Regulatory compliance and standard requirements

Complacency biggest cyber risk to UK plc, says ICO

Information commissioner John Edwards warns against complacency as his office issues a multimillion-pound fine to a building company that failed to prevent a ransomware attack Continue Reading

What do the US’s new software security rules mean for UK organisations?

The White House announced recently that all software supplied to the US government and its agencies needs to be secure, so what does this mean for the UK and EU security sectors? Continue Reading

NatWest data breach whistleblower demands bank pay data controller fee to ICO

Whistleblower calls for NatWest to pay the Information Commissioner’s Office annual data controller fee, as the personal details of 1,600 current and former NatWest customers remain under her bed Continue Reading

Singapore extends cyber security labelling scheme to medical devices

The Cyber Security Agency of Singapore is extending its cyber security labelling scheme to medical devices to encourage medical device manufacturers to adopt a security-by-design approach to product development Continue Reading

Treat cyber crime as a ‘strategic threat’, UK businesses told

The government’s new National Cyber Advisory Board aims to help elevate cyber discussion and spur action in the business community Continue Reading

Annual costs of Hackney ransomware attack exceed £12m

Hackney Council reveals new insight into the ongoing cost of a ransomware attack that devastated its systems two years ago Continue Reading

Protecting children by scanning encrypted messages is ‘magical thinking’, says Cambridge professor

Ross Anderson argues in a rebuttal to GCHