Regulatory compliance and standard requirements

Black Hat Europe: Mental health websites are leaking user data

At Black Hat Europe in London, researchers reveal the extent to which confidential data is being leaked to third parties by online mental health websites Continue Reading

Black Hat Europe: Red teams and blue teams must evolve in the 2020s

The red team versus blue team dichotomy is somewhat arbitrary and risks pigeonholing skilled security professionals into certain roles, says Facebook’s Amanda Rousseau Continue Reading

Security Think Tank: Optimise data-centric strategies with AI

The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading

Cyber security: How to avoid a disastrous PICNIC

Fieldfisher’s David Lorimer examines how individual employees often facilitate cyber attacks, and what can be done to reduce the risk Continue Reading

Survey finds most firms don’t respond to GDPR requests in time

Most organisations do not respond to requests for GDPR data in the one month allowed, while many return incorrect data. The education sector does best, but the public sector lags behind Continue Reading

Chinese web users take more risks than Brits or Americans

A research paper published by the University of Birmingham seems to show that differences in cultural values have an impact both on risky behaviour online and legal regulation Continue Reading

Hack Friday: This Christmas, fight back against cyber criminals

It’s nearly Christmas, and cyber attacks and fraud attempts in the retail sector are ramping up. Is it time to panic? And is there anything we can do beyond hammering home the message around basic cyber security hygiene? Continue Reading

Get ready for CCPA: Implications for UK businesses

The California Consumer Privacy Act, a wide-ranging data privacy and consumer protection law, comes into effect on 1 January 2020. How does CCPA differ from the EU GDPR regulations and what are the responsibilities for UK businesses operating in the US? Continue Reading

Top APAC security predictions for 2020

More attacks on critical infrastructure, supply chain vulnerabilities and file-less attacks are some of the security threats that enterprises should keep an eye on next year Continue Reading

Enterprises muddled over cloud security responsibilities

A McAfee study suggests that 2020 will be a big year for cloud adoption, but confusion still persists over who is responsible for securing it Continue Reading

Facebook undermined rivals in bid to dominate global messaging

Facebook used buyouts and bullying tactics towards competitors to grow its business empire, documents leaked to Computer Weekly reveal Continue Reading

Uber app exploit posed safety risk to passengers

A flaw in Uber’s system meant thousands of trips in London were taken with unauthorised drivers at the wheel Continue Reading

IT chiefs recognise the risks of artificial intelligence bias

Artificial intelligence promises to change the way businesses operate. IT leaders are now taking bias in AI algorithms seriously Continue Reading

Druva eyes data protection for IoT workloads

Cloud data protection software supplier Druva is looking at a comprehensive platform that will protect data generated by IoT workloads Continue Reading

British Airways cancels flights due to technical issue

British Airways customers are suffering delays and cancellations as a result as a technical issue Continue Reading

Security Think Tank: Stopping data leaks in the cloud

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

How Nicigas is disrupting Japan’s gas market with IoT

Japanese energy retailer Nicigas is deploying 850,000 IoT devices to convert traditional gas meters into smart meters to unlock consumption data amid efforts to shake up the utilities industry Continue Reading

Public sector risks downplayed by senior IT leaders

Sophos reveals a significant cyber security perception gap between senior IT and security leaders in the public sector and their front-line teams Continue Reading

ICO says UK police must ‘slow down’ use of facial recognition

The Information Commissioner’s Office is calling for a statutory code of practice to govern how police in the UK deploy live facial recognition technology while controversy surrounding its use continues. Continue Reading

Cyber criminals tool up for Christmas fraud season

Organised criminals are trying to cash in on the festive retail boom with both brand new and tried-and-tested techniques Continue Reading

What the EU’s decision on Facebook means for social media

Recent ruling by the Court of Justice of the European Union will have global implications for social media companies and any organisations that host online content Continue Reading

Business must engage with consumers to boost AI

Artificial intelligence is set to become a core part of business, but to get the most from it, enterprises need to engage with consumers to focus personalisation Continue Reading

Taking responsibility for security in the cloud

From accidental leaks to full-on data breaches, maintaining security across cloud services is becoming a headache for enterprises. What questions should organisations be asking of their cloud service provider and, ultimately, whose responsibility is cloud security anyway? Continue Reading

Cyber risk insurance is more than just insurance

Insurance companies such as Chubb are offering incident response services and security tools to help companies improve their cyber security posture and better cope with cyber attacks Continue Reading

