Regulatory compliance and standard requirements

NIS security regulations proving effective, but more work to do

The UK’s NIS cyber security and risk regulations are proving somewhat effective, according to a government report Continue Reading

Government launches IoT security funding round

A £400,000 funding pot is on offer for innovators to design schemes that boost internet-of-things security Continue Reading

Singapore’s contact-tracing app tops privacy study

Singapore’s TraceTogether is least intrusive in terms of privacy communications compared with similar apps in the region, study finds Continue Reading

Public Health England to keep contact-tracing data for 20 years

PHE will retain the data it collects via the NHS Test and Trace programme for 20 years Continue Reading

Revealed: Surveillance camera network that covered Dominic Cummings’ lockdown travel

A network of automatic number plate recognition and local authority traffic cameras could help police track Downing Street chief of staff Dominic Cummings’ journeys to Durham and Barnard Castle during the Covid-19 lockdown Continue Reading

GDPR at two: How far we’ve come, how far we still have to go

Marking two years of the General Data Protection Regulation, industry voices weigh in on the state of data protection and privacy, consider what has changed, and what still needs to change Continue Reading

Max Schrems accuses Ireland of ‘Kafkaesque’ delay in Facebook GDPR investigation

Privacy campaigner Max Schrems has urged the European Commission to intervene after the Irish Data Protection Commission allegedly used ‘Kafkaesque’ tactics to delay investigations into Facebook’s compliance with GDPR Continue Reading

The Security Interviews: Temper tantrums ahead as GDPR enters its terrible twos?

On the General Data Protection Regulation’s second birthday, Tim Hickman, a data protection lawyer and partner at White & Case LLP, discusses the regulation’s teething troubles and assesses how best to maintain optimum compliance Continue Reading

Coronavirus: Australia calls for stronger defences amid cyber attacks

The Australian Cyber Security Centre offers guidance for critical infrastructure operators to guard against cyber attacks which have already hit the healthcare sector Continue Reading

EasyJet to be sued over customer data breach

If successful, airline’s potential liability for the loss of millions of customer records could be as high as £18bn Continue Reading

How effective security training goes deeper than ‘awareness’

Cyber criminals are constantly developing their techniques and strategies, so security training needs to do the same Continue Reading

Hancock to Harman: No contact-tracing privacy law

Health secretary claims existing data protection law is good enough to guarantee the security of contact-tracing data Continue Reading

NCSC discloses multiple vulnerabilities in contact-tracing app

National Cyber Security Centre has received mountains of feedback on the security of the government’s Covid-19 contact-tracing app, and has now taken the step of making multiple disclosures Continue Reading

Responsible Cyber acquires Secucial in S$7m deal

Singapore startup Responsible Cyber plans to bolster its Immune platform with access control management capabilities, and sets out to expand its global footprint Continue Reading

Cancelled NCSC CyberUK event gets green light for 2021

The NCSC’s popular CyberUK event has been rescheduled to next year, and will again take place in Newport in south Wales Continue Reading

GDPR wholly inappropriate to govern contact-tracing data

Human Rights Committee Chair Harriet Harman says current data protection law is not up to the job of governing the data collected by the Covid-19 contact-tracing app Continue Reading

Huawei: US using technological strengths to ‘crush’ companies outside its own borders

Chinese tech giant hits back at White House decision to extend technology ban and says it will ultimately be self-harming Continue Reading

Malaysia’s data protection practices still have some way to go

Some Malaysian firms are not using data protection tools to the fullest potential, while others only think about data protection after a breach Continue Reading

Harman seeks to bring private member’s bill over contact tracing

Chair of Human Rights Committee aims to put the proposed Contact Tracing (Data Protection) Bill 2020 before parliament as a private member’s bill if necessary Continue Reading

Surveillance capitalism in the age of Covid-19

Could the Covid-19 coronavirus pandemic further consolidate surveillance capitalist practices and enterprises? Author Shoshana Zuboff warns Computer Weekly it is possible Continue Reading

Report reveals inadequate cyber security at Schiphol Airport

A report has revealed problems with critical security systems in Amsterdam’s Schiphol Airport Continue Reading

Security Think Tank: Burnt out CISOs are a huge cyber risk

Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security pros manage their increased workload, safeguard their mental wellbeing, and avoid burnout? Continue Reading

Nation state APT groups prefer old, unpatched vulnerabilities

The Cybersecurity and Infrastructure Security Agency and the FBI have published details of the most commonly exploited vulnerabilities of recent years, and there are some “classics” on the list Continue Reading

Can Lady Gaga and Madonna get people to take security seriously?

