IT security

Trustpilot gets agile to build trust online

Consumer reviews website Trustpilot has built and scaled its IT security team and is now turning to agile methods and DevSecOps to further enhance its cyber capabilities, as CISO Stu Hirst explains. Continue Reading

How to stop data retention from killing the planet

In this week’s Computer Weekly, there’s a hidden environmental cost to the vast volumes of data being generated – we examine what can be done to address it. We talk to the CISO of consumer reviews site Trustpilot, about building trust in IT security. And we look at what IT leaders can do if they inherit a toxic team environment. Read the issue now. Continue Reading

Protecting children as they spend years in virtual worlds

To protect children online, we must now focus on pre-emptive and robust regulation around immersive technologies Continue Reading

Panzura partners with AWS on ransomware counter-measures

Panzura might have slipped beneath the waves, but it’s come back reinvigorated, and now boasts integration with AWS with ransomware protection and Outposts hardware Continue Reading

Ransomware: Practical tips to improve resiliency

With ransomware attacks on organisations increasing, the question is not if an attack will happen, but when. We look at ways to minimise the impact of such an attack Continue Reading

Plexal inducts six into cyber leadership scheme

Tech innovation hub Plexal is expanding its Cyber Runway programme with a new Ignite strand dedicated to supporting high-potential security leaders Continue Reading

Data management, backup becoming the CISO's responsibility

More and more CISOs are taking on responsibility for wider data management strategies, and this trend looks set to grow next year Continue Reading

Not-for-profit aims to encourage 1,300 girls into cyber careers

CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber Continue Reading

CW Nordics: Icelandic datacentres point way to greener IT

Iceland may soon become even more attractive to firms wanting to minimise their carbon footprint while using high-performance computing services. Read more about it in this issue. Also find out how a robo investment company, Nord Investments, is harnessing open banking to make thing easier for its clients. Continue Reading

Data protection in Finland, four years after GDPR came into force

 Continue Reading

Your staff are the frontline in your ransomware fight

As part of a solid cyber defence plan, the CISO must make sure that the frontline within the organisation is prepared for an attack, says Theodore Wiggins of Airbus Protect Continue Reading

How APAC organisations are hiring cyber security pros

Hiring managers in cyber security are turning to existing employees in non-IT roles and providing professional development for junior-level staff to plug the talent gap Continue Reading

UK police arrest 120 in largest-ever cyber fraud crackdown

The administrator and more than 100 users of the iSpoof.cc cyber fraud website have been arrested in a major counter-fraud operation led by the Metropolitan Police Continue Reading

South Korea data adequacy pact brings £15m Brexit bonus

UK government finalises a data adequacy agreement with South Korea, saying it will unlock a post-Brexit business bonus of just under £15m Continue Reading

Red team tool developer slams ‘irresponsible’ disclosure

UK security firm MDSec defends its Nighthawk command and control penetration testing framework after suggestions were made that it could be appropriated by threat actors Continue Reading

Dutch national cyber security strategy aims to protect digital society

Cabinet sets up national cyber security strategy to make the Netherlands digitally secure Continue Reading

10 real-world use cases of the metaverse, plus examples

The potential for metaverse projects exist across a range use cases. Here are enterprise-focused and consumer-focused examples that business and IT leaders may want to explore. Continue Reading

Ducktail spins new tales to hijack Facebook Business accounts

The increasingly active Ducktail cyber crime operation is refining its operations, seeking new methods to compromise its victims’ Facebook Business accounts Continue Reading

Killnet DDoS hacktivists target Royal Family and others

Russia-aligned hacktivists targeted multiple UK websites, including those of the Royal Family, in a new campaign of DDoS attacks Continue Reading

C-suite mystified by cyber security jargon

Malware, supply chain attack, zero-day, IoC, TTP and Mitre ATT&CK are just some of the everyday terms that security pros use that risk making the world of cyber incomprehensible to outsiders Continue Reading

Cyber criminals have World Cup Qatar in their sights as tournament kicks off

Malicious cyber activity around the FIFA World Cup was ticking upwards even before the opening game, with threats likely to present themselves in great numbers and many forms throughout the event. Continue Reading

Cyber criminals target World Cup Qatar 2022

In this week’s Computer Weekly, as the FIFA World Cup opens in Qatar, we examine the cyber security threats from criminals targeting the event. We report from the Gartner Symposium on the latest predictions for enterprise software development. And we talk to the CIO of Kyiv City Council about managing IT in the shadow of war. Read the issue now. Continue Reading

Ransomware preparedness: The long road ahead

Is your organization ready for ransomware? A recent survey shows that businesses in a variety of industries are all struggling with ransomware prevention and recovery. Continue Reading

Bug Bounty Calculator helps organisations fine-tune their payouts

Newly launched comparison tool will supposedly help operators of vulnerability disclosure or bug bounty programmes to ensure their payments match market rates and expectations, and attract the right sort of attention Continue Reading

NHS federated data platform must avoid repeating Care.data mistakes, says national data guardian

UK’s national data guardian agrees with the ambitions of the platform, but warns that the programme must avoid ‘common pitfalls around trust and transparency’ Continue Reading

NHS trust that deleted up to 90,000 emails cleared of deliberately concealing evidence

A tribunal found in a high-profile case brought by whistleblower Chris Day that an NHS trust had not deliberately concealed evidence when a director deleted up to 90,000 emails before he was due to testify Continue Reading

Ransomware, storage and backup: Impacts, limits and capabilities

We look at the impact of ransomware on storage and backup, how storage and data protection can best be used to combat ransomware, and how they fit in the fight against it Continue Reading

Is Elon Musk’s Twitter safe, and should you stop using it?

With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use Continue Reading

New gold standard to protect good faith hackers

HackerOne’s new Gold Standard Safe Harbour statement will supposedly act as a guarantee for good faith hacking Continue Reading

CyberPeace Institute helps NGOs improve their security resilience

Adrien Ogée of the CyberPeace Institute talks about his work supporting NGOs and humanitarian organisations, and how the security community at large can help protect the world’s most vulnerable people Continue Reading

Enterprises embrace SD-WAN but miss benefits of integrated approach to security

Research from managed network and security services provider finds virtually all enterprises have deployed software-defined wide area networks or plan to do so within the next 24 months, but nearly half reported they either don’t have security integrated with SD-WAN or have no specific SD-WAN security at all Continue Reading

Another Log4Shell warning after Iranian attack on US government

The breach of a US federal body by an Iranian threat actor exploiting the Adobe Log4j Log4Shell vulnerability has prompted a fresh flurry of patching Continue Reading

Scottish government to pilot digital identity platform in early 2023

Pilot of Scotland’s digital identity platform will be run in partnership with Disclosure Scotland, using secure sign-on and identity verification Continue Reading

HMRC will begin migration from Government Gateway to One Login in summer 2023

One Login for Government programme has the objective of simplifying access to central government, says HMRC chief technology and design officer Continue Reading

Global network fragmentation a source of increasing risk

Risk consultancy’s report says the weaponisation of cyber space and geopolitical clashes herald a breakdown of global networks into distinct regional or national architectures Continue Reading

Security Think Tank: Ransomware defences: An extended to-do list

Strategies to extend ransomware protection beyond backups and intrusion detection must centre dark web monitoring, among other things Continue Reading

APP fraud volumes expected to double by 2026, says report

Losses to authorised push payment fraud in the UK are expected to climb to over $1.5bn in the next four years. Meanwhile, the NAO accuses the Home Office of lagging on progress to tackle the issue Continue Reading

How to prepare for ransomware

We look at ways to protect against ransomware attacks and how to manage such attacks when they happen. Continue Reading