Nordic SMEs lack the money needed for cyber security

Businesses and governments in Denmark and Norway are working together to address a cyber security shortfall for SMEs in each country Continue Reading

PCI DSS payment security compliance drops again

Worldwide, barely one-third of companies are maintaining full compliance with the PCI DSS security standard – and the numbers are falling Continue Reading

Security Think Tank: Base cloud security posture on your data footprint

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

Security Think Tank: Cloud security is a shared responsibility

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

Security in the supply chain – a post-GDPR approach

A year and a half after the introduction of the EU’s General Data Protection Regulation, Fieldfisher's James Walsh reviews the fundamentals of supply chain security Continue Reading

Navigate PII data protection and GDPR to meet privacy mandates

Know the commonalities surrounding personally identifiable information to better navigate and comply with the regulations and penalties IT managers must contend with today. Continue Reading

Lawmakers study leaked Facebook documents made public today

Computer Weekly publishes cache of leaked documents disclosed to Congress Continue Reading

What changes are needed to create a cyber-savvy culture?

PA Consulting's Cate Pye considers the people and process changes that are necessary to build a security aware business culture Continue Reading

Huawei: 5G growth will be maintained with or without US tech supply

Huawei dismisses US tech sabre-rattling and claims it will continue robust business growth in 5G with or without US suppliers Continue Reading

Security Think Tank: Adapt security posture to your cloud model

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

Security Think Tank: The cloud needs security by design

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

The benefits of API-first software development

In this week’s Computer Weekly, we find out how organisations are using an API-based approach to software development to boost digital initiatives. We examine the potential pitfalls in using cloud storage. And we talk to the Department for Work and Pensions about its four-year project to move from outsourced IT to the cloud. Read the issue now. Continue Reading

Gartner: The time is right to make IT a boardroom issue

In many businesses, IT is regarded as an internal service provider and cost centre. Gartner says now is the best time for CIOs to make IT strategic Continue Reading

Security Think Tank: Secure the cloud when negotiating contracts

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

Making the case for integrated risk management

Security experts discuss how an integrated approach to risk and governance can be effectively managed Continue Reading

General Election sees UK government defer ‘high-risk’ 5G tech supplier review

Decision on allowing so-called high-risk suppliers access to the UK’s market for 5G infrastructure delayed due to 12 December poll Continue Reading

ICO says UK police must ‘slow down’ use of facial recognition

The Information Commissioner’s Office is calling for a statutory code of practice to govern how police in the UK deploy live facial recognition technology while controversy surrounding its use continues Continue Reading

Security Think Tank: In the cloud, the buck stops with you

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

Banks let customers down with mixed approaches to security

Treasury Committee report recommends new measures to tackle financial fraud Continue Reading

Facebook agrees to pay £500,000 fine over Cambridge Analytica data law breaches

Social media giant also promises to change the way its platform is used to protect people’s data Continue Reading

Alibaba Cloud earns security credentials in automotive and healthcare sectors

Alibaba Cloud’s compliance with Tisax and GxP follows earlier efforts by major public cloud suppliers to win over enterprises with strict data protection and security rules Continue Reading

What will succeed the National Cyber Security Strategy?

As the National Cyber Security Strategy nears the end of its working life, the government is considering what comes next, and is asking probing questions of its successes and failures Continue Reading

IR35 reforms – the difficult decisions facing IT contractors

In this week’s Computer Weekly, we examine the difficult choices facing UK IT contractors from the controversial IR35 tax reforms. Social engineering is a major source of cyber security attacks – we look at mitigation strategies. And the IT chief at Mercedes F1 explains what it takes to support a world championship team. Read the issue now. Continue Reading

Security Think Tank: Embedding security in governance

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

Take responsibility for cyber security basics, urges NCSC CEO

At the launch of its third annual review, NCSC head Ciaran Martin appealed for individuals and businesses to address the fundamentals of cyber security hygiene to help lighten the load Continue Reading

Brexit: Withdrawal agreement lists EU IT data link beyond transition

Document lists system-to-system IT and network connectivity that will be required after the UK leaves the European Union Continue Reading

Security threat landscape becomes more organised and business-like

Approaches to securing the enterprise need to change in the face of a rapidly maturing threat landscape Continue Reading

