September 2023 brings a light Patch Tuesday, with two zero-days and five critical vulnerabilities listed in the latest release Continue Reading
-
News
13 Sep 2023
ExtraHop open sources 16 million rows of threat domain data
NDR specialist ExtraHop says making its entire machine learning dataset available for anybody to view will help organisations better defend against cyber attacks originating from malicious domains generated by algorithms Continue Reading
-
Podcast
12 Sep 2023
Podcast: ‘Data first’ a key principle of digital transformation
Chris Gorton of Syniti says organisations should put data first during digital transformation projects, and that means getting data quality, access rights and governance right Continue Reading
-
Opinion
12 Sep 2023
Consciousness to address AI safety and security
The co-founder of KikenAI discuses why he has decided to make the technology for protecting LLMs open source Continue Reading
-
News
12 Sep 2023
IT spending in Australia to grow 7.8% in 2024
The growth will be led by investments in cyber security, cloud, analytics and application modernisation as Australian CIOs look to improve cost and operational efficiencies Continue Reading
-
News
11 Sep 2023
UK boardrooms and CISOs increasingly aligned on cyber risks
Board members and CISOs in UK organisations seem to be working together much better, but while this is an encouraging sign, there remain some areas of concern over how the two relate to each other Continue Reading
-
News
11 Sep 2023
Polish election questioned after Pegasus spyware used to smear opposition, investigation finds
Senate committee alerts prosecutors over potential crimes by public officials involved in purchasing Pegasus spyware used to monitor and smear political opponents Continue Reading
-
News
11 Sep 2023
Salesforce and Zoom embrace ethical hackers. You should, too
Software companies Salesforce and Zoom discuss their successful bug bounty programmes, what they learned at a recent in-person hackathon in which they participated, and why others shouldn’t be scared of hackers Continue Reading
-
Feature
08 Sep 2023
AI-powered cloud SIEM: Real-time threat intel boosts defences
Thanks to their advanced data analysis and predictive capabilities, AI and ML will be valuable protective tools going forward. Learn about the potential of AI-backed cloud SIEM technology Continue Reading
-
News
08 Sep 2023
Deputy PM urges UK plc not to lose focus on cyber
In a speech at TechUK, deputy prime minister Oliver Dowden urges the cyber security community not to lose focus, and to do more to further collaboration across sectors Continue Reading
-
Feature
08 Sep 2023
SME disaster recovery: Five key points to consider
We look at key DR considerations for SMEs, including RPOs, RTOs, infrastructure needed for effective continuity and the right combination of cloud and in-house provision Continue Reading
-
News
07 Sep 2023
UK minister fails to reassure tech companies over encryption risk
Technology companies say reassurances by government ministers that they have no intention of weakening end-to-end encrypted communication services do not go far enough Continue Reading
-
News
07 Sep 2023
Honeywell goes quantum to protect utilities from future threats
Honeywell and quantum computing specialist Quantinuum will integrate quantum-hardened encryption keys into future smart meters Continue Reading
-
E-Zine
07 Sep 2023
CW EMEA: The value of valuing people
In this month’s CW EMEA ezine, we look at HR software and strategies that can help combat staff attrition, find out how Finland’s and Sweden’s plans to join NATO have initiated activity in the Nordic cyber security sector already, consider the data privacy challenges associated with generative AI, and find out why it is important for companies to implement new cryptography standards now in preparation for quantum-safe communication. Read the issue now. Continue Reading
-
News
05 Sep 2023
Researchers find flaw in Mend.io security platform
WithSecure’s research team uncovered an authentication flaw in an application security platform developed by Mend.io, which has now been fixed Continue Reading
-
News
05 Sep 2023
Law firm Fieldfisher launches data breach management tool
UK and European data breach law specialist Fieldfisher has enlisted legal tech specialist Lawcadia to supply a 24-hour data breach notification assessment platform Continue Reading
-
News
05 Sep 2023
NCSC names ex-NCC man as new CTO
