Identity and access management products

Top 10 police technology stories of 2023

Here are Computer Weekly’s top 10 police technology stories of 2023 Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Top 10 cyber crime stories of 2023

Ransomware gangs dominated the cyber criminal underworld in 2023, a year that will prove notable for significant evolutionary trends in their tactics Continue Reading

By

• Alex Scroxton, Security Editor

What we learned in cyber in 2023, and what to look out for

PA Consulting's Rasika Somasiri looks back at a busy 12 months in the cyber security world, and highlights some key learnings from 2023 Continue Reading

By

• Rasika Somasiri

Security Think Tank: Anytime, anywhere access is achievable

Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading

By

• Tim Holman, 2-sec

The Security Interviews: Talking identity with Microsoft’s Joy Chik

Microsoft’s president of identity and network access, Joy Chik, joins Computer Weekly to discuss the evolving threat landscape in identity security, using innovations in artificial intelligence to stay ahead, and advocating for the coming passwordless future Continue Reading

By

• Alex Scroxton, Security Editor

Top IT predictions in APAC in 2024

Generative AI will continue to leave its mark on many areas in business and IT, along with other trends such as sustainability, cyber security and smart factories that are expected to shape the region’s technology landscape in 2024 Continue Reading

By

• Aaron Tan, TechTarget

Human augmentation tech requires dual use oversight

Researchers investigating human augmentation technologies must acknowledge the potential military applications of their work, and military bodies cannot be allowed to dismiss ethical concerns in their pursuit of national security interests, says NGO Drone Wars UK Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

The Security Interviews: Mark McClain, SailPoint Technologies

SailPoint founder and CEO Mark McClain reflects on how the concept of identity has evolved over the past 20 years, and points to rapid evolution still to come Continue Reading

By

• Alex Scroxton, Security Editor

Scope of Okta helpdesk breach widens to impact all users

Okta has widened the scope of the October breach of its systems to include every customer that has used its helpdesk service, after new information came to light Continue Reading

By

• Alex Scroxton, Security Editor

privileged identity management (PIM)

Privileged identity management (PIM) is the monitoring and protection of superuser accounts that hold expanded access to an organization's IT environments. Continue Reading

By

• Rahul Awati

How passwordless authentication aids identity security

Enterprise Strategy Group's Jack Poller discusses survey results on user authentication practices and explains the security benefits of passwordless methods. Continue Reading

By

• Craig Stedman, Industry Editor

UK police plan national roll-out of facial-recognition phone app

UK police chiefs plan to expand use of facial-recognition technology through a nationwide roll-out of mobile-based tools and increases in retrospective facial-recognition, but oversight problems persist Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Australia ups ante on cyber security

Australia’s new cyber security strategy will focus on building threat-blocking capabilities, protecting critical infrastructure and improving the cyber workforce, among other priorities Continue Reading

By

• Stephen Withers

An inside look at a Scattered Spider cyber attack

Threat researchers at ReliaQuest share the inside track on a Scattered Spider cyber attack they investigated Continue Reading

By

• Alex Scroxton, Security Editor

possession factor

The possession factor, in a security context, is a category of user authentication credentials based on items that the user has with them, typically a hardware device such as a security token or a mobile phone used in conjunction with a software token. Continue Reading

By

• Rahul Awati

Canada’s Mounties among government employees hit by LockBit

A LockBit attack on a specialist supplier of relocation services has engulfed multiple government agencies in Canada Continue Reading

By

• Alex Scroxton, Security Editor

Outgoing police tech watchdog warns of declining oversight

The outgoing biometrics and surveillance camera commissioner for England and Wales discusses police deployment of powerful new surveillance technologies, and the declining state of oversight in this area Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

mandatory access control (MAC)

Mandatory access control (MAC) is a security strategy that restricts the ability individual resource owners have to grant or deny access to resource objects in a file system. Continue Reading

By

• Rahul Awati

Shadow IT use at Okta behind series of damaging breaches

Okta now believes the initial access vector in a series of damaging breaches was one of its own employees who used a corporate device to sign into their personal Google account Continue Reading

By

• Alex Scroxton, Security Editor

EU digital ID reforms should be ‘actively resisted’, say experts

Over 300 cyber security experts have called for the EU to rethink its proposals for eIDAS digital identity reforms, saying some of the provisions risk damaging user privacy and security Continue Reading

By

• Alex Scroxton, Security Editor

Microsoft warns over growing threat from Octo Tempest gang

The English-speaking Octo Tempest extortion gang – which became an ALPHV/BlackCat affiliate recently – presents one of the most significant and rapidly growing threats to large organisations at this time, says Microsoft Continue Reading

By

• Alex Scroxton, Security Editor

Demystifying the top five OT security myths

Goh Eng Choon, president of ST Engineering’s cyber business, outlines the common myths around OT security in a bid to raise awareness of the security challenges confronting OT systems Continue Reading

By

• Aaron Tan, TechTarget

1Password caught up in Okta support breach

After breaches at BeyondTrust and Cloudflare, 1Password, a third customer of Okta operating in the same space, has revealed that it too was impacted in a breach of the IAM house’s support systems Continue Reading

By

• Alex Scroxton, Security Editor

soft token

A soft token is a software-based security token that generates a single-use login personal identification number (PIN). Continue Reading

By

• Paul Kirvan

How to tame the identity sprawl

Organisations should find a comprehensive way to gain full visibility into their digital identities and leverage automation to tame the identity sprawl. Continue Reading

CyberArk eyes growth beyond PAM

Aaron Tan examines CyberArk’s exponential growth in the broader identity security market. Continue Reading

CW APAC: Buyer’s guide to IAM

Identity access management tools are proving pivotal in the race to outwit cyber criminals. In this handbook, focused on IAM in the Asia-Pacific region, Computer Weekly takes a closer look at their capabilities, CyberArk’s growth, the uses of automation and how ForgeRock enhances user experience. Continue Reading

APAC guide to identity and access management

The rise of identity-based attacks is fuelling investments in identity and access management tools. Continue Reading

Loughborough Uni to create five cyber AI research posts

Supported by Darktrace, Loughborough University is to recruit five doctoral researchers focusing on cross-disciplinary research in AI and cyber security Continue Reading

By

• Alex Scroxton, Security Editor

Google Authenticator

Google Authenticator is a mobile security application that provides a second type of confirmation for websites and online services that use two-factor authentication (2FA) to verify a user's identity before granting him or her access to secure resources. Continue Reading

By

• Robert Sheldon

Secure Sockets Layer certificate (SSL certificate)

A Secure Sockets Layer certificate (SSL certificate) is a small data file installed on a web server that allows for a secure, encrypted connection between the server and a web browser. Continue Reading

By

• Rahul Awati

Preparing IT security for the age of quantum computing

We look at what progress is being made to ensure digital communications remain secure as quantum computers make an entrance Continue Reading

By

• Cliff Saran, Managing Editor

password entropy

Password entropy is a measurement of a password's strength based on how difficult it would be to crack the password through guessing or a brute-force attack. Continue Reading

By

• Robert Sheldon

MGM faces £100m loss from cyber attack on its casinos

MGM Resorts has provided further details on the fallout of the hack targeting its casinos in early September, confirming that a range of personal information has been stolen and that it will likely cost the firm around $100m Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

risk-based authentication (RBA)

Risk-based authentication (RBA) is an authentication method in which varying levels of stringency are applied to a system’s authentication process based on the likelihood that access to that system could result in its compromise. Continue Reading

By

• Rahul Awati

Policing minister wants to use UK passport data in facial recognition

The policing minister’s plans to integrate the UK’s passport database with police facial-recognition systems have been met with criticism from campaigners, academics, and the biometrics commissioner for England and Wales Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Lloyds Bank launches digital identity app

Lloyds Bank has launched a digital identity app with tech startup Yoti, after it invested £10m in the firm Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Where next for quantum computing?

In this week’s Computer Weekly, we talk to the head of Amazon’s Braket quantum computing services about how the technology is progressing. We go behind the scenes at an ethical hacker event to find out how bug bounty programmes work. And we analyse the offerings of the major players in software-defined storage. Read the issue now. Continue Reading

Strasbourg court condemns Turkey for jailing teacher for using ByLock encrypted messaging app

The case is expected to have implications for the use of digital evidence in prosecutions against users of other encrypted phone apps Continue Reading

By

• Bill Goodwin, Computer Weekly

Security and risk management spending to grow 14% next year

Growth in public cloud services will stand out over the next 12 months, as Gartner projects an overall 14% increase in cyber spending in 2024 Continue Reading

By

• Alex Scroxton, Security Editor

Protected Extensible Authentication Protocol (PEAP)

Protected Extensible Authentication Protocol (PEAP) is a security protocol commonly used to protect wireless networks. Continue Reading

By

• Robert Sheldon

Cover-ups still the norm in the wake of a cyber incident

Almost half of organisations that have experienced a cyber incident did not report it to the appropriate authorities, according to a report Continue Reading

By

• Alex Scroxton, Security Editor

Preparing for post-quantum cryptography

In this week’s Computer Weekly, our latest buyer’s guide assesses the challenges for cryptography in the emerging era of quantum computing. Google Cloud experts explain how the internet giant is preparing its datacentres for a world of AI. And we examine the privacy, compliance and backup issues from generative AI. Read the issue now. Continue Reading

Okta confirms link to cyber attacks on Las Vegas casinos

Okta CISO David Bradbury confirms widespread speculation about the high-profile cyber attacks on two Las Vegas casino operators, revealing that the threat actors responsible had indeed abused its services as they earlier claimed Continue Reading

By

• Alex Scroxton, Security Editor

38TB Microsoft data leak highlights risks of oversharing

An accidentally disclosed SAS token with excessive privileges enabled researchers to access nearly 40TB of Microsoft’s data, highlighting the risks of privilege mismanagement and oversharing Continue Reading

By

• Alex Scroxton, Security Editor

Ending the online fraud epidemic

A different approach to managing personal data across the web is possible - and it could minimise online fraud, boost e-commerce, and help make the web more secure. So why isn't the government doing it? Continue Reading

By

• Jon Nash, Demos

APAC guide to identity and access management

The rise of identity-based attacks is fuelling investments in identity and access management (IAM) tools. We examine the key capabilities of IAM, discuss implementation best practices, and explore the future of this technology Continue Reading

By

• Aaron Tan, TechTarget

Las Vegas mainstay Caesars Palace likely paid off ransomware crew

Caesars Entertainment, owner of the lavish Roman Empire-themed Caesars Palace casino in Las Vegas, has revealed it also suffered a ransomware attack, and appears to have paid off its hackers Continue Reading

By

• Alex Scroxton, Security Editor

Manchester police data breach a classic supply chain incident

The developing data breach at Greater Manchester Police follows a cyber attack on the systems of a key supplier of ID services to the force Continue Reading

By

• Alex Scroxton, Security Editor

Storm-0324 gathers over Microsoft Teams

An initial access broker associated with several different ransomware operations is now conducting Microsoft Teams phishing attacks Continue Reading

By

• Alex Scroxton, Security Editor

How DocuSign is extending its capabilities beyond e-signatures

DocuSign is harnessing large language models to help individuals make sense of agreements and employing AI-based biometrics to verify the identity of signers, as part of its broader efforts to expand its capabilities beyond electronic signatures Continue Reading

By

• Aaron Tan, TechTarget

Podcast: ‘Data first’ a key principle of digital transformation

Chris Gorton of Syniti says organisations should put data first during digital transformation projects, and that means getting data quality, access rights and governance right Continue Reading

By

• Antony Adshead, Storage Editor

Sensitive NatWest customer files set to be returned after High Court agreement

Sensitive NatWest customer files set to be secured by bank after years in the home of a data breach whistleblower Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

HGS to provide contact centre support for One Login

The partnership between the Government Digital Service and Hinduja Global Solutions will see the supplier provide contact centre services for the digital identity platform Continue Reading

By

• Lis Evenstad

Finnish government to bolster spending on cyber-AI defences

Finland’s government will increase spending on cyber security amid heightened threats from artificial intelligence-based attacks Continue Reading

By

• Gerard O'Dwyer

Meet the professional BEC op that targeted Microsoft 365 users for years

The so-called W3LL cyber crime operation ran a phishing empire that has played a large role in compromising Microsoft 365 accounts for years. Its activities are now coming to light thanks to Group-IB researchers Continue Reading

By

• Alex Scroxton, Security Editor

Okta customers targeted in new wave of social engineering attacks

Authentication specialist Okta has warned customers to be on alert for a campaign of social engineering attacks exploiting highly privileged users Continue Reading

By

• Alex Scroxton, Security Editor

Researchers find flaw in Mend.io security platform

WithSecure’s research team uncovered an authentication flaw in an application security platform developed by Mend.io, which has now been fixed Continue Reading

By

• Alex Scroxton, Security Editor

Home Office and MoD seeking new facial-recognition tech

The UK’s Defence and Security Accelerator is running a ‘market exploration’ exercise on behalf of the Home Office to identify new facial-recognition capabilities for security and policing bodies in the UK Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Post Office to provide in-person identity checks for One Login

Partnership between the Government Digital Service and the Post Office will see postmasters and staff provide face-to-face identity checks for those unable to use the One Login app or website Continue Reading

By

• Lis Evenstad

biometric authentication

Biometric authentication is a security process that relies on the unique biological characteristics of individuals to verify they are who they say they are. Continue Reading

By

• Cameron Hashemi-Pour, Former Site Editor

How do digital signatures work?

Digital signatures add a level of security to online agreements, which can prevent bad actors from impersonating other individuals or tampering with sensitive contracts. Continue Reading

By

• David Weldon

Google bets on AI-backed cyber controls for Workspace users

Zero-trust and digital sovereignty controls are the focus of a series of enhancements being made for Google Workspace users Continue Reading

By

• Alex Scroxton, Security Editor

BYOI (bring your own identity)

BYOI (bring your own identity) is an approach to digital authentication in which an end user's username and password are managed by a third party. BYOI is increasingly being used for website authentication. Continue Reading

By

• Robert Sheldon
• Sharon Shea, Executive Editor

NatWest customer calls bank’s handling of breach of his data ‘disgusting’

A second NatWest customer has contacted Computer Weekly after finding out from a whistleblower that his sensitive personal data has been in her home for 14 years Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

CyberArk eyes growth beyond PAM

CyberArk is seeing exponential growth in the broader identity security market as the company expands its capabilities beyond privileged access management Continue Reading

By

• Aaron Tan, TechTarget

Unconventional career: A Computer Weekly Downtime Upload podcast

Cyber security expert Junade Ali, talks about his non-academic route to a PhD. He was recently elected as a fellow of the IET Continue Reading

By

• Cliff Saran, Managing Editor

NatWest offers compensation to customer affected by data breach exposed by whistleblower

NatWest bank has offered compensation to a former customer affected by a data breach alongside around 1,600 other former and current customers Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Directory Services Restore Mode (DSRM)

Directory Services Restore Mode (DSRM) is a Safe Mode boot option for Windows Server domain controllers. Continue Reading

By

• Rahul Awati

MPs warn about growing prevalence of tech-enabled domestic abuse

The UK government must take action to prevent perpetrators from being able to use connected or smart technologies to conduct their domestic abuse, a select committee has warned Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Workplace monitoring needs worker consent, says select committee

Employers looking to monitor their employees through connected devices should only to so with the consent of those affected due to negative impacts such surveillance can have on work intensification and mental health Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Cozy Bear hijacks SME Microsoft 365 tenants in latest campaign

Microsoft shares intelligence on a newly observed Cozy Bear campaign that saw the APT take over genuine Microsoft 365 tenants and subvert them to try to phish its victims Continue Reading

By

• Alex Scroxton, Security Editor

Common Access Card (CAC)

A Common Access Card (CAC) is a smart card issued by the Unites States Department of Defense for accessing DOD systems and facilities. Continue Reading

By

• Rahul Awati

national identity card

A national identity card is a portable document, typically a plasticized card with digitally embedded information, that is used to verify aspects of a person's identity. Continue Reading

By

• Katie Terrell Hanna

How Indian organisations are keeping pace with cyber security

Indian organisations are shoring up their defences to improve their cyber resilience amid intensifying cyber threats targeted at key sectors such as healthcare and logistics Continue Reading

By

• Pratima Harigunani

AI-enhanced cyber has potential, but watch out for marketing hype

As AI is a hot topic right now, it is no surprise there are some cyber solutions coming to market that have been thrown together in haste, but that said, genuine AI-powered security products do exist and their abilities could yet prove transformative. Continue Reading

By

• Shailendra Parihar, Turnkey Consulting

CIO interview: Sean Green, University of East Anglia

In his role as director of digital and data at the University of East Anglia, Sean Green provides high-performance computing to researchers and manages the diverse needs of a campus with the characteristics of a small town, all while finding the time to study one of his passions Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Handbook helps Dutch organisations migrate to quantum-safe communication

Organisations must start implementing new cryptography standards – as migration is a lengthy process Continue Reading

By

• Kim Loohuis

Online Safety Bill screening measures amount to ‘prior restraint’

The Open Rights Group is calling on Parliament to reform the Online Safety Bill, on the basis that its content-screening measures would amount to “prior restraint” on freedom of expression Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Police Scotland use cloud for biometric data despite clear risks

