Regulatory compliance and standard requirements

Why ‘no breach’ is bad news for your compliance

You might think it’s a good thing if your organisation has a clean record when it comes to data breaches, but this is not necessarily the case Continue Reading

Data breaches in Australia showing no signs of abating

Compromised login credentials and human error were the most common causes of data breaches reported under Australia’s notifiable data breach regime from July to December 2019 Continue Reading

Clearview hack fuels debate over facial recognition

Customers of Clearview AI, a controversial startup that scrapes and sells billions of photos of people from social media to police forces, have found themselves at the centre of a major data breach Continue Reading

FCA data breach could happen to anybody, but easy to avoid

Minor data breach at the Financial Conduct Authority was the result of simple human error, and highlights the need for organisations to consider a wide range of potential threats Continue Reading

Met Police chief backs legislative framework for police tech

Met Police commissioner has called for legislative framework to govern police use of new technologies, while defending the decision to use live facial recognition technology operationally without it Continue Reading

Google warns users not to mess with Huawei devices

Google tells users of Huawei devices to try to avoid bypassing controls preventing them from loading its apps Continue Reading

Cloud data leaks compounded by lack of automation tools

Data leaks caused by misconfigured clouds are being compounded because security teams lack appropriate automation and integration tools, according to a report Continue Reading

Thai university to roll out data protection certification

Thailand’s National Institute of Development Administration is offering a certification programme to get organisations ready for the country’s data protection regime Continue Reading

Assange extradition is a politically motivated ‘abuse of power’, court hears

US government’s attempt to extradite WikiLeaks founder Julian Assange to face espionage charges in the US is politically motivated and an abuse of process, court told Continue Reading

Blasé directors put business data at risk

The higher up within a business you go, the more likely you are to find people intentionally leaking confidential data, says Egress Continue Reading

Is this Netflix-style thriller the future of security training?

Cyber awareness specialists at KnowBe4 reckon that bringing Netflix-style production values to corporate videos heralds a new approach to security training Continue Reading

Most CISOs ready to move jobs if something better comes along

The shortage of skilled security pros is creating an active recruitment market, with over 80% of CISOs saying they would consider a new role if approached Continue Reading

Veeam Availability Suite v10 adds NAS backup and cloud tiering

Availability Suite is mostly about consolidating the company’s data management platform idea, but it has added incremental forever NAS backup, cloud tiering and recovery to vSphere Continue Reading

Security Think Tank: Zero trust strategies must start small, then grow

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs approach moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

Mastercard opens European security resilience unit

Mastercard’s European Cyber Resilience Centre will bring together its partners and other industry bodies to support enterprise resilience Continue Reading

Security Think Tank: Ask yourself if zero trust is right for you

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

PM Johnson shuffles technology and digital ministers again

Boris Johnson has changed all the key Cabinet appointments responsible for tech and digital policy for the second time since becoming prime minister last year Continue Reading

Security Think Tank: How zero trust lets you take back control

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero trust architecture? Continue Reading

Security Think Tank: Practical steps to achieve zero trust

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

MI5 failed to disclose failings in handling intercepted data, court hears

MI5 failed to disclose serious failures in the way it handled intelligence data to the Investigatory Powers Tribunal, the surveillance regulator and ministers. Continue Reading

Tencent Cloud gains multi-tier cloud security certification

China's Tencent Cloud joins major cloud suppliers in securing tier three of Singapore’s Multi-Tier Cloud Security standard in a bid to grow its presence in Asia Continue Reading

Police use of facial recognition ‘unjustifiable’, says Scottish Justice Committee

Members of the Scottish Parliament have said police use of live facial recognition technology is “not fit for purpose” Continue Reading

What should be in Australia’s next cyber security strategy

The Australian government is reviewing the nation’s cyber security strategy, but is it looking at the right issues? Continue Reading

Norway braces for possible China backlash over 5G loss

Norway fears trading relationship with China will suffer as a result of Huawei losing 5G contract to Ericsson Continue Reading

Security Think Tank: Zero trust is complex, but has rich rewards

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

Stressed, overworked CISOs losing £23k a year in unpaid overtime

Nominet’s latest CISO Stress Report has revealed the extent to which organisations are taking advantage of their security staff, and the deleterious effects of overwork and stress on mental health Continue Reading

Security Think Tank: Zero trust is not the answer to all your problems

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

The fight against cyber crime: Why cooperation matters

With the WEF’s Global Risk Report 2019 ranking cyber attack in the top five global risks, we now see rising consensus at institutional level that no individual stakeholder can address the breadth of security challenges we face today Continue Reading

Social media targeting algorithms need regulation, says CDEI

The Centre for Data Ethics and Innovation is recommending regulation of social media algorithms as part of a drive to make user targeting safe and ethical Continue Reading

MI5 faces court ruling over unlawful surveillance warrants

Privacy groups Liberty and Privacy International ask the Investigatory Powers Tribunal to order MI5 to disclose full details of ‘unlawful’ conduct, after classified documents reveal the spy agency failed to comply with surveillance laws Continue Reading

Security Think Tank: Facing the challenge of zero trust

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

NHS adds supplier security audits to procurement platform

A new feature in the NHS’s Edge4Health procurement platform will help NHS suppliers improve their cyber security posture and NHS organisations make better buying decisions Continue Reading

Security Think Tank: Zero trust – just another name for the basics?

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

Davos: The clock is ticking on climate change but cyber crime and emerging technologies add to risks

Climate change, natural disasters, extreme weather and loss of biodiversity are the greatest risks we face. With cyber conflicts, state-sponsored hacking and internet fragmentation, doing nothing is not an option, says the World Economic Forum Continue Reading

NCSC launches study on cyber security diversity

The UK’s National Cyber Security Centre wants to improve the diversity of the cyber security sector Continue Reading

Avast cans data harvesting subsidiary after outcry

Avast will close its Jumpshot big data unit following repeated allegations of inappropriate handling of customer data Continue Reading

UK cyber security sector worth more than £8bn

The UK’s cyber security industry employs 43,000 full-time workers, and contributed nearly £4bn to the UK economy in 2019, according to DCMS Continue Reading

NHS suffers fewer ransomware attacks, but threat persists

Ransomware attacks against the NHS have tapered off dramatically, according to statistics obtained under FoI legislation, but this does not mean the threat has diminished Continue Reading

Podcast: How to boost staff awareness of compliance

Employee awareness of compliance, of the laws and regulations that affect your business, is vital, in some cases even mandatory. We look at the key ways to achieve it Continue Reading

Top four compliance considerations for SMEs

We look at the key data compliance regulations that affect smaller companies – such as GDPR, the Data Protection Act, PCI-DSS and PECR – and some key industry-specific frameworks Continue Reading

Data privacy benefits outweigh spend, says Cisco

Cisco’s 2020 data privacy study shows organisations can generate substantial returns on their data privacy and protection spending Continue Reading

Interpol uncovers cyber crime operation in Indonesia

An Interpol-coordinated cyber operation leads to the arrest of three people in Indonesia who allegedly used a JavaScript-sniffer malware to steal payment card details of online shoppers Continue Reading

Met Police to launch facial recognition operationally

Despite the continuing controversy around its use, the Metropolitan Police will be deploying live facial recognition across the capital Continue Reading

SANS Institute calls on Manchester security pros

Manchester will play host to a week-long cyber security training event during February Continue Reading

Cyber gangsters publish staff passwords following ‘Sodinokibi’ attack on car parts group Gedia

Sodinokibi hacking group steps up pressure on German automotive manufacturer by publishing information, including the CEO’s computer password and sensitive details of its IT systems, on the internet Continue Reading

Seven projects funded to explore CAV security

The winners of the Cyber Securities Feasibility Studies contest, exploring cyber security for self-driving cars, have been revealed Continue Reading

End-user security ignorance laid bare in new report

Proofpoint’s 2020 State of the Phish report highlights an urgent need for better user training and reporting Continue Reading

Six disaster recovery pitfalls and how to avoid them

We look at some key pitfalls in disaster recovery, such as failing to plan, not testing the plan, not protecting backups, poor communication and neglecting the human element Continue Reading

Startup uses machine learning to support GDPR’s right to be forgotten

Non-intrusive algorithms enable users to track which companies hold their data, so they can take it back Continue Reading

Computer Misuse Act ‘crying out for reform’

Group of campaigners says the Computer Misuse Act of 1990 risks criminalising cyber security professionals and needs reforming Continue Reading

ICO code sets out digital privacy standards for children

The Information Commissioner’s Office has published its Age Appropriate Design Code, a set of 15 standards that online platforms must meet to protect the privacy of younger users Continue Reading