What does it take to get people to pay attention to cyber security? A celebrity law firm hack may hold some answers Continue Reading

European comms bodies set up standards group, call for vigilance on contact-tracing apps

New ETSI group will develop standardisation framework for secure smartphone-based proximity tracing systems, helping to break Covid-19 transmission chains Continue Reading

Draft Covid-19 contact tracing legislation proposes formal oversight

Human Rights Committee chair Harriet Harman has outlined a proposed bill to guarantee the security and privacy of data generated by the UK’s Covid-19 contact tracing app Continue Reading

Details released of second UK contact-tracing app development

Contractual documents show Zuhlke Engineering receiving an official start date of 6 May to supply a managed delivery team to support and run proximity mobile application and services for the UK Continue Reading

Police failing to consult public on new technologies

A freedom of information campaign has revealed that UK police are largely failing to consult the public on their use of new technologies, with the potential to undermine the principle of policing by consent Continue Reading

Security Think Tank: Create healthy habits to avoid burnout

Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security professionals manage their increased workload, safeguard their mental well-being and avoid burnout? Continue Reading

APAC firms still coming to grips with data protection

More governments in Asia are implementing data protection regimes, but challenges such as checkbox compliance and the lack of effective staff training remain Continue Reading

How Australian firms can plug data protection gaps

Australian organisations can address data protection challenges by creating roles such as a data governance lead, classifying data and improving employee awareness of cyber hygiene Continue Reading

Banks failing to protect customers from coronavirus fraud

Just 13 of the 64 banks accredited for the government’s Coronavirus Business Interruption Loan Scheme have implemented Dmarc protection Continue Reading

What are the security priorities for the post-coronavirus world?

The Covid-19 pandemic is forcing massive change across the business world and things may never go back to normal. What does security look like in this new world, and what will buyers be prioritising? Continue Reading

Contact-tracing app fails to protect privacy and human rights

Reassurances over the security and human rights implications of NHSX’s approach to developing its Covid-19 contact-tracing app are insufficient, says the cross-bench Human Rights Committee Continue Reading

Facebook announces oversight board members

New board will rule on freedom of expression issues and make policy recommendations to social media giant. Continue Reading

FBI search warrants reveal Trump aide’s messages to WikiLeaks founder Julian Assange

FBI search warrants reveal Trump campaigner Roger Stone sent private messages to WikiLeaks founder Julian Assange after the site published thousands of documents that damaged Hillary Clinton’s election campaign Continue Reading

Contact tracing: The privacy vs protection debate

The Covid-19 pandemic has necessitated extreme measures not seen in peacetime for over 100 years. Contact-tracing apps are being developed as a tool for managing the pandemic, but are they a step too far? Continue Reading

Building security and privacy into contact-tracing apps

Governance and data decentralisation are among measures that organisations can take to allay security and privacy concerns over contact-tracing apps, according to RSA Continue Reading

NHSX contact-tracing app needs legislative oversight

Legal experts have told Parliament’s Human Rights Committee that legislation is desirable to ensure public trust in the data security of the Covid-19 coronavirus contact-tracing app Continue Reading

Podcast: How to get cyber accountability on the board agenda

We look at how boards should carry out strategic and operational risk profile assessments and plan for compliance on an ongoing basis to avoid fines and damage to the business Continue Reading

Four risks to data privacy and governance amid Covid-19

EY privacy experts assess some of the novel risks to data privacy, protection and governance during the Covid-19 coronavirus pandemic Continue Reading

Security Think Tank: CISOs must adapt to fight Covid-19 burnout

Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security pros manage their increased workload, safeguard their mental wellbeing, and avoid burnout? Continue Reading

IT Priorities 2020: Compliance and risk are top security concerns

When it comes to security, buyers are prioritising solutions and services that address compliance issues, risk management and data protection, according to the Computer Weekly/TechTarget IT Priorities 2020 study Continue Reading

NCSC tackles unconscious bias in security terminology

The terms whitelisting and blacklisting are out at the UK’s National Cyber Security Centre Continue Reading

Why you should think before you Zoom

Feel free to use Zoom during the coronavirus lockdown, but think before you discuss anything confidential Continue Reading

IMDA to issue 5G spectrum to Singtel and StarHub-M1 venture

Singapore’s telco regulator will award 5G spectrum to major operators whose proposals have exceeded its requirements in some cases Continue Reading

Coronavirus: Call for extension to European payment security standard deadline

Payment processors across Europe want more time to meet the SCA payment security standard Continue Reading

Julian Assange extradition hearing postponed amid coronavirus lockdown

Julian Assange’s lawyers say they have been unable to communicate or share legal documents with the WikiLeaks founder to enable them to prepare a defence in time for a planned extradition hearing in May Continue Reading

UK tech companies launch online safety body

Online Safety Tech Industry Association unites 14 technology companies to drive conversation and policy around online safeguarding Continue Reading

Australia’s CovidSafe app debuts, source codes to follow

Australia’s contact tracing app has been downloaded more than 1.1 million times, even as privacy concerns linger on Continue Reading

Ransomware-stricken Travelex up for sale

Travelex’s parent Finablr is washing its hands of the ransomware-stricken forex provider as it struggles with the twin shocks of the Covid-19 pandemic and a developing fraud scandal Continue Reading

Public authorities set to receive expanded surveillance powers

UK government wants to extend the number of public authorities able to obtain communications data using mass surveillance Continue Reading

A carrot-and-stick approach to fixing cyber security complacency

With a majority of IT decision-makers holding the opinion that their employers are complacent when it comes to data protection, we look at what needs to be fixed, and how to fix it Continue Reading

Podcast: Remote compliance assessments and how they are done

Remote working adds to IT compliance risks, but doesn’t remove the need to assess compliance. How are remote compliance assessments carried out and how can you prepare for them? Continue Reading

IT services company Cognizant warns customers after ‘Maze’ ransomware attack

US IT services company Cognizant alerts customers after the Maze ransomware group launches a cyber attack Continue Reading

Dutch organisations address business email compromise fraud

Public-private partnership in the Netherlands works to break the chains used by fraudsters to carry out BEC attacks Continue Reading

Australian workers are weakest link in fight against cyber attacks

About four in 10 employees are sharing inappropriate data across mobile devices and half of all security incidents in 2019 occurred through inappropriate IT use, new study finds Continue Reading

Coronavirus: How Nominet fights back against malicious domains

Domain name registry has thwarted hundreds of attempts to register malicious .uk domain names during the coronavirus pandemic Continue Reading

EU warns no compromise on privacy as NHS clashes with tech firms on contact tracing

EU and UK regulators express data privacy concerns days after Silicon Valley giants announce collaboration on contact-tracing apps to prevent the spread of the Covid-19 coronavirus Continue Reading

Coronavirus: Security certification body puts exams online

Candidates for certification by the International Association of Privacy Professionals will now be able to sit their exams remotely Continue Reading

Coronavirus: ICO temporarily relaxes regulatory approach

The Information Commissioner’s Office sets out a revised approach to its regulatory duties during the Covid-19 coronavirus pandemic Continue Reading

A legal perspective on data breaches and home working

Legal experts from Fieldfisher share guidance on how to deal with cyber attacks during the coronavirus crisis, and what the ICO expects in terms of notification Continue Reading

Multicloud storage 101: Pros, cons, pitfalls and strategies

Not putting all your eggs in one basket can be helpful to an enterprise’s resilience strategy. We look at multicloud storage and the benefits and pitfalls it brings Continue Reading

BA and Marriott get GDPR fine reprieve

Both British Airways and Marriott International have had their General Data Protection Regulation fines deferred until later in 2020 Continue Reading

Covid-19 apps pose threat to digital privacy on a global scale

Digital security firm Surfshark has reviewed a number of apps aimed at tackling the spread of coronavirus, and found that many pose a threat to people’s digital privacy Continue Reading

Security Think Tank: Continuity planning doesn’t have to be complex

In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances? Continue Reading

Morrisons appeal success is cold comfort for enterprises

The success of Morrisons’ appeal against judgments that it should be held vicariously liable for an insider data breach will be welcomed by businesses, but may be of limited comfort to them Continue Reading

Podcast: Covid-19, compliance risk, remote assessment and training

We talk to Mathieu Gorge, CEO of Vigitrust, about why organisations cannot drop their guard on compliance during the increased risks faced as a result of the coronavirus crisis Continue Reading

Swedbank to rebuild anti-money laundering systems after damning report

Report finds that €36.7bn in transactions, all carrying a high risk for money laundering, were processed through the bank’s branch network in Estonia, Latvia and Lithuania Continue Reading

Marriott International hotel chain in second data breach

Marriott International notifies customers of a major data breach that unfolded earlier in 2020 – the second it has experienced in the past two years Continue Reading

Top five compliance concerns for UK business in 2020

We look at the top five legal and regulatory compliance concerns for UK businesses in 2020. It’s a list that includes GDPR, the DPA, PECR, PCI-DSS and the CCPA Continue Reading

Why security validation matters

FireEye’s top executives in Asia-Pacific discuss the benefits of security validation and offer their take on the region’s cyber threat landscape Continue Reading

Lorca calls on security scaleups to tackle coronavirus challenge

Lorca innovation programme has launched an open call for its next cohort of cyber security scaleups, with a timely focus on coronavirus challenges Continue Reading

Coronavirus: What are the latest free cyber security offers?