Police Scotland confirms it has stored significant volumes of biometric data on a cloud-based digital evidence sharing system despite major ongoing data protection concerns, bringing into question the effectiveness of the current regulatory approach and the overall legality of using hyperscale public cloud technologies in a policing context Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Civil society groups call on EU to put human rights at centre of AI Act

Dozens of civil society groups are calling on EU institutions to prioritise people and human rights in AI legislation as secretive negotiations begin Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Whistleblower contacts NatWest customers affected by a decade-old data breach

Former worker says contacting the people affected by the data breach is her last resort after the bank and regulators appear satisfied that the sensitive data file is safe stored under her bed Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Norwegian data privacy experts sound alarm over generative AI

Hundreds of millions of people embrace generative artificial intelligence, blissfully ignorant of what it’s doing to data privacy. Continue Reading

By

• Pat Brans, Pat Brans Associates/Grenoble Ecole de Management

Suspicious email reported every five seconds in UK

National Cyber Security Centre report reveals a suspicious email was reported by UK citizens and organisations every five seconds last year Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Biometrics watchdog calls for public space surveillance review

The biometrics and surveillance camera commissioner is calling for a review of public space surveillance to gain a clearer picture about the proliferation of Chinese surveillance technology across the public sector, but warns against applying double standards on companies just because they are from China Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

AI can never be given control over combat decisions, Lords told

Artificial intelligence is technically incapable of distinguishing between the complex contextual factors of combat situations, and will likely never be able to, according to legal and software experts Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

security token

A security token is a physical or wireless device that provides two-factor authentication (2FA) for users to prove their identity in a login process. Continue Reading

By

• Paul Kirvan

One Login’s Gov.uk ID check apps downloaded over two million times

The One Login digital identity system is being used by eight government services, and GDS has issued more than 1.5 million verified identities since summer 2022, while its ID check apps are proving popular Continue Reading

By

• Lis Evenstad

ICO under fire for taking limited action over serious data breaches

The ICO has come under fire from lawyers and data protection specialists for just issuing written warnings to two public bodies over serious data breaches that placed people’s lives at risk Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Phishing and ransomware dominate Singapore’s cyber threat landscape

Phishing and ransomware attacks continued apace in Singapore last year amid signs of improving cyber hygiene Continue Reading

By

• Aaron Tan, TechTarget

Nearly quarter of a million malicious websites reported and removed through NCSC service

A suspicious email and text message reporting service in the UK has directly led to a quarter of a million malicious websites being removed Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

TSB calls on Meta to intervene and protect users from fraud losses of £250m this year

TSB is the latest bank to demand more action from social media sector in helping to reduce online fraud Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Regulatory ‘lacuna’ around facial recognition threatens rights

The UK is heading for a “legal quagmire” around live facial recognition if the government and regulators do not take action to rein in use of the technology before it becomes ubiquitous Continue Reading

By

• Kingsley Hayes, Keller Postman UK

Podcast: Storage, backup, AI and data classification at RSA 2023

Much discussion at RSA 2023 about artificial intelligence, the risks to data protection, storage and compliance, plus risk and data classification, especially its impacts on access and data management Continue Reading

By

• Antony Adshead, Storage Editor

UKtech50 2023 winner: Michelle Donelan/Chloe Smith, secretary of state, DSIT

Computer Weekly looks at the achievements and successes of the Department for Science, Innovation and Technology, as its secretary of state is recognised as the most influential person in UK technology for 2023 Continue Reading

By

• Lis Evenstad

Payments regulator makes APP fraud reimbursement mandatory

UK payments regulator confirms changes to rules around repaying customers who lose money to authorised push payment fraudsters Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Bank of International Settlement sets up channel secure from quantum breach

The Bank of International Settlement has worked with two of Europe's central banks to explore preventing the security risks posed by quantum computers Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Met Police director of intelligence defends facial recognition

The Met Police’s director of intelligence has appeared before MPs to make the case for its continuing use of facial-recognition technology, following announcements from the force and the Home Office that they intend to press on with its adoption Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Lloyds Bank calls on tech companies to control social media ‘wild west’

Lloyds Banking Group is calling on tech giants to step forward in the fight against online fraud, which emanates in the social media ‘wild west’ Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Cabinet Office publishes response to data sharing for digital ID consultation

The majority of respondents to government’s consultation on data sharing for digital identity are critical to the plans and concerned about data privacy, but Whitehall’s response says many of the responses ‘were driven by anti-digital commentaries’ Continue Reading

By

• Lis Evenstad