New NCSC CTO Ollie Whitehouse joins from NCC Group, having also worked at BlackBerry and Symantec Continue Reading
-
News
05 Sep 2023
Plymouth Uni spearheads research into wind farm cyber resilience
Project hosted at the University of Plymouth in Devon aims to develop cyber security measures to protect the UK’s increasingly important offshore wind farm assets Continue Reading
-
News
04 Sep 2023
How startup Once.net and Cloudflare secured the 2023 Eurovision vote
When the Eurovision Song Contest introduced paid-for public voting from outside Europe in 2023, it faced new cyber challenges. Learn how Dutch startup Once.net and Cloudflare teamed up to secure and support the big night Continue Reading
-
News
01 Sep 2023
Police Scotland five-year digital strategy approved
Police Scotland’s new strategy outlines how the force will approach and invest in its digital transformation over the next five years, but notes its ability to achieve its ambitions is subject to the availability of funding Continue Reading
-
Opinion
01 Sep 2023
It might be too soon to claim victory against Qakbot
The multinational operation to take down the Qakbot (aka Qbot) malware has been hailed as a great victory, but Lumu Technologies’ Ricardo Villadiego argues that the celebrations may be a little premature Continue Reading
-
Opinion
01 Sep 2023
The quantum threat: Implications for the Internet of Things
The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading
-
News
31 Aug 2023
Ducktail social media marketing malware rears its head again
Use of the Ducktail infostealer, which first popped up in 2022 targeting Meta Business accounts, seems to be increasing Continue Reading
-
News
31 Aug 2023
Home Office and MoD seeking new facial-recognition tech
The UK’s Defence and Security Accelerator is running a ‘market exploration’ exercise on behalf of the Home Office to identify new facial-recognition capabilities for security and policing bodies in the UK Continue Reading
-
News
30 Aug 2023
NCSC warns over possible AI prompt injection attacks
The UK’s NCSC says it sees alarming potential for so-called prompt injection attacks driven by the large language models that power AI chatbots Continue Reading
-
News
29 Aug 2023
Top-performing CISOs reserve time for professional development
Survey of chief information security officers conducted by Gartner sheds light on habits shared by the top-performing members of the profession Continue Reading
-
Tip
29 Aug 2023
The CIO's role in strengthening cybersecurity
To effectively tackle security risks, organizations should proactively address the complexities of information security. Learn how CIOs can play a key role in cybersecurity. Continue Reading
-
Opinion
25 Aug 2023
AI and supply chain visibility key to mitigating OT security threats
Leveraging AI and maintain visibility into the security of your software supply chain are key to mitigating cyber attacks against operational technology systems Continue Reading
-
News
23 Aug 2023
Cyber attacks in 2023 develop quicker as average dwell times plummet
The median attacker dwell time shrunk from 10 to eight days in the first seven months of 2023, and in the case of ransomware attacks it is down to just five days Continue Reading
-
News
22 Aug 2023
Singapore to bolster OT security capabilities
Cyber Security Agency of Singapore teams up with Dragos and the US Cybersecurity and Infrastructure Security Agency to bolster the country’s OT security capabilities Continue Reading
-
News
22 Aug 2023
Clop’s MOVEit attacks drive ransomware volumes to record high
Such has been the scope of Clop’s activity since May that ransomware attack volumes have more than doubled year on year, according to the latest data Continue Reading
-
News
17 Aug 2023
Researchers demo fake airplane mode exploit that tricks iPhone users
Exploit chain that tricks a victim into believing their iOS device is offline in airplane mode when it is not could open the door to grave privacy concerns Continue Reading
-
News
16 Aug 2023
CyberArk eyes growth beyond PAM
CyberArk is seeing exponential growth in the broader identity security market as the company expands its capabilities beyond privileged access management Continue Reading
-
Feature
16 Aug 2023
Top 12 risk management skills and why you need them
Effective risk management is necessary in all parts of a business. Here are a dozen skills that risk managers need to be successful in their jobs. Continue Reading