Security Think Tank: Focus on metrics to manage risk

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading

Emerging markets’ mobile financial services transactions set to surpass $1tn in by 2024

Mobile financial services transaction value will grow by 70% from 2019 to 2014 to total more than $1tn, driven by markets such as Latin America and Cico transactions Continue Reading

Security Think Tank: Embed security professionals in your risk strategy

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

Security Think Tank: Risk management must go beyond spreadsheets

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading

Securing the internet of things

In this week’s Computer Weekly, as security concerns prevent many organisations from adopting the internet of things, we examine mitigation strategies. Many firms are still struggling with GDPR policies – we assess if full compliance is ever possible. And we look at the technologies for delivering on-premise object storage. Read the issue now. Continue Reading

PCI DSS: Credit card data and what to expect from version 4.0

We preview October’s PCI Europe Community Meeting where attendees will discuss credit card payment data, with topics covered likely to include the cloud and point-to-point encryption Continue Reading

GDPR compliance: Whose job is it and is it really possible?

Nobody seems to have a good handle on business GDPR compliance, how many businesses are compliant, or indeed what compliance really is, but according to security experts, it very much depends on who you talk to. Continue Reading

Security Think Tank: Consider risk holistically, not just from an IT angle

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading

Zuckerberg’s mentor condemns Facebook’s business practices

Long-time Silicon Valley investor speaks out against surveillance capitalism and the lack of rules and regulations governing big tech’s behaviour Continue Reading

Data management strategies are evolving – so must enterprises

A growing number of data-driven initiatives, alongside heightened demand for security in governance, data management and compliance, has led to the rise of a more holistic approach – integrated risk management Continue Reading

Small business guide: How to keep your organisation secure from fraudsters and hackers

Doing a few things well can keep your organisation protected from common cyber attacks and fraudsters Continue Reading

Security Think Tank: The operational approach to integrated risk management

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

Security Think Tank: Risk is unavoidable in digital transformation

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

UK and US call on Facebook to walk back encryption plans

The US, Australian and UK governments have asked Facebook to ditch plans to deploy end-to-end encryption across Facebook Messenger, Instagram and WhatsApp Continue Reading

IT contractor charged over cyber attack on property valuation firm

Australian police charge 49-year-old man with stealing and posting more than 170,000 data records belonging to ASX-listed Landmark White on the dark web Continue Reading

Singapore outlines initiatives to tackle OT and IoT security

The Cyber Security Agency of Singapore has developed a blueprint to secure operational technology systems in critical sectors, among other measures to secure cyber-physical systems and the internet of things Continue Reading

ABN Amro investigation lends weight to anti-money laundering collaboration by Dutch banks

Dutch authorities are investigating ABN Amro for possible failures to monitor and report potential money laundering activity Continue Reading

GDPR compliance: Whose job is it and is it really possible?

Nobody seems to have a good handle on business GDPR compliance, how many businesses are compliant, or indeed what compliance really is, but according to security experts, it very much depends on who you talk to Continue Reading

Singapore payment card data compromised by JavaScript sniffers

Raw data of thousands of payment cards issued by Singapore banks stolen by the online equivalent of a traditional card sniffer Continue Reading

European court to decide on legality of bulk phone and internet surveillance

The European Court of Justice will decide whether intelligence agencies across Europe can continue to lawfully collect the telephone and internet communications data of citizens, following a two-day hearing this week Continue Reading

Dutch banks to work together in fight against money laundering

Dutch banks are sharing expertise and resources to help reduce money laundering through their accounts Continue Reading

Government seeks views on post-Brexit security alignment

The government has called for views on its proposals to align the UK’s post-Brexit cyber security policy to that of the European Union Continue Reading

Nordic countries deepen collaboration with Estonia-based cyber security operation

Nordic countries are now working closer with Nato’s Estonia-based centre of excellence in cyber security Continue Reading

GDPR non-compliance worse than feared

Over half of UK businesses do not yet appear to be fully GDPR-compliant, and many have de-prioritised their compliance efforts Continue Reading

UK calls for cyber capacity-building at UN security group

The UK’s representative to a United Nations cyber security working group has called for increased investment in capacity around cyber security Continue Reading

Terror watchlist faces reform after court rules it violates rights of people entering US

A secret US terrorist database containing information on more than 1.2 million people – who face repeated interrogations, detentions and electronic searches – violates constitutional rights, a US judge said last week Continue Reading

Data-driven marketing, the real risk boards are missing

Boards need to act to break the cycle of privacy compliance failures, and shift focus to aligning business purpose with privacy and dealing with the real risk of data driven marketing, warns PwC’s GDPR and data protection lead Continue Reading

Australia government to chart 2020 cyber security strategy

Australia’s home affairs ministry has released a discussion paper to seek views from all segments of society on the country’s next cyber security blueprint Continue Reading

Security pros doubt officials can enact effective security laws

Elected officials cannot be trusted to enact effective cyber security legislation and social media firms should be subject to strict privacy regulation, according to most information security professionals in a survey Continue Reading

Tide Foundation aims to boost password security

While passwordless security remains just out of reach, a non-profit organisation has developed a mechanism that it says makes passwords exponentially more difficult to crack Continue Reading

Latest Facebook security lapse exposes millions to account hijack

18 million UK users are among the more than 400 million at risk of account hijacking after phone numbers linked to their Facebook accounts were found in an open online database Continue Reading

CISOs think cloud safer, but security fears remain

The majority of information security leaders think cloud is now safer than on-premise, but security fears remain, with recently breached and highly regulated organisations most concerned, poll reveals Continue Reading

Finland’s security agencies collaborate after cyber attacks

National Bureau of Investigations and National Cyber Security Centre aim to increase expertise and capability to defend Finland’s critical IT infrastructure Continue Reading

Kaspersky eyes enterprise business, opens APAC transparency hub

The security firm wants to engage with enterprises and use its newly launched Malaysian Transparency Centre to burnish its credentials Continue Reading

A helping hand from the Nordics in the eye of the GDPR storm

Nordic IT companies are well suited to supporting enterprises in their data protection projects, even though openness is more natural to them Continue Reading

Tech firms join forces to boost cloud security

Top tech firms are to collaborate on open source technologies, tools, frameworks and standards that accelerate the adoption of confidential computing to boost security in cloud and edge computing Continue Reading

ICO to probe facial recognition at King’s Cross

UK privacy watchdog is to investigate whether the use of live facial recognition technology at King’s Cross complies with data protection laws Continue Reading

How C3M is easing multi-cloud management

Managing and securing access to multiple public cloud services can be a challenge for enterprises that are embarking on a multi-cloud strategy. Besides making sure that only authorised members of ... Continue Reading

Australia needs to get digital identity right

A top Ping Identity executive urges Australia to put more focus on digital identity management following the government’s efforts to lay the groundwork for an open banking regime Continue Reading

2019 set to be another record year for data breaches

The number of data breach incidents continues to rise and looks set to reach another record this year, with the business sector first in the firing line, according to a mid-year breach report Continue Reading

Melbourne researchers uncover privacy lapses in transport dataset

A team of University of Melbourne researchers has been able to re-identify individuals from a public transport dataset, raising serious privacy, safety and security issues Continue Reading

DCMS funding aims to increase diversity in cyber sector

A funding round has been announced as part of the Cyber Skills Immediate Impact Fund (CSIIF) with aims of encouraging more diverse talent into the UK’s cyber security sector Continue Reading

GDPR faces growing pains across Europe

The General Data Protection Regulation is over a year old now, but it faces challenges across Europe where compliance has taken place at different speeds Continue Reading

Digital domain identified as major security threat by Norway’s intelligence service

Norway's intelligence services has revealed the extent of the threat posed to the country by cyber attacks Continue Reading

UK finance regulator gives extra time for companies to meet payment security rules

Financial Conduct Authority gives companies under its watch an extra 18 months to meet an EU payments security standard Continue Reading

British Airways e-ticketing system could expose passenger details

British Airways has not addressed a potential leak of passenger details despite warnings from security researchers, but says it is aware of the issue and is taking action Continue Reading

Breach cost $53m in Q2, says Desjardins

Credit union cooperative Desjardins reveals that a data breach in June cost the company $53m in the second quarter, but that could be just the start, warn industry commentators Continue Reading

UK businesses still overlooking human element in security

Most UK businesses are still failing to address the human element in cyber security as part of an integrated approach, exposing themselves unnecessarily to cyber criminal attacks, a study shows Continue Reading

South Wales Police starts facial recognition trial despite opposition

The use of the facial recognition app by South Wales Police marks the latest deployment of controversial facial recognition technology by police forces in the UK Continue Reading