Regulatory compliance and standard requirements

UKAS rejects ISO certification concerns

UK’s certification body says refreshed guidance is in place to cover the possibility of lapsed ISO certifications Continue Reading

Social media data leak highlights murky world of data scraping

A data brokerage left its database of 235 million Instagram, TikTok and YouTube profiles exposed to anybody who cared to access it Continue Reading

HMRC investigates over 10,000 Covid-19 phishing reports

HM Revenue & Customs received thousands of reports of coronavirus phishing scams exploiting its name during April, May and June Continue Reading

Coronavirus: Thousands of ISO certifications set to lapse

Delays and postponements in the auditing process are putting hard-earned security and data protection certifications at risk of lapsing Continue Reading

Marriott slapped with class action lawsuit over 2018 breach

Group action brings together millions of victims who stayed at the Starwood hotel chain over a four-year period Continue Reading

Carnival cruise lines hit by ransomware, customer data stolen

Cruise ship operator is likely to be the victim of a major data breach after customer information is apparently stolen in a ransomware attack Continue Reading

Reports Oracle to enter TikTok bidding war

Oracle may be about to make a bid to acquire the US operations of TikTok from its Chinese parent ByteDance, according to the FT Continue Reading

The Security Interviews: How Crest is remaking the future of consultancy

Crest president Ian Glover taught himself cyber security while working on government computing systems in the 1970s and 1980s. Now he is on a decade-spanning mission to change security consultancy models Continue Reading

ICO acknowledges GDPR concerns over A-level results scandal

Information Commissioner’s Office says it has engaged with exams regulator Ofqual after its use of an algorithm to calculate A-level grades backfired Continue Reading

Oracle and Salesforce sued over online ad tracking

Class action lawsuits filed in Amsterdam and London will accuse Oracle and Salesforce of breaching GDPR in their processing and sharing of personal data to sell online advertising Continue Reading

APAC consumers do not feel responsible for data security

Just one in four consumers believe they should protect their own data, underscoring the tightrope between security and convenience that organisations have been walking on Continue Reading

EU and US start discussions on ‘enhanced’ Privacy Shield data-sharing agreement

Talks begin on a successor to the Privacy Shield EU-US data-sharing agreement declared unlawful in July 2020 – a decision by the European Court of Justice that left thousands of businesses facing legal uncertainty Continue Reading

Police use of facial recognition found ‘unlawful’ in court

In a landmark decision, the Court of Appeal has ruled that South Wales Police’s facial recognition deployments breached human rights and data protection laws Continue Reading

Why data exports from the EU will be challenging without Privacy Shield

Organisations exporting data to the US under Privacy Shield or overseas generally, whether under standard contractual clauses or binding corporate rules, need to urgently review the legal basis of these transfers   Continue Reading

French data protection authorities to probe TikTok as suitors circle

France’s CNIL has confirmed a new investigation into TikTok’s data protection practices Continue Reading

Hospitality sector is failing on contact-tracing obligations

Cyber security experts urge the government to do more to help small hospitality businesses improve their contact-tracing data-handling practices Continue Reading

Data Standards Authority publishes guidance on government data sharing

The Data Standards Authority (DSA) wants government departments to use new open data standards when sharing data, with the aim of improving public services Continue Reading

TikTok to be banned in US in 45 days

Trump says his Executive Orders against Chinese mobile apps are in the interests of dealing with a national emergency Continue Reading

How to achieve resilience – the modern uptime trinity

IT leaders can take responsibility for ensuring their organisations are resilient during times of crisis. There are no quick fixes, but if you think it is expensive to ensure resilience in your IT systems, try frequent failure instead Continue Reading

Australia updates cyber security strategy but offers little new

The nation’s latest cyber security strategy includes centralised management of networks and a voluntary code of practice for deploying internet-connected devices, among other areas Continue Reading

