Regulatory compliance and standard requirements

Nordics move towards common cyber defence strategy

Nordic countries agree to work together to improve their cyber defences amid increasing threat Continue Reading

UK TikTok ban gives us all cause to consider social media security

The UK government’s ban on TikTok should give all organisations cause to look into what information social media platforms are collecting on us, and what they are using it for Continue Reading

UK government to create code of practice for generative AI firms

The code will look to strike a balance between copyright holders and generative AI firms so that both parties can benefit from the use of copyrighted material in training data Continue Reading

TikTok banned on UK government devices

The UK government has followed in the footsteps of its US and European counterparts and banned the use of Chinese social media app TikTok on official devices Continue Reading

MI5 to oversee new National Protective Security Authority

The new National Protective Security Authority will address various national security threats including state-sponsored cyber espionage against UK targets Continue Reading

Technology minister Michelle Donelan defends data reforms

Secretary of state Michelle Donelan has defended the government’s new data reforms as providing certainty for businesses while simultaneously retaining high standards of data protection, but industry figures are having mixed reactions Continue Reading

How ForgeRock is tackling identity management

ForgeRock CEO Fran Rosch has set the identity and access management software supplier on a path to deliver a frictionless identity experience without compromising security or privacy Continue Reading

Nine in 10 enterprises fell victim to successful phishing in 2022

Egress annual email security risk report breaks down impacts of email-based phishing attacks and data loss, and the effect these can have on organisations in terms of staff retention and morale Continue Reading

Dutch hospitals underestimate impact of cyber attack

IT failures in acute care healthcare organisations in the Netherlands have considerably increased since 2010, affecting patient care and stressing the need to improve IT security in hospitals Continue Reading

Podcast: 2023 compliance and storage outlook

Geopolitical instability casts its shadow as organisations must think about cyber attacks, data location and what to do if things change quickly. We talk to Mathieu Gorge, CEO of Vigitrust Continue Reading

White House unveils National Cybersecurity Strategy

The strategy will focus on ensuring closer collaboration on cyber security between government and industry, while giving software and other tech companies a bigger role in combatting threats due to their resources and expertise Continue Reading

AI interview: Michael Osborne, professor of machine learning

Artificial intelligence researcher speaks with Computer Weekly about the implications of a market-driven AI arms race and the overwhelming dominance of the private sector over the technology Continue Reading

Data breaches in Australia on the rise, says OAIC

Cyber security incidents were the cause of most data breaches, which rose by 26% in the second half of 2022, according to the Office of the Australian Information Commissioner Continue Reading

Security Think Tank: Training can no longer be a compliance exercise

Historically, security training has tended to take a compliance-based focus, a ‘tick-box’ exercise using generic, off-the-shelf courses. This needs to change, says Hayley Watson of Turnkey Consulting. Continue Reading

Scotland launches data strategy for health and social care

The five-year strategy aims to make it easier for people to access their own health and social care data, improve data flows between organisations, and transform the way data is used to enhance services Continue Reading

UK police have ‘culture of retention’ around biometric data

A culture of retention around biometric data in UK policing is damaging public trust, says UK biometrics commissioner, who is calling for clear regulation to govern police use of biometric technologies Continue Reading

Cyber security training: Insights for future professionals

Future cyber security professionals need soft skills as well as technical ones, says security educator Sudeep Subramanian Continue Reading

Security Think Tank: New trends and drivers in cyber security training

Self-paced, interactive, bite-sized learning is becoming the optimum path for cyber security training in the workplace, says John Tolbert of KuppingerCole Continue Reading

UK authorities clamp down on illegal crypto ATMs

The Financial Conduct Authority and West Yorkshire Police have disrupted a number of illegal crypto ATMs Continue Reading

OSC&R framework to stop supply chain attacks in the wild

The backers of a new MITRE ATT&CK style framework called OSC&R hope to help organisations get to grips with threats to their software supply chains Continue Reading

Researcher exposes crypto scam network exploiting YouTube

A massive network of fake YouTube videos promoted by automated sock puppet accounts is reeling in hundreds of cryptocurrency enthusiasts and persuading them to hand over their money, WithSecure researchers found Continue Reading

How to protect your business from fraud during a recession

This winter, the chilly winds of a global recession have fraudsters turning up the heat. PJ Rohall of SEON Fraud Fighters shares some guidance on how to bundle up against fraud Continue Reading

Investigatory Powers Act: Home Office proposes rethink of safeguards on bulk data collection

David Anderson KC will review the safeguards on intelligence service and police use of bulk datasets following a Home Office assessment that they are 'disproportionate'. Continue Reading

Campaigners lament lack of movement on Computer Misuse Act reform

Westminster has opened a new consultation on proposed reforms to the Computer Misuse Act of 1990, but campaigners who want the law changed to protect cyber professionals have been left disappointed Continue Reading

APP fraud reimbursement proposal is ‘fundamentally flawed’, say MPs

MPs claim the involvement of a bank-sponsored organisation in reimbursing victims of APP fraud would be a conflict of interest Continue Reading

The one problem with AI content moderation? It doesn’t work

The use of artificial intelligence for content moderation is likely to become more pronounced with the passage of the Online Safety Bill, but practitioners and experts question the efficacy of this approach Continue Reading

Cops make arrests and seize drugs after hacking Exclu encrypted messaging app

Police in the Netherlands, Belgium and Poland raided 80 addresses after covertly intercepting messages from the Exclu encrypted messaging app Continue Reading

Online banks still riddled with cyber security flaws, report says

Online bank Virgin Money was found to have the weakest online and application security measures in a Which? study but Nationwide, TSB and The Co-Operative Bank all failed on multiple points, too. Continue Reading

The Security Interviews: How to overcome data protection compliance challenges

Complying with the vast swathe of data protection legislation around the world is complex, especially for smaller organisations without the necessary expertise. Could the compliance process be simplified, and if so, how? Continue Reading

FCA cracks down on misleading promos by social media influencers

Social media is becoming a major part of the FCA’s work in clamping down on misleading financial advertising and promotions, with multiple influencers rapped for their behaviour Continue Reading

Security Think Tank: In 2023, we need a new way to cultivate better habits

Regular, small adjustments to behaviour offer a better way to keep employees on track and cultivate a corporate culture of cyber awareness, writes Elastic’s Mandy Andress Continue Reading

Innovative Technology deploys age estimation tech in shops and pubs

A company involved in Home Office-led trials of biometric age estimation technologies has begun rolling out its hardware to UK shops and pubs so they can use its facial recognition algorithm to assure customers’ ages Continue Reading

UK Cyber Council and ISACA launch audit, assurance programme

The UK Cyber Security Council has teamed up with ISACA to partner on a new audit and assurance programme for security pros Continue Reading

Cyber training firm launches £20k data protection scholarship

Training specialist Freevacy has launched a £20,000 scholarship fund to train data privacy and protection professionals Continue Reading

MI5 unlawfully collected and held millions of people’s data

Secretive court finds MI5 knowingly acted unlawfully in use of bulk surveillance warrants, and the Home Office continued granting warrants despite information the agency was operating outside the law Continue Reading

Data of 10 million JD Sports customers accessed in cyber attack

Data on 10 million people who shopped online at JD Sports over a two-year period was accessed and potentially stolen in a cyber attack Continue Reading

Boards struggle to resolve cyber risk in digital supply chains

Accelerated digitisation of supply chains is introducing more cyber risk for which many organisations seem unprepared, according to the BSI’s annual report on supply chain risk Continue Reading

NCSC warning over cyber risk to charity sector

Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC Continue Reading

Veeam survey finds ransomware blocks digital transformation

Annual report shows secular trend to the cloud and increased use of containers, but prevalence of ransomware attacks means digital transformation is hindered Continue Reading

WhatsApp’s £4.8m fine raises questions for organisations using behavioural advertising

The Irish Data Protection Commissioner has fined WhatsApp, owned by Meta, in a case that will raise questions for organisations that rely on contracts rather than consent to comply with GDPR when offering behavioural advertising Continue Reading

Fraudsters and cyber criminals stole more than £4bn in the UK through 2022

The amount of money stolen by fraudsters and cybercriminals in the UK saw a huge increase in 2022 Continue Reading

Newham Council rejects use of live facial-recognition tech by police

Live facial-recognition technology should not be used by police in Newham until biometric and anti-discrimination safeguards are in place, according to a motion passed unanimously by the council, but the Met Police and the Home Office have indicated they will not suspend its use Continue Reading

Outdated IT infrastructure poses growing risk to UK Security Vetting

Delays to UKSV’s important work in safeguarding the country’s national security are in part down to a legacy IT estate in dire need of modernisation, says the NAO Continue Reading

David Anderson KC to review UK surveillance laws

Home Office commissions independent review of the Investigatory Powers Act, known as the snoopers’ charter. It will include a review of bulk datasets and government access to internet connection records held by phone and internet companies Continue Reading

Cloudflare urged to clamp down on pirates, counterfeiters

A whitepaper produced by brand protection specialist Corsearch calls on Cloudflare to do more to stop online content piracy and sales of counterfeit goods Continue Reading

Crest throws support behind CyberUp CMA reform campaign

Cyber accreditation association Crest International has lent its support to the CyberUp campaign for reform to the Computer Misuse Act of 1990 Continue Reading

Experts concerned over silence around government obligation to review UK surveillance laws

The government is required to review the UK’s surveillance law, the Investigatory Powers Act, but experts say they are in the dark about its plans. The National Crime Agency’s operation Venetic has highlighted the need for urgent reforms Continue Reading

UK government completes trials of age estimation technology

Government-led trials of age estimation and verification technologies for the sale of alcohol in nightlife venues and supermarkets have been completed, with both government and retail lobbyists pushing for legislation that would allow retailers to adopt the tools for alcohol sales Continue Reading

Europe’s cyber security strategy must be clear about open source

Europe’s cyber security policy on open source is lagging behind the US, and despite growing government awareness of the issues, that poses a problem Continue Reading

Should we be worried about malicious use of AI language models?

WithSecure research into GPT-3 language models, used by the likes of ChatGPT, surfaces concerning findings about how easy it is to use large language models for malicious purposes. Should security teams be concerned? Continue Reading

Insurer Beazley introduces catastrophe bond to ease cyber risk

Insurance company Beazley says that its $45m cyber catastrophe bond will help to protect its balance sheet and enable it to offer more cyber insurance cover Continue Reading

JPMorgan ordered to face lawsuit over cyber attack on Ray-Ban maker

US banking giant JPMorgan forced to respond to accusations that it failed to inform a business customer about suspicious transactions Continue Reading

Vulnerable organisations to get free Cyber Essentials support

Charities and legal aid firms are among those to be offered free security checks and certifications from the National Cyber Security Centre Continue Reading

Proposed digital fraud refund rules risk excluding many victims

Proposals to establish a fraud refund mechanism in the UK risk excluding many victims of digitally enabled fraud, a major bank has warned Continue Reading

Meta to appeal £345m fine for Facebook and Instagram privacy breaches

Social media company Meta is to appeal after the Irish Data Protection Commission fined the company for breaching GDPR Continue Reading

Securing low Earth orbit represents the new space race

The barriers to launching satellites into low Earth orbit are falling fast, and that brings new cyber security challenges Continue Reading

Cyber security professionals share their biggest lessons of 2022

In the run-up to 2023, cyber security professionals are taking the time to reflect on the past few months and share their biggest lessons of 2022 Continue Reading

Top 10 technology and ethics stories of 2022

Here are Computer Weekly’s top 10 technology and ethics stories of 2022 Continue Reading

Top 10 cyber security stories of 2022

The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides Continue Reading

Top 10 crime, national security and law stories of 2022

Here are Computer Weekly’s top 10 crime, national security and law stories of 2022 Continue Reading

Post-Brexit cyber dynamics in the UK and Europe: diverging paradigms?

The UK faces a choice in terms of its ongoing cyber security relationship with the EU – to preserve its collaboration with the EU by adopting an aligned approach or to adopt a divergent approach Continue Reading

Security Think Tank: 2022 brought plenty of learning opportunities in cyber

At the end of another busy 12 months, Turnkey Consulting’s Andrew Morris sums up some of the most important takeaways for cyber pros Continue Reading

Shiseido data breach victims plan legal action over fake companies

Employees and former employees of cosmetics firm Shiseido whose data was stolen in a recent breach are planning group legal action after their information was used to establish fraudulent companies in their names Continue Reading

NCA officer questioned in Investigatory Powers Tribunal over failure to disclose EncroChat notes

EncroChat hacking warrant was unlawful and in breach of human rights law, the Investigatory Powers Tribunal hears Continue Reading

Private health provider data could be shared with NHS England

Plans are advancing to create a single source of healthcare data in England combining both private providers and the NHS to avoid a repeat of the Ian Paterson scandal Continue Reading

NHS gets new guidance on public benefits of data sharing

NHS national data guardian Nicola Byrne has published new guidance on how health and social care bodies should approach the task of evaluating public benefit when using data for purposes beyond individual care Continue Reading

New cyber approaches ease Registers of Scotland’s AWS migration

As the holder of the oldest national public land register in the world, Registers of Scotland has a storied history dating back centuries. Find out how Palo Alto Networks is keeping its processes and data secure as it goes all-in on Amazon Web Services Continue Reading

EU issues draft data adequacy decision in favour of US

The European Commission has concluded that the United States does ensure an adequate level of protection for personal data transferred from the European Union and will now launch the process towards the adoption of an adequacy decision Continue Reading

Finnish government launches information security voucher scheme

Finland’s government is offering businesses financial support to help them improve their cyber security Continue Reading

AI experts question tech industry’s ethical commitments

In this week’s Computer Weekly, the proliferation of ethical frameworks has done little to change how artificial intelligence is developed – we look at the challenges. We examine the future of the UK semiconductor sector as the government launches a review. And we hear how NatWest has put data at the heart of customer strategy. Read the issue now. Continue Reading

Cloud-based fingerprint system for UK police nears completion

Police Digital Service announces that a new cloud-based fingerprint system developed under its Transforming Forensics programme is nearly complete, but data protection concerns around the use of US-based cloud providers remain Continue Reading

Security Think Tank: Embrace prioritisation, people, imperfections

Security and IT professionals should try to make peace with their imperfections in 2023, says Nominet CISO Paul Lewis Continue Reading

Online Safety Bill returns to Parliament

MPs and online safety experts have expressed concern about encryption-breaking measures contained in the Online Safety Bill as it returns to Parliament for the first time since its passage was paused in July Continue Reading

IT system limitations a factor in passport delays

Limitations in the UK’s passport office IT system led to delays in applicants receiving their documents during a recent period of high demand Continue Reading

Security Think Tank: 2022 changed how we thought about resilience

Increasing cyber resilience is at the heart of the people-processes-technology triangle, and 2022 saw shifts in all three of these aspects, says PA Consulting’s Sharon Shochat Continue Reading

Consumers to get new protections against dodgy apps

Government’s new code of practice will impose new privacy and security measures on app store operators and developers Continue Reading

Australia to develop new cyber security strategy

New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals Continue Reading

Legacy IT magnifies cyber risk for Defra, says NAO

Some 30% of Defra’s applications are currently unsupported, magnifying cyber risk as the government department struggles to make progress on a digital transformation programme Continue Reading

EU fails to protect human rights in surveillance tech transfers

Transfers of surveillance technology from the European Union to African governments are carried out without due regard for the human rights impacts, the European Ombudsman has found after a year-long investigation into the European Commission’s management of an aid fund Continue Reading

Microsoft 365 banned in German schools over privacy concerns

German schools cannot legally use Microsoft Office 365 over lack of clarity about how data is collected, shared and used, as well as the potential for unlawful transfer of European citizens’ personal data to the US Continue Reading

South Staffs Water customer data leaked after ransomware attack

Personal data of water utility’s direct debit customers exposed on the dark web following a Clop ransomware attack Continue Reading

NIS regulations to be extended to cover MSPs

The UK government is moving ahead with plans to update the Network and Information Systems regulations to bring outsourcers and MSPs into scope Continue Reading

Chartered status and aligned standards are crucial for the UK's cyber sector

As the UK moves closer to ushering in the world’s first chartered cyber professionals, the UK Cyber Security Council’s Simon Hepburn outlines the sector’s defining moment Continue Reading

How gamifying cyber training can improve your defences

Security training is the cornerstone of any cyber defence strategy. With ever-escalating online threats, it is now more important than ever that this training is an engaging experience Continue Reading

Panzura partners with AWS on ransomware counter-measures

Panzura might have slipped beneath the waves, but it’s come back reinvigorated, and now boasts integration with AWS with ransomware protection and Outposts hardware Continue Reading

Data management, backup becoming the CISO's responsibility

More and more CISOs are taking on responsibility for wider data management strategies, and this trend looks set to grow next year Continue Reading

Not-for-profit aims to encourage 1,300 girls into cyber careers

CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber Continue Reading

South Korea data adequacy pact brings £15m Brexit bonus

UK government finalises a data adequacy agreement with South Korea, saying it will unlock a post-Brexit business bonus of just under £15m Continue Reading

Red team tool developer slams ‘irresponsible’ disclosure

UK security firm MDSec defends its Nighthawk command and control penetration testing framework after suggestions were made that it could be appropriated by threat actors Continue Reading

NHS trust that deleted up to 90,000 emails cleared of deliberately concealing evidence

A tribunal found in a high-profile case brought by whistleblower Chris Day that an NHS trust had not deliberately concealed evidence when a director deleted up to 90,000 emails before he was due to testify Continue Reading

Ransomware, storage and backup: Impacts, limits and capabilities

We look at the impact of ransomware on storage and backup, how storage and data protection can best be used to combat ransomware, and how they fit in the fight against it Continue Reading

Is Elon Musk’s Twitter safe, and should you stop using it?

With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use Continue Reading

New gold standard to protect good faith hackers

HackerOne’s new Gold Standard Safe Harbour statement will supposedly act as a guarantee for good faith hacking Continue Reading

CyberPeace Institute helps NGOs improve their security resilience

Adrien Ogée of the CyberPeace Institute talks about his work supporting NGOs and humanitarian organisations, and how the security community at large can help protect the world’s most vulnerable people Continue Reading

Another Log4Shell warning after Iranian attack on US government

The breach of a US federal body by an Iranian threat actor exploiting the Adobe Log4j Log4Shell vulnerability has prompted a fresh flurry of patching Continue Reading

Global network fragmentation a source of increasing risk

Risk consultancy’s report says the weaponisation of cyber space and geopolitical clashes herald a breakdown of global networks into distinct regional or national architectures Continue Reading

Security Think Tank: Let’s be transparent about ransomware

Greater transparency regarding ransomware attacks, including details about attack methods used and what kinds of assets were compromised, would likely help the community prevent future attacks Continue Reading

Cyber insurance: The good, the bad and the ugly

Most cyber insurance contracts are innately flawed because they exclude losses arising from state-backed cyber attacks, and this will make proper attribution even more important in the future, says Cisco Talos’ Martin Lee Continue Reading

MoD recruits Immersive Labs to bolster cyber resilience

UK’s Ministry of Defence will run cyber drills and address its security talent gap with Immersive Labs’ CyberPro, Cyber Crisis Simulator and Application Security products Continue Reading

Security Think Tank: To stop ransomware, preparation is the best medicine

You can’t ‘stop’ ransomware, but you can do a lot to keep yourself from becoming ensnared when it strikes Continue Reading