Regulatory compliance and standard requirements

Navigating the DPDI Bill: A transformative shift ahead

The Data Protection and Digital Information (No. 2) Bill, or DPDI, is set to reshape the UK’s data protection framework. Louise Brooks of DQM GRC considers the implications Continue Reading

North Korean APTs go all in on supply chain attacks, warns NCSC

Threat actors linked to the North Korean regime are becoming more adept at targeting software supply chains in the service of their cyber attacks Continue Reading

Australia ups ante on cyber security

Australia’s new cyber security strategy will focus on building threat blocking capabilities, protecting critical infrastructure and improving the cyber workforce, among other priorities Continue Reading

Palantir awarded NHS FDP data contract

NHS England has awarded a £330m, seven-year contract to US data specialist Palantir, prompting concerns from data privacy practitioners Continue Reading

Why transparency and accountability are important in cyber security

If we accept that the humans who build technology and systems are naturally fallible and mistakes inevitable, and then deal with that with good grace, we could do much to improve cyber standards, writes Bugcrowd's Casey Ellis Continue Reading

IT not ready for AI, Pure Storage survey finds

Storage, compute and networking hardware won’t cope without upgrades, and that often means total IT infrastructure overhaul Continue Reading

Microsoft and Meta quizzed on AI copyright

Large language models are trained using vast amounts of public data – but do the hyperscalers comply with copyright laws? Continue Reading

Ransomware gang grasses up uncooperative victim to US regulator

The ALPHV/BlackCat ransomware gang has added a new tactic to its playbook, going to ever more extreme lengths in search of a pay-off Continue Reading

Rogue state-aligned actors are most critical cyber threat to UK

The prospect of rogue nation-state-aligned attackers bringing down the UK’s critical infrastructure is keeping the NCSC up at night Continue Reading

Victims’ legal action over 2015 Carphone Warehouse breach moves forward

A class action against Currys Retail over the 2015 data breach of Carphone Warehouse customers has been granted permission to move forward in the courts Continue Reading

ICO alerted after technical ‘issue’ exposed college files to student barristers

A training college for barristers has reported a data breach that left sensitive data on hundreds of current and former students accessible to other trainees Continue Reading

Breached? Don't panic… if you created a robust IR plan

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

UN disarmament body calls for global action on autonomous weapons

UN draft resolution highlighting the dangers of autonomous weapons passes with overwhelming majority Continue Reading

How the Online Safety Act will impact businesses beyond Big Tech 

The Online Safety Act will impact an estimated 100,000 online services in the UK and overseas Continue Reading

The best IR plans are well-revised and deeply familiar

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

The Security Interviews: Why cyber needs to integrate better

Cyber security is an intensely technical field, but we shouldn’t ignore the soft skills of communication and collaboration. Wipro’s Tony Buffomante explains why a robust security posture is dependent on a security team engaging with the wider organisation Continue Reading

Data-sharing management gap highlights cyber risk, says report

Organisations are struggling to secure their use of communications tools to share data with third-party partners and suppliers, and in the process are exposing themselves to heightened levels of risk, according to a report Continue Reading

The plan for the inevitable cyber attack: Get the gist of NIST

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

King’s Speech misses the mark on cyber law reform, says campaign

A group of activists who want to reform the UK’s computer misuse laws to protect bona fide cyber pros from prosecution have been left disappointed by a lack of legislative progress Continue Reading

The Security Interviews: ISC2’s Clar Rosso on cyber diversity and policy

Computer Weekly catches up with ISC2 CEO Clar Rosso to talk about diversifying the cyber workforce and supporting cyber pros as they keep up with growing compliance and security policy demands Continue Reading

Enhancing security: The crucial role of incident response plans

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

How ExxonMobil is leading with data

In this week’s Computer Weekly, we talk to the leader of ExxonMobil’s data organisation, about the energy giant’s strategy to establish enterprise-wide principles for the use of data. As the UK’s Online Safety Act comes into force, we examine the tech sector’s concerns over the laws around end-to-end encryption. And we look at the software tools available to HR teams to help improve staff retention. Read the issue now. Continue Reading

IR plans: The difference between disaster and recovery

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

How Trellix’s CISO keeps threat actors at bay

Trellix’s chief information security officer, Harold Rivas, outlines how the company mitigates security threats through containment and by helping security analysts to respond faster to cyber incidents Continue Reading

Incident response planning requires constant testing

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

Use existing structures to build your incident response plan

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

EU digital ID reforms should be ‘actively resisted’, say experts

Over 300 cyber security experts have called for the EU to rethink its proposals for eIDAS digital identity reforms, saying some of the provisions risk damaging user privacy and security Continue Reading

Incident response planning is vulnerable to legacy thinking

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

Darktrace CEO Poppy Gustafsson on her AI Safety Summit goals

As the AI Safety Summit at Bletchley Park takes place, Computer Weekly caught up with Darktrace CEO Poppy Gustafsson to find out what one of the UK’s most prominent AI advocates wants from proceedings Continue Reading

British Library falls victim to cyber attack

The British Library is experiencing a major IT outage following a cyber incident of an undisclosed nature Continue Reading

SEC sues SolarWinds, alleging serious security failures

SolarWinds and its CISO have been charged with fraud and internal control failures by the US authorities amid allegations of a series of cyber security failings leading up to the 2020 Sunburst attacks Continue Reading

The implications of biased AI models on the financial services industry

The Bank of England has warned of the risk artificial intelligence models present in creating bias that could pose a threat to the UK’s financial services sector. How do those risks emerge and how they might be mitigated?   Continue Reading

Greek data watchdog to rule on AI systems in refugee camps

A forthcoming decision on the compliance of surveillance and security systems in Greek refugee camps could set a precedent for how AI and biometric systems are deployed for ‘migration management’ in Europe Continue Reading

Domestic abuse charities surface fresh worries over NHS data sharing

With new NHS data access options coming into effect at the end of October, a group of campaigners including womens' charities and the BMA have warned that the revived GP-patient data sharing scheme risks putting vulnerable people at risk Continue Reading

Germany: European Court opinion kicks questions over EncroChat back to national courts

Germany lawfully obtained data on German EncroChat users from France, but whether the evidence is legally admissible is a matter for national courts Continue Reading

Sunak sets scene for upcoming AI Safety Summit

Prime minister Rishi Sunak has outlined how the UK will approach making AI safe, but experts say there is still too big a focus on catastrophic but speculative risks over real harms the technology is already causing Continue Reading

UK Finance paints mixed picture of fraud as losses top £500m

UK losses to fraud in the first six months of the year topped £500m, but a slight decline in overall crime rates was observed, according to UK Finance’s latest data Continue Reading

Research team tricks AI chatbots into writing usable malicious code

Researchers at the University of Sheffield have demonstrated that so-called Text-to-SQL systems can be tricked into writing malicious code for use in cyber attacks Continue Reading

The new data landscape: how will the new UK-US data bridge affect businesses?

With the UK-US data bridge coming into effect on 12 October 2023, find out what steps your organisation can take to take advantage of, and remain compliant with, the new framework Continue Reading

Nuclear regulator raps EDF over cyber compliance

The Office for Nuclear Regulation says EDF has come up short on needed measures to improve cyber security standards at several critical UK nuclear facilities Continue Reading

Sellafield local authority unsure if data was stolen six years on from North Korea ransomware attack

Senior managers at an ‘Achilles heel’ local authority for Europe’s biggest nuclear site ‘still don’t know what was lost’ in a 2017 cyber attack, according to a council source Continue Reading

DORA: Moving into a new era of digital resilience

The EU’s Digital Operational Resilience Act will come into force in just over a year, the majority of risk management professionals are only at the beginning of their planning journey. Kate Needham-Bennett of Fusion Risk Management explains how to get things moving Continue Reading

Scottish biometrics watchdog outlines police cloud concerns

Police Scotland’s response to the biometrics commissioner’s formal information notice ‘did not ameliorate’ his concerns about the sovereignty and security of the sensitive biometric information being uploaded to cloud infrastructure that is subject to intrusive US surveillance laws Continue Reading

MGM faces £100m loss from cyber attack on its casinos

MGM Resorts has provided further details on the fallout of the hack targeting its casinos in early September, confirming that a range of personal information has been stolen and that it will likely cost the firm around $100m Continue Reading

Policing minister wants to use UK passport data in facial recognition

The policing minister’s plans to integrate the UK’s passport database with police facial-recognition systems have been met with criticism from campaigners, academics, and the biometrics commissioner for England and Wales Continue Reading

Lloyds Bank launches digital identity app

Lloyds Bank has launched a digital identity app with tech startup Yoti, after it invested £10m in the firm Continue Reading

Ransomware: All the ways you can protect storage and backup

We survey the key methods of ransomware protection, including immutable snapshots, anomaly detection, air-gapping, anomaly detection, and supplier monetary guarantees Continue Reading

Cyber experts urge EU to rethink vulnerability disclosure plans

The European Union’s proposed cyber security vulnerability disclosure measures are well-intentioned but ultimately counterproductive, as making unmitigated vulnerabilities public knowledge increases the risk of their exploitation by various actors, experts claim Continue Reading

CIISec scores DSIT funding to expand successful CyberEPQ scheme

DSIT has committed to enhanced funding to expand CIISec’s CyberEPQ education programme after recording excellent results to date Continue Reading

Where next for quantum computing?

In this week’s Computer Weekly, we talk to the head of Amazon’s Braket quantum computing services about how the technology is progressing. We go behind the scenes at an ethical hacker event to find out how bug bounty programmes work. And we analyse the offerings of the major players in software-defined storage. Read the issue now. Continue Reading

The trust deficit in CNI: How to address a growing concern

When it comes to addressing the trust deficit in CNI, technological advancements, evolving threats, inadequate regulations, insufficient investment, public awareness, and international cooperation are all critical components that need attention Continue Reading

Strasbourg court condemns Turkey for jailing teacher for using ByLock encrypted messaging app

The case is expected to have implications for the use of digital evidence in prosecutions against users of other encrypted phone apps Continue Reading

Security Think Tank: To encrypt or not to encrypt, that is the question

The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading

Yahoo picks Intigriti to run crowdsourced bug bounty programme

Digital media brand Yahoo is setting up a crowdsourced bug bounty programme with ethical hacking specialist Intigriti, and is reaching out to the Capture the Flag community to participate Continue Reading

Cover-ups still the norm in the wake of a cyber incident

Almost half of organisations that have experienced a cyber incident did not report it to the appropriate authorities, according to a report Continue Reading

Preparing for post-quantum cryptography

In this week’s Computer Weekly, our latest buyer’s guide assesses the challenges for cryptography in the emerging era of quantum computing. Google Cloud experts explain how the internet giant is preparing its datacentres for a world of AI. And we examine the privacy, compliance and backup issues from generative AI. Read the issue now. Continue Reading

UK-US data bridge to open to traffic on 12 October

Government forges ahead with the implementation of the UK-US data bridge, which will come into effect for real just under three weeks from now Continue Reading

Fear is the mind-killer: Governance key to safety in the cyber dunes

Whether you’re tasked with protecting your organisation against cyber threats or ravenous subterranean worms, getting the basics of governance and risk management right counts for a lot and choosing the right framework will remove a huge burden from security teams and executives Continue Reading

Poor digital experience a blocker for cyber resilience

Organisations that neglect the digital employee experience are not only vulnerable to employee attrition, but putting themselves at increased cyber risk, an Ivanti report finds Continue Reading

Parliament passes sweeping Online Safety Bill but tech companies still concerned over encryption

Ofcom will consult on standards to enforce new powers, but tech companies remain concerned about the impact of the bill’s ‘spy clause’, which could require them to scan encrypted messages Continue Reading

Braverman puts pressure on Meta to pause end-to-end encryption plans

The home secretary is calling on Meta to halt its plans to introduce encrypted messaging services on Facebook and Instagram until the company puts measures in place to detect abuse Continue Reading

New revelations from the Snowden archive surface

A decade after Snowden exposed NSA’s mass surveillance in cooperation with the British GCHQ, only about 1% of the documents have been published – but three major facts can finally be revealed thanks to a doctoral thesis in applied cryptography by Jacob Appelbaum Continue Reading

Nominet and European counterparts link up on intelligence sharing

The new European TLD ISAC, a collaborative project between top-level domain providers across Europe, aims to enhance their collective security posture to better protect internet users Continue Reading

APAC guide to identity and access management

The rise of identity-based attacks is fuelling investments in identity and access management (IAM) tools. We examine the key capabilities of IAM, discuss implementation best practices, and explore the future of this technology Continue Reading

Security Think Tank: A user’s guide to encryption

The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading

TikTok fined €345m under GDPR for failing to protect children’s privacy

Data protection regulators warn social media companies to take all necessary measures to protect children’s privacy Continue Reading

Las Vegas mainstay Caesars Palace likely paid off ransomware crew

Caesars Entertainment, owner of the lavish Roman Empire-themed Caesars Palace casino in Las Vegas, has revealed it also suffered a ransomware attack, and appears to have paid off its hackers Continue Reading

Manchester police data breach a classic supply chain incident

The developing data breach at Greater Manchester Police follows a cyber attack on the systems of a key supplier of ID services to the force Continue Reading

Google, Microsoft and Mozilla push browser updates to foil zero-day

A zero-day in Google’s Chrome browser was first reported by surveillance researchers at The Citizen Lab and Apple, but also affects other browsers Continue Reading

As vehicle safety regulations loom, carmakers fret over cyber risks

Global, UN-backed car safety and security regulations come into force next year, and automotive bosses say they are not only unprepared, but “swamped” by a tide of compliance and security risks Continue Reading

GCHQ breached privacy rights of IT professional and security researcher, human rights court rules

The European Court of Human Rights in Strasbourg finds UK intelligence services breached the privacy rights of two overseas nationals – an IT professional and a security researcher Continue Reading

NCSC and ICO sign MoU to forge deeper collaborative links

The scope of the MoU signed by the NCSC and the ICO includes collaboration on new cyber regulations and guidance, and how to support cyber attack victims appropriately and minimise regulatory penalties Continue Reading

Podcast: ‘Data first’ a key principle of digital transformation

Chris Gorton of Syniti says organisations should put data first during digital transformation projects, and that means getting data quality, access rights and governance right Continue Reading

The dangers of breaking encryption

In this week’s Computer Weekly, we detail the concerns of the BCS and other IT experts about the UK’s Online Safety Bill’s proposals to weaken end-to-end message encryption. Our buyer’s guide continues to look at the issues around integrating software-as-a-service applications, with a particular eye to the proliferation of SaaS during the Covid pandemic. Red Hat’s CEO Matt Hicks retails the company’s efforts to support generative AI. And we discover how immersive technologies can shape a brave new world of training and design. Read the issue now. Continue Reading

Brits happy to break cyber law if the price is right

A study conducted ahead of an upcoming security trade fair reveals a slim majority of Brits would come out in favour of offensive government security ops and even engage in cyber criminality themselves in the right circumstances Continue Reading

Polish election questioned after Pegasus spyware used to smear opposition, investigation finds

Senate committee alerts prosecutors over potential crimes by public officials involved in purchasing Pegasus spyware used to monitor and smear political opponents Continue Reading

Deputy PM urges UK plc not to lose focus on cyber

In a speech at TechUK, deputy prime minister Oliver Dowden urges the cyber security community not to lose focus, and to do more to further collaboration across sectors Continue Reading

UK minister fails to reassure tech companies over encryption risk

Technology companies say reassurances by government ministers that they have no intention of weakening end-to-end encrypted communication services do not go far enough Continue Reading

CW EMEA: The value of valuing people

In this month’s CW EMEA ezine, we look at HR software and strategies that can help combat staff attrition, find out how Finland’s and Sweden’s plans to join NATO have initiated activity in the Nordic cyber security sector already, consider the data privacy challenges associated with generative AI, and find out why it is important for companies to implement new cryptography standards now in preparation for quantum-safe communication. Read the issue now. Continue Reading

Finnish government to bolster spending on cyber-AI defences

Finland’s government will increase spending on cyber security amid heightened threats from artificial intelligence-based attacks Continue Reading