Canon said to be latest Maze ransomware victim

Canon may have had up to 10TB of its data exfiltrated by the Maze ransomware gang Continue Reading

Seven questions you need to ask when buying security insurance

Find out what you need to ask to make an informed decision on cyber security insurance with new help from the UK’s NCSC Continue Reading

Netherlands investigates innovative privacy technology SSI

Dutch research organisation is looking into areas where self-sovereign identity technology could be used in society and business Continue Reading

The countdown is on for TikTok after Schrems II

Given the US’ threatened actions against TikTok and the outcome of Schrems II, it is clear that the spotlight is now firmly on international data transfers Continue Reading

Five signs you’re about to get hit with ransomware

A series of Sophos reports on the ransomware threat landscape shows how security professionals can sniff out a potential ransomware attack before it happens Continue Reading

Liam Fox hack raises questions over government security

The hack of a former cabinet minister’s emails casts doubt over the effectiveness of safeguards and security training processes at the highest levels of the British government Continue Reading

The UK’s $500m space technology gamble

In this week’s Computer Weekly we ask why the UK government is spending $500m on a bankrupt satellite technology company. After a European court quashes the EU-US data sharing agreement, we examine the implications for a UK-EU data protection deal after Brexit. And how have small cloud suppliers coped in the pandemic? Read the issue now. Continue Reading

New foundation to bolster security of open source software

The Open Source Security Foundation will bring together key open source security initiatives across the industry to improve and support the security of open source software Continue Reading

Estonian police and border services need better IT to block criminals from becoming e-residents

Police and Border Guard Board of Estonia needs to improve its IT systems to stop criminals from becoming e-residents, says report Continue Reading

Microsoft offers way out of TikTok impasse

Microsoft offers to buy TikTok from its Chinese parent to ease security fears in the US Continue Reading

More data breaches from ransomware attacks in Australia

The number of data breaches caused by ransomware rose to 33 in the first half of 2020 from 13 in the previous six-month period, according to the latest report from the Office of the Australian Information Commissioner Continue Reading

Labour Party is latest victim of Blackbaud ransomware attack

Widening Blackbaud data breach ensnares the Labour Party as the cloud software firm continues to duck questions about its behaviour Continue Reading

US lawmakers grill big tech chiefs over market power

Sixth antitrust hearing sees CEOs of major technology companies face combative questioning from members of Congress over their market power and dominance Continue Reading

EU sanctions China and Russia over cyber attacks

The EU is applying restrictive measure to six individuals and three entities accused of conducting disruptive cyber attacks in Europe, including the Russian GRU Continue Reading

List of Blackbaud breach victims tops 120

More than 120 education and third-sector organisations may have had their data compromised through the breach of Blackbaud’s cloud platform Continue Reading

Bank of Ireland fined for six-year-old IT breach

Bank of Ireland fined by regulator for its failings to prevent fraud six years ago Continue Reading

Campaigners urge government to resist big tech lobbying pressure

Lobbyists for big tech, supported by senior US politicians, have rallied against stricter regulation of technology companies, and threatened the US-UK trade deal unless Britain scraps plans to levy a digital services tax Continue Reading

Schrems steps up pressure on Irish data protection commissioner on Facebook’s data sharing with US

Austrian lawyer is considering ‘other’ options if the Irish data protection commissioner does not make a decision by October on his seven-year-old complaint against Facebook Continue Reading

De Montfort, KCL, Newcastle universities join list of Blackbaud victims

Embattled cloud services provider now has big questions to answer over its handling of data belonging to UK universities and charities Continue Reading

NCSC names national security expert Lindy Cameron as new CEO

New National Cyber Security Centre head joins from the Northern Ireland Office and has spent 20 years in government at home and abroad Continue Reading

NCSC inducts six security startups to Cyber Accelerator

10-week programme will guide some of the UK’s most innovative security startups as they scale their businesses for future growth Continue Reading

MI6 apologises after attempt to interfere with intelligence court

The UK Secret Intelligence Service, MI6, has apologised after attempting to persuade the secretary of Britain’s most secret court to withhold documents from senior judges in a case about crimes by undercover agents Continue Reading

Australia issues new cloud computing guidelines

The new guidance, which comes after the expiry of the government’s cloud services certification programme, will help to bolster Australia’s cyber security resilience Continue Reading

Post-Privacy Shield, what chance for a Brexit data adequacy deal?