We round up the latest free offers on cyber security products and services being made available during the Covid-19 coronavirus crisis Continue Reading

Developed APAC states most exposed to cyber risks

Singapore, South Korea, Japan, Australia and New Zealand have the highest exposure to cyber risks, but they are also the most prepared to deal with cyber attacks, study finds Continue Reading

Almost half of UK businesses suffered a cyber attack in past year

Latest government statistics reveal the scale of the cyber security challenge facing UK plc, but reveals some cause for optimism Continue Reading

Coronavirus and privacy – finding the middle ground

Data collection has a role to play in fighting the deadly Covid-19 coronavirus outbreak, but governments need to be accountable for how it is used Continue Reading

The AWS bucket list: Keep your cloud secure

Misconfigured cloud installations risk billions of records being exposed, damaging organisations’ finances and reputations. Paying attention to securing AWS storage buckets is a simple matter Continue Reading

Coronavirus: Kaspersky, Bitdefender make products free to NHS

Kaspersky and Bitdefender have both made various products and services available free to healthcare customers as the Covid-19 coronavirus pandemic intensifies Continue Reading

Why zero trust may not be all it’s cracked up to be

While they are discussed ad nauseam in the security industry, zero-trust architectures may not be all they’re cracked up to be, according to analyst Sam Bocetta Continue Reading

Cyber gangsters hit UK medical firm poised for work on coronavirus with Maze ransomware attack

The Maze ransomware group has published personal and medical details of thousands of former patients of a London-based medical research company after a failed attempt to disable the firm's computer systems Continue Reading

UK Coronavirus Bill relaxes restrictions on mass surveillance powers

Emergency legislation would massively expand state surveillance and police detainment powers Continue Reading

Coronavirus: How to implement safe and secure remote working

Find out what CIOs and CISOs need to know to enable their end-users to work remotely and stay secure during the Covid-19 coronavirus crisis, and learn how users can help themselves Continue Reading

Prudential turns to AI to secure computer networks against cyber attacks

Prudential, the UK’s largest listed insurer, is turning to artificial intelligence to protect its computer networks in the US, Asia and Africa from malware hackers and internal threats Continue Reading

Travelex under threat as insolvency risk, hacking costs and coronavirus take their toll

Foreign exchange group’s future remains uncertain as its parent company, Finablr, prepares for potential insolvency Continue Reading

UN identifies tech companies working in Occupied Palestinian Territories

United Nations Human Rights Office report names a number of technology companies that could be involved in violating human rights Continue Reading

Security Think Tank: To tackle Covid-19, be prepared, flexible and resilient

In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances? Continue Reading

UK makes its case for post-Brexit data adequacy decision

Government sets out an explanatory framework as it seeks adequacy decisions from the European Commission to maintain the free flow of personal data between the European Union, the UK and Gibraltar Continue Reading

Equality watchdog calls on police to stop using facial recognition

Equalities and Human Rights Commission says use of automatic facial recognition and predictive algorithms by police is discriminatory, stifles freedom of expression and lacks a proper legislative framework Continue Reading

Security Think Tank: A guide to security best practice for pandemics

In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances? Continue Reading

Security Think Tank: Coronavirus crisis helps put security in context

In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances? Continue Reading

Cross-regulator taskforce on digital economy announced in 2020 Budget

UK regulators will join forces to look at how the potential regulation of the digital platforms and advertising markets would work Continue Reading

Microsoft fixes 26 critical vulnerabilities in another heavy Patch Tuesday

March’s Patch Tuesday is another big one for Microsoft, addressing 115 vulnerabilities, 26 of them critical Continue Reading

Inside Oracle’s cloud strategy

Oracle may be late to the cloud infrastructure and platform game, but it believes it has what it takes to carve out a bigger slice of the Asia-Pacific’s cloud market Continue Reading

Bill Gates backs Crest fintech security scheme for Africa and Asia

UK-based cyber security accreditation and certification non-profit Crest has been awarded a $1.4m grant from the Bill and Melinda Gates Foundation to expand cyber security capacity for fintechs in Africa and Asia Continue Reading

Virgin Media confirms 'misconfigured database' left personal data of 900,000 people exposed

Telco provider Virgin Media confirms 'data incident' that left personal details of 900,000 people exposed, but denies its systems were hacked or that it suffered a data breach Continue Reading

Podcast: ‘The human element’ in compliance at RSA 2020

We review RSA 2020 and discuss the human element in compliance, plus network and data management, trust, Covid-19 and its implications for organisations, and GDPR and CCPA Continue Reading

Cathay Pacific hit with £500,000 data protection fine from ICO over 2018 breach

Airline receives maximum financial penalty under Data Protection Act for data breach that led to nine million customers having their personal data accessed by hackers Continue Reading

Australian government pulls plug on cloud certification programme

The Australian Signals Directorate is closing its cloud services certification programme to allow for more home-grown suppliers Continue Reading

Singapore among world’s top sources of online threats

Singapore remained a hotspot for originating cyber attacks in 2019, with 11 million attacks launched from servers in the city-state Continue Reading