Singapore updates model AI governance framework

Second edition of Singapore’s artificial intelligence governance framework includes new guidance, use cases and a self-assessment guide Continue Reading

5G builders test vulnerabilities in Finnish hackathon

University hackathon puts 5G security to the test as new wireless technology’s roll-out nears Continue Reading

High-street banks face disruption three weeks after Travelex hack

Foreign exchange services still disrupted, three weeks after Travelex received a $6m ransom demand from cyber gangsters Continue Reading

Don’t become the next Travelex: Get ready for ransomware

With Travelex’s IT still in disarray and banks and travellers left without access to funds more than a week after it was hit by a ransomware attack, we ask what others can learn from the foreign exchange services company’s response to the incident. Continue Reading

GDPR nets more than €100m in fines, with more to come

Fines totalling €114m have already been collected under GDPR, and this figure will spike in 2020 if the UK regulator succeeds in imposing record fines on BA and Marriott Continue Reading

CAA debuts aviation cyber security assurance scheme

Civil Aviation Authority and Crest announce the first companies to be accredited under the CAA’s new cyber security oversight scheme, Assure Continue Reading

UK’s phone and internet bulk data surveillance unlawful, says EU court opinion

The Advocate General of the European Court of Justice issues legal opinions finding that the UK, French and Belgian bulk surveillance regimes are unlawful Continue Reading

Security Think-Tank: Tackle insider threats to achieve data-centric security

The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading

Thailand gets ready for data protection law

Thailand’s personal data protection law comes into effect in May 2020, subjecting organisations to new rules that safeguard the personal data of individuals Continue Reading

LGBTQ+ social app Grindr accused of breaching GDPR

Norwegian Consumer Council files complaints about LGBTQ+ social networking app, alleging it is in breach of the General Data Protection Regulation Continue Reading

Threat landscape grew in complexity in 2019, no respite in sight

Check Point’s annual state of security report shares some 2019 trends and looks ahead to 2020 Continue Reading

Two-thirds of UK healthcare organisations breached last year

The majority of healthcare organisations in the UK experienced a cyber security incident during 2019, with almost half the result of viruses and malware introduced on third party devices Continue Reading

Turn the end of Windows 7 support into a security advantage

CISOs can take advantage of the end of support for Microsoft Windows 7 by making the case for more investment in cyber security Continue Reading

Learning from the Travelex cyber attack: Failing to prepare is preparing to fail

The key lesson to take from the Travelex breach is that an effective response to a breach is a critical business function and no longer the sole province of the IT department Continue Reading

Travelex hackers threaten to sell credit card data on dark web

Sodinokibi cyber gangsters have threatened to sell Travelex customers’ private data on a Russian underground cyber crime forum if it fails to pay a $6m ransom Continue Reading

Retail group Dixons Carphone fined £500,000 over data breach

Dixons Carphone receives maximum possible pre-GDPR fine from the ICO following a 2018 data breach Continue Reading

DRaaS decisions: Key choices in disaster recovery as a service

We examine the key decisions when considering DRaaS. Whether to go full self-service, assisted or managed will depend on what you need to protect and your in-house resources Continue Reading

Whisper it… but could a cyber attack be good for your career?

All too often it’s the CISO who carries the can for an enterprise security failure, but this might not be a bad thing. There’s lots of evidence to suggest that falling victim to a cyber attack may actually enhance your CV Continue Reading

New GDPR service aims to ease compliance challenges

Security consultants claim their software platform will address a pressing need for an effective and efficient means of complying with data protection rules Continue Reading

Half of UK citizens want tighter data regulations

Over 50% of UK citizens believe the gathering and use of personal data should be subject to more stringent government oversight, according to Fujitsu Continue Reading

Five ways that backup has changed since the days of tape

Back in the day, all this was tape, but times have changed, with cloud-to-cloud backup, cloud storage, virtual and physical backup appliances and myriad endpoint hardware Continue Reading

Security Think Tank: Let’s call time on inciting fear among users

The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading

Survey about Swedish people’s attitude to the internet reveals growing distrust of social media

Swedish citizens are becoming more concerned about the activities of social media companies and are reducing their online interaction with them as a result Continue Reading

Suspected ransomware attack causes worldwide disruption for Travelex

Travelex switches off computer systems and resorts to cash-only currency sales after malware attack. Insiders claim the currency exchange chain has been hit by ransomware which has left critical files containing customer data encrypted Continue Reading

California’s CCPA an opportunity for security industry to do better

California’s consumer protection and data privacy laws came into effect on 1 January 2020, and present a golden opportunity for the cyber security practitioners Continue Reading

Interview: Why we need a GDPR for dead people

Back in 2000, there was no Facebook or Twitter and the smartphone revolution had not begun. Today, digital identities outlive the people they represent Continue Reading

Top 10 investigative stories of 2019

Here are Computer Weekly’s top 10 investigative stories of 2019 Continue Reading

Top 10 enterprise IT in the Middle East stories of 2019

Here are Computer Weekly’s top 10 enterprise IT in the Middle East stories of 2019 Continue Reading

Top 10 cyber crime stories of 2019

Here are Computer Weekly’s top 10 cyber crime stories of 2019 Continue Reading

Top 10 cyber security stories of 2019

Here are Computer Weekly’s top 10 cyber security stories of 2019 Continue Reading

Finnish government supports local authorities in cyber security initiative

The Finnish government has committed resources to a cyber security project aimed at local authorities Continue Reading

EU court opinion finds EU-US data transfers lawful but raises questions over Privacy Shield

The Advocate General of the European Court says standard contractual clauses are lawful, but raises questions over the impact of US surveillance on the legality of Privacy Shield Continue Reading

Facebook: Legality of EU-US data sharing to be decided by Court of Justice

The Advocate General of the European Court of Justice will give an opinion on the legality of EU-US data transfers that could have major implications for big tech companies and US government mass surveillance practices Continue Reading

Top 10 Australia IT stories of 2019

Here are Computer Weekly’s top 10 Australia IT stories of 2019 Continue Reading

Group-IB CEO talks up global threat landscape

Public attribution of cyber attacks could backfire while a global cyber norms framework won’t emerge until a catastrophic incident occurs, says the head of Singapore-based Group-IB Continue Reading

Can Europe legally share data with the US? A court far away is about to decide

The European Court of Justice will deliver an opinion on whether Europe can legally continue to send private data about European citizens to the US Continue Reading

Security Think Tank: Data-centric security requires a holistic approach

The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading

We can’t allow fake news and disinformation to upend our democracy

Fake news, misinformation and cyber attacks are part of our political process – now is the time to act Continue Reading

Best practices to help CISOs prepare for CCPA

With the CCPA taking effect in 2020, check out security chiefs' best practices to get ahead and stay ahead of impending data privacy and protection compliance regulations. Continue Reading

The art of surveillance: the Stasi archives and the Investigatory Powers Act

A photographic exhibition captures the chilling impact of surveillance in the UK and the former German Democratic Republic Continue Reading

Scottish Justice Committee wants extra powers for biometrics commissioner

Members of Scottish Parliament in the Justice Committee have welcomed the creation of a biometrics commissioner for Scotland, but want ensure that they have the ‘necessary teeth’ for the job Continue Reading

China bans foreign computing kit from government contracts

All government offices and public institutions must eliminate foreign hardware and software within three years, according to a leaked directive dubbed 3-5-2 Continue Reading

Dutch government must facilitate and coordinate a broad eID system

The Dutch government should push for an electronic ID system for its citizens that works across the public and private sectors, according to a report Continue Reading

Security Think Tank: Time for a devolution of responsibility

The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading

Black Hat Europe: Mental health websites are leaking user data

At Black Hat Europe in London, researchers reveal the extent to which confidential data is being leaked to third parties by online mental health websites Continue Reading

Black Hat Europe: Red teams and blue teams must evolve in the 2020s

The red team versus blue team dichotomy is somewhat arbitrary and risks pigeonholing skilled security professionals into certain roles, says Facebook’s Amanda Rousseau Continue Reading

Security Think Tank: Optimise data-centric strategies with AI

The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading

Cyber security: How to avoid a disastrous PICNIC

Fieldfisher’s David Lorimer examines how individual employees often facilitate cyber attacks, and what can be done to reduce the risk Continue Reading

Survey finds most firms don’t respond to GDPR requests in time

Most organisations do not respond to requests for GDPR data in the one month allowed, while many return incorrect data. The education sector does best, but the public sector lags behind Continue Reading