French supreme court dismisses legal challenge to EncroChat cryptophone evidence

Defence lawyers plan to appeal to the European Court of Human Rights after the French supreme court disallowed an appeal over the legality of EncroChat evidence Continue Reading

German court unclear whether intercepted EncroChat cryptophone messages are legally admissible

Germany’s Federal Constitutional Court is waiting to hear five complaints that could decide whether data from the hacked EncroChat phone network can be lawfully used in German courts, but situation remains unclear for now Continue Reading

Law firm Fieldfisher launches data breach management tool

UK and European data breach law specialist Fieldfisher has enlisted legal tech specialist Lawcadia to supply a 24-hour data breach notification assessment platform Continue Reading

Hacked Electoral Commission failed Cyber Essentials audit

The Electoral Commission failed an NCSC Cyber Essentials audit on multiple counts at about the same time as cyber criminals breached its systems in 2021, it has emerged Continue Reading

IT experts issue new warnings over Online Safety Bill plans to weaken end-to-end encryption

BCS, The Chartered Institute for IT, argues the government is seeking a technical fix to terrorism and child abuse without understanding the risks and implications Continue Reading

NCSC warns over possible AI prompt injection attacks

The UK’s NCSC says it sees alarming potential for so-called prompt injection attacks driven by the large language models that power AI chatbots Continue Reading

Top-performing CISOs reserve time for professional development

Survey of chief information security officers conducted by Gartner sheds light on habits shared by the top-performing members of the profession Continue Reading

Singapore to bolster OT security capabilities

Cyber Security Agency of Singapore teams up with Dragos and the US Cybersecurity and Infrastructure Security Agency to bolster the country’s OT security capabilities Continue Reading

Cyber Explorers programme reaches 50,000 11-14 year olds in 18 months

The government-backed Cyber Explorers programme has reached 50,000 students in its first 18 months, and more schools are being invited to sign up for the Autumn Term Continue Reading

NatWest customer calls bank’s handling of breach of his data ‘disgusting’

A second NatWest customer has contacted Computer Weekly after finding out from a whistleblower that his sensitive personal data has been in her home for 14 years Continue Reading

MongoDB secures IRAP certification

MongoDB’s certification from Australia’s Information Security Registered Assessor Program will pave the way for federal government agencies to use its Atlas database service for protected workloads Continue Reading

Top marks for graduates of CIISec vocational cyber course

132 young people who sat the UK’s first Extended Project Qualification in Cyber Security have received their results today Continue Reading

CyberArk eyes growth beyond PAM

CyberArk is seeing exponential growth in the broader identity security market as the company expands its capabilities beyond privileged access management Continue Reading

6 open source GRC tools compliance professionals should know

Organizations must meet a variety of regulatory compliance requirements today. Here's a look at six open source GRC tools and related resources that might help. Continue Reading

ITAM influence on cyber risk becoming a factor in credit ratings

Credit agency S&P Global Ratings warns that organisations that pay inadequate attention to IT asset management as a factor in their cyber risk management processes may find their creditworthiness takes a dive Continue Reading

Norfolk and Suffolk police hit by FoI-linked data breach

Latest UK police data breach relates to crime suspects, victims and witnesses across East Anglia, and comes just days after a similar incident at the Northern Irish service Continue Reading

NatWest offers compensation to customer affected by data breach exposed by whistleblower

NatWest bank has offered compensation to a former customer affected by a data breach alongside around 1,600 other former and current customers Continue Reading

US Cyber Board to probe cloud security after latest Exchange hack

CSRB review of cloud security comes in the wake of a major Chinese cyber attack on US government bodies orchestrated through Microsoft’s cloud services Continue Reading

Northern Irish police expose staff data in botched FoI response

Human error is being blamed for the leak of personally identifiable information on all serving officers and civilian staff at the Police Service of Northern Ireland Continue Reading

UK voter data hacked in cyber attack on election watchdog

An unknown threat actor who attacked the UK’s Electoral Commission had access to data on millions of UK voters for over a year, the watchdog has revealed Continue Reading