The striking down of Privacy Shield has been hailed as a victory for digital rights and privacy campaign groups, but it will have consequences that go beyond transatlantic data transfers Continue Reading

Coronavirus: Government drags its feet on online misinformation

Online misinformation about Covid-19 continues to spread unchecked, according to a DCMS committee report which has accused the government of dragging its feet over online harms Continue Reading

Russia Report reveals long-running cyber warfare campaign against UK

Russia has been hacking the UK for years and the British government has also known about it for years, according to the Intelligence and Security Committee’s report Continue Reading

Australian industry panel calls for ‘clear consequences’ of cyber attacks

A government-appointed panel recommends strong deterrence and other measures to be implemented in Australia’s next cyber security strategy Continue Reading

ICO hails transformative year as average fine trebles

Information Commissioner’s Office annual report reflects on a busy period, during which it levied two of the largest fines so far seen under the GDPR Continue Reading

Schrems v Facebook: European court strikes down EU-US Privacy Shield agreement

The European Court of Justice has struck down Privacy Shield, the EU-US data-sharing agreement, creating uncertainty for European countries that share data with the US and pressuring the US to reform surveillance laws Continue Reading

Coronavirus shines spotlight on cyber security

Programme committee chair of this year's RSA Conference Asia-Pacific and Japan talks up the challenges that IT security professionals in APAC are facing to mitigate security risks amid the Covid-19 pandemic Continue Reading

Government proposes IoT security enforcement body

The government is today publishing new proposals concerning planned legislation that will protect users of smart IoT devices from cyber criminals Continue Reading

11 obscure questions, Facebook, Max Schrems and the European Court of Justice

Eleven obscure questions will be the first step towards explaining why we in the UK and Europe have experienced 13 years of what has been described as ‘mass and indiscriminate surveillance’ by the US Continue Reading

Singapore’s Project Ubin hits commercialisation milestone

A blockchain payments network prototype spearheaded by Singapore’s central bank and its partners could speed up and lower the cost of cross-border payments Continue Reading

European court to decide legality of EU-US data sharing in dispute between Schrems and Facebook

A ruling by the European Court of Justice will have ramifications for hundreds of thousands of companies that share data with the US. The case aims to balance US surveillance laws with the rights of EU citizens to keep their data private Continue Reading

Recon vulnerability puts thousands of SAP customers at risk

Users of multiple SAP products including S4/HANA should apply the security update as soon as possible to protect their systems Continue Reading

Security Think Tank: AI in cyber needs complex cost/benefit analysis

AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate a IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation being gravely overestimated? Continue Reading

Australian enterprises facing more cyber attacks

The volume of cyber attacks in Australia jumped from 90% in October 2019 and 81% in February 2019, underscoring the worsening threat landscape in the country Continue Reading

Tencent Cloud teams up with ADBC on banking services

Singapore’s Asia Digital Bank Corporation could leverage Tencent Cloud’s financial cloud platform to provide banking services to small businesses Continue Reading

Oracle ups ante in cloud wars with dedicated customer regions

Oracle’s Dedicated Region Cloud at Customer will let enterprises run an entire cloud region in their own datacentres in a potentially game-changing move Continue Reading

CCPA enforcement has begun: Here’s what to expect

The US’s California Consumer Privacy Act came into force in January this year, but enforcement against technology companies did not begin until this month Continue Reading

Security Think Tank: Balancing human oversight with AI autonomy

Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation gravely overestimated? Continue Reading

MSP Xchanging attacked in ransomware incident

Specialist managed services provider is restoring customer access to systems after an unspecified ransomware incident Continue Reading

Australian government foreshadows ‘sovereign data’ classification

The Australian government will examine if certain government datasets should be declared sovereign and only be hosted in the country Continue Reading

The privacy challenges of easing lockdown

In this week’s Computer Weekly, as pubs in the UK re-open after lockdown, we examine the privacy issues around collecting customer data for contact tracing. We look at how interconnected devices are revolutionising the manufacturing and engineering sectors. And we assess GDPR progress two years after its introduction. Read the issue now. Continue Reading

Need to secure industrial IoT more acute than ever

A report from the Lloyd’s Register Foundation is calling for urgent action to secure industrial infrastructure, as the IoT leaves it increasingly exposed Continue Reading

Police secrecy over ‘IMSI-catcher’ mass surveillance of mobile phones

Following a tribunal ruling, constabularies in England and Wales can refuse to confirm or deny whether they use mass surveillance devices, known as IMSI-catchers to monitor people’s location, phone calls and text messages Continue Reading

UK’s unsung cyber security heroes sought

Nominations have opened for the fifth annual Security Serious Unsung Heroes Awards Continue Reading

Remote workers more aware of security, but still flout the rules

Almost three-quarters of remote workers reckon they have gained in cyber security awareness during lockdown, but don’t seem to be especially bothered about keeping themselves safe Continue Reading

Black Lives Matter, but do bots know that?

The volume of content generated each day necessitates automated moderation to curate everything as it is published, ensuring offensive and objectionable material is blocked. But this only works if systems are adequately configured and reviewed Continue Reading

Time to rethink business continuity and cyber security

Business continuity and cyber security remain largely in separate silos, but changes in the IT and cyber threat landscapes mean there is an urgent need for organisations to alter their approach Continue Reading

Australia to invest a record A$1.35bn in cyber security

The Australian government is making its largest ever investment in cyber security over the next decade to identify cyber threats, disrupt foreign cyber criminals and build new capabilities Continue Reading

Security Think Tank: ‘Shift left’ to secure containers

Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers? Continue Reading

The Security Interviews: What CISOs can learn from Covid-19

Mike Lloyd, CTO at Redseal, holds 21 cyber security patents and a PhD in stochastic epidemic modelling from Heriot-Watt University in Edinburgh, so is probably the man to talk to when it comes to cyber security in the world of Covid-19 Continue Reading

Making the case for cloud-based security

Cloud-based security tools can hasten threat detection and response, but adoption will depend on where an enterprise is on the cloud readiness scale Continue Reading

Out of date security laws leave UK plc at risk during pandemic

The CyberUp coalition has written to Boris Johnson to urge him to reform the UK’s 30 year-old cyber crime laws Continue Reading

Airports deploy thermal cameras to control Covid-19, science suggests it’s merely ‘safety theatre’

UK airports are rolling out thermal surveillance cameras to identify people who may have coronavirus, but science says the technology is ineffective at detecting and preventing the spread of the disease Continue Reading

CBI: Digital economy needs joined-up regulations and gigabit broadband

The coronavirus pandemic has shown the need for fast, reliable networking across the UK. The CBI is urging the government to do more Continue Reading

Veeam bullish on growth in APAC

Veeam’s top executive in Asia-Pacific expects the company’s growth momentum in the region to continue despite the Covid-19 pandemic, and is setting sights on growth areas such as container backups Continue Reading

EU judges GDPR an overall success, but changes still needed

Two years after its implementation, an EU report says that the GDPR is achieving what it set out to do, with a few reservations Continue Reading

Political parties harvest personal data to create profiles on voters, most of it wrong

The UK’s three main political parties are collecting personal data on voters, but much of it is wrong and its use may fall foul of data protection laws Continue Reading