How to protect against ransomware attacks

In this week’s Computer Weekly, we look at how to prepare for and protect against ransomware, and what to do if you’re hit by an attack. We gauge industry reaction to Ofcom’s plan to investigate the big three cloud providers. And we find out how travel giant TUI is implementing self-service analytics. Read the issue now. Continue Reading

Inside Singapore’s public sector IT strategy

Adopting a platform approach with products that can scale across the board and building a strong engineering bench are some of the key aspects in Singapore’s public sector IT strategy Continue Reading

How Google and Mandiant are forging synergies in cyber security

Google’s AI smarts and Mandiant’s intelligence on new and emerging threats could lay the foundation of proactive security Continue Reading

Security Think Tank: Let’s be transparent about ransomware

Greater transparency regarding ransomware attacks, including details about attack methods used and what kinds of assets were compromised, would likely help the community prevent future attacks Continue Reading

How to prepare for ransomware

What are the best practices you should use to protect against ransomware attacks and manage such attacks when they do happen? Continue Reading

Online scam victims lose an average of £1,000 each

New data from the National Fraud Intelligence Bureau shows victims of online fraud lose an average of £1,000 per person Continue Reading

Cyber insurance: The good, the bad and the ugly

Most cyber insurance contracts are innately flawed because they exclude losses arising from state-backed cyber attacks, and this will make proper attribution even more important in the future, says Cisco Talos’ Martin Lee Continue Reading

Volume of self-reported breaches to ICO jumps 30%

The number of self-reported breaches to the UK’s Information Commissioner’s Office soared by nearly 30% in the 12 months to 30 June 2022 Continue Reading

MoD recruits Immersive Labs to bolster cyber resilience

UK’s Ministry of Defence will run cyber drills and address its security talent gap with Immersive Labs’ CyberPro, Cyber Crisis Simulator and Application Security products Continue Reading

Security Think Tank: To stop ransomware, preparation is the best medicine

You can’t ‘stop’ ransomware, but you can do a lot to keep yourself from becoming ensnared when it strikes Continue Reading

Cyber criminals have World Cup Qatar 2022 in their sights

Volumes of malicious cyber activity around the upcoming FIFA World Cup are already starting to tick upwards and are likely to continue to do so Continue Reading

All means all when it comes to encryption

Nigel Thorpe, technical director at SecureAge, makes the case for encrypting everything all of the time when it comes to protecting data Continue Reading

CW Benelux: Heineken finds the right brew for digital

Heineken’s data management director has revealed some of the ways the company is using information technology to transform digitally. Also read how a PhD student in the Netherlands is detecting hidden messages on the internet by exploring the practice of steganography. Continue Reading

France extradites Spanish EncroChat cryptophone distributors for complicity with organised crime

 Continue Reading

Optus earmarks A$140m to cover cost of data breach

Optus sets aside A$140m as an exceptional expense for a customer remediation programme following a massive data breach that affected 10 million customers Continue Reading

UK’s National Cyber Advisory Board convenes for first time

Government convenes National Cyber Advisory Board to further its goals of making the UK one of the safest places to live and work online Continue Reading

Microsoft serves smorgasbord of six zero-days

November’s Patch Tuesday fixes significantly fewer vulnerabilities of late, but includes six actively-exploited zero-days, three of them of critical severity Continue Reading

Why Sophos is bullish on managed security services

Sophos has grown its managed detection and response business to more than $100m over the last three years as more organisations grapple with the increasingly complex cyber security landscape Continue Reading

Security Think Tank: Anti-ransomware strategies should be as easy as ABC

When developing and implementing ransomware protection strategies, the importance of paying thorough attention to security measures you might consider elementary cannot be understated Continue Reading

NortonLifeLock, Avast debut new ‘Gen’ identity

The combined NortonLifeLock and Avast consumer cyber business, Gen, says it will serve over 500 million customers worldwide Continue Reading

How the US-China chip war will affect IT leaders

In this week’s Computer Weekly, as the US ramps up semiconductor sanctions on China, we examine the ramifications across the tech sector. Cyber criminals are turning to new forms of encryption – we talk to the Dutch researchers trying to catch them. And we look at what cloud providers need to do to improve customer experience. Read the issue now. Continue Reading

Probing the secrets of the internet

Research in the Netherlands is focused on detecting hidden messages on the internet. Continue Reading

Public sector IT projects need ethical data practices from start

Data ethics needs to be integrated into public sector IT projects from the very start, and considered throughout every stage of the process, to be effective Continue Reading

Department for Education escapes £10m fine over data misuse

Department entrusted data on 28 million children to a company called Trustopia, which turned out to be anything but trustworthy, but has escaped a £10m fine under new rules Continue Reading

Keeping personally identifiable data personal

As it celebrates its 100th birthday, the BBC has begun a pilot looking into its role in enabling the general public to store their personal data Continue Reading

To fight ransomware, we must treat digital infrastructure as critical

Ransomware defence is failing because we don’t view our digital infrastructure in the same way as our physical infrastructure, argues Elastic’s Mandy Andress Continue Reading

Elon Musk begins mass Twitter layoffs via email

New Twitter owner Elon Musk has begun the process of cutting the company’s workforce in half, but is already facing a legal backlash for allegedly violating US labour laws Continue Reading

Microsoft: Nation-state cyber attacks became increasingly destructive in 2022

The willingness of nation-state actors to conduct destructive cyber attacks is a source of grave concern, as Microsoft’s latest annual Digital Defence Report lays bare Continue Reading

Security Think Tank: Ransomware and CISOs’ balancing act

Ransomware has the potential to cause irreversible business damage, so CISOs should consider not only protection but also response and recovery Continue Reading

Microsoft pledges $100m in new IT support for Ukraine

Microsoft will continue to offer free-of-charge technology support to Ukraine for the foreseeable future Continue Reading

The Security Interviews: Building trust online

Consumer reviews website Trustpilot has built and scaled its IT security team and is now turning to agile methods and DevSecOps to further enhance its cyber capabilities Continue Reading

Automated threats biggest source of cyber risk for retailers

Threat actors targeting retailers during the coming holiday season are increasingly turning to automated forms of cyber attack, according to a report Continue Reading

Global coalition reaffirms commitment to fight ransomware

Representatives of 36 countries, as well as the EU, attended the second International Counter Ransomware Initiative Summit in Washington DC Continue Reading

Dropbox code compromised in phishing attack

Cloud storage service says malicious actors successfully accessed some of its code within GitHub, but insists customer data is secure Continue Reading

UK spent £6.4m on secret cyber package for Ukraine

Westminster has revealed for the first time the existence of a previously top-secret security programme that has been helping Ukraine fend off Russian cyber attacks Continue Reading

OpenSSL vulnerabilities ‘not as bad as feared’

As previously trailed, OpenSSL patched two buffer overflow vulnerabilities, neither of them as impactful as had been feared Continue Reading

Security Think Tank: Know your networks, know your suppliers

To combat the ransomware scourge, we must work harder to monitor and learn from the increasingly complex threat environment, keep a closer eye on supply chains, and share our insights Continue Reading

A third of UK cyber leaders want to quit, report says

Nearly a third of UK security leaders are considering leaving their current role, and more than half are struggling to keep on top of their workload Continue Reading

Why Supply Chain Security Attacks Are So Damaging

Commonly in cyber security-related conversations, strategic references to the edge, boundary, endpoint, cloud etc are commonplace as potential areas of vulnerability. However, in several recent ... Continue Reading

NCSC looks back on year of ‘profound change’ for cyber

The NCSC ramped up its support for UK plc in the past 12 months, but it was events beyond the UK’s borders that proved the most impactful Continue Reading

How Elastic is going beyond enterprise search

Elastic has been doubling down on the security and observability capabilities of its open-source platform, going beyond its roots in enterprise search Continue Reading

Digital identity and opening up the smartwallet

When an 80 year-old relative asks you how she can use her phone to both pay for shopping and get her supermarket loyalty points, like her friends do, you know that digital wallets are a success. ... Continue Reading

How to build consumer trust with a privacy-by-design approach

Undertaken with the right mindset and technology, privacy by design delivers value to consumers and builds trust for the long term Continue Reading

The risk of losing our EU data adequacy agreement is real

While some may welcome the government’s ambition to shake up the UK’s data protection regime, Westminster should be wary of drifting too far from the path charted by our US and European partners Continue Reading

Prepare today for potentially high-impact OpenSSL bug

OpenSSL trailed a critical vulnerability patch last week, which will be only the second such flaw ever found in the open source encryption project. Unfortunately, the first was Heartbleed Continue Reading

Cyber crime officer says French legal challenges to EncroChat are ‘hype’

Matthieu Audibert, officer of the French Gendarmerie’s cyber space command, gets into a spat with defence lawyers on Twitter over the lawfulness of evidence from the hacked phone network EncroChat Continue Reading

Security Think Tank: Container security: why so different?

Done well, container security can be a model for securing the enterprise, and businesses that focus their teams on solving it can help accelerate positive change in other areas Continue Reading

8 cybersecurity books to read in 2023

Brush up on your cybersecurity skills by picking up one of these titles. Continue Reading

How has container security changed since 2020, and have we taken it too far?

While containers are now one of the most popular ways to deploy applications, it is fair to say that the adoption and implementation of security best practice to govern their use has not kept up Continue Reading

Government ups cyber support for elderly, vulnerable web users

DCMS announces a funding boost to help the elderly, disabled and other vulnerable groups stay safe online and avoid being misled by disinformation Continue Reading

NCSC’s Levy steps down after 20-year intelligence career

NCSC technical director Ian Levy bids farewell, telling his successor: ‘Don’t panic’ Continue Reading

Will the OCSF create an open and collaborative cyber industry?

The Open Cybersecurity Schema Framework promises to transform security data analysis and collection, but there are challenges around adoption Continue Reading

NHS to get new national CISO

The Department for Health and Social Care is seeking a new national CISO, who will be tasked with providing strategic cyber leadership, direction and expertise across DHSC and the wider NHS Continue Reading

LinkedIn adds new features to safeguard user privacy, security

Social media platform is adding a number of features and systems designed to protect legitimate users from inauthentic profiles and activity Continue Reading

Medibank breach casts spotlight on data security

Health insurer Medibank Private recently suffered a major data breach involving the personal and health information of millions of customers, once again casting the spotlight on data security in Australia Continue Reading

Santander calls for cooperation to tackle APP fraud

New report puts forward key recommendations that the banking sector, government and other industries could take to tackle authorised push payment fraud Continue Reading

ICO warns against using biometrics for ‘emotional analysis’

ICO warning highlights risk of ‘systemic bias’ and discrimination associated with organisations using biometric data and technologies for emotion analysis Continue Reading

The Conservatives are laughing at cyber security pros

If causing a security breach is a resigning matter, then you shouldn’t expect to get your old job back a week later. Unless you’re a Conservative home secretary, apparently Continue Reading

Cuba ransomware cartel spoofs Ukraine armed forces

Ukrainian cyber experts issue a warning over the activities of the Cuba ransomware cartel Continue Reading

Australia budget closes in on digital divide, cyber resilience

Australia’s latest budget is geared towards providing better broadband connectivity in regional and rural areas, shoring up the cyber security posture of its businesses and plugging tech talent shortages, among other areas Continue Reading

Apple patches new iPhone zero-day

Apple’s latest patch fixes yet another zero-day, as security issues keep surfacing in its mobile products Continue Reading

Dutch lawyers raise human rights concerns over hacked cryptophone data

Dutch defence lawyers say in an open letter that there is a risk of unfair trials unless they are allowed to test the reliability and legitimacy of hacked cryptophone evidence Continue Reading