How to apply zero-trust models to container security

Containers have become a common fixture in software development, but they have resulted in new concerns for security teams. Is zero-trust the answer to tackling them? Continue Reading

Facebook allows US users to disable political ads

Users of the social media platform will soon be able to opt out of seeing politically motivated posts Continue Reading

US pulls out of talks with Europe for global digital tax

Despite the US’s resistance to an international digital services tax, the UK and other European countries plan to continue pushing for a global solution to taxing technology giants Continue Reading

CW APAC: Trend Watch – data protection

Asia-Pacific organisations see the importance of having good data protection practices, even as they are still grappling with organisational and operational challenges. In this handbook, Computer Weekly looks at the different levels of preparedness across the region and what firms can do to plug any gaps. Continue Reading

Data protection watchdog calls for controls on police mobile phone stop-and-searches

Information commissioner wants new safeguards on the use of police powers to download sensitive personal data from the mobile phones of suspects and crime victims Continue Reading

Zoom U-turns on end-to-end encryption

Embattled video-conferencing provider Zoom backtracks on previous refusals to provide end-to-end encryption to free users Continue Reading

Amnesty identifies most privacy-invasive Covid-19 contact-tracing apps

Bahrain’s ‘BeAware Bahrain’, Kuwait’s ‘Shlonik’ and Norway’s ‘Smittestopp’ are the most privacy-invasive contact-tracing apps, reveals Amnesty International study Continue Reading

Coronavirus: 50% of security pros had no pandemic contingency plan

A survey of security professionals conducted on behalf of Bitdefender reveals the lack of forward planning for events such as the Covid-19 coronavirus pandemic Continue Reading

Malaysia’s telco industry on edge amid new developments, appointments

Spotlight trained on newly appointed key regulatory personnel that could see a change in Malaysia’s telco policy, including a deferment of 5G roll-out Continue Reading

Macquarie eyes government contracts with new Canberra datacentre

New Macquarie datacentre in the Australian capital designed to achieve Tier 4 datacentre standards will deliver 1.5MW of capacity by December 2020 Continue Reading

UK-US data deal puts Brexit data adequacy pact at risk

European Data Protection Board writes to MEPs saying the UK is at risk of failing to strike a post-Brexit data adequacy accord if its data protection agreements with the US don’t strike the right note Continue Reading

Why UK needs independent oversight body for contact-tracing app

The public needs and deserves clarity, and not just assurances, over the UK’s Covid-19 contact-tracing app Continue Reading

Hospital uses thermal surveillance cameras to protect patients against second wave of Covid-19

A North Midlands NHS trust claims to be the first NHS trust to deploy thermal surveillance cameras to protect patients and staff against the coronavirus Continue Reading

Security Think Tank: Container security starts with good DevOps practice

Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers? Continue Reading

Security Think Tank: Container security is evolving, so must CISOs

Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers? Continue Reading

Nasty surprises lurking in furloughed employees’ inboxes

Research conducted by KnowBe4 points to a looming email security problem as furloughed employees head back to work Continue Reading

How Australian firms can defend against supply chain attacks

Supply chain security risks can wreak havoc if measures are not taken to deter cyber attackers from exploiting a supplier’s security gaps to target another firm Continue Reading

The Security Interviews: How the BSI protects the IoT from itself

David Mudd of the BSI reveals how a pragmatic and realistic approach to security vulnerabilities underpins its internet of things kitemark, helping give users the confidence to buy smart devices safely Continue Reading

Why trust is the new currency

Businesses need to engender trust with customers amid the complexity of digital transactions involving multiple third parties, even as consumers are not fully cognizant of the importance of data privacy Continue Reading

Malaysian minister backtracks on spectrum allocation decision

Amid reports of a surreptitious decision to allocate spectrum to five Malaysian operators, the communications minister rescinds his own order, calling for a more transparent review of the allocation process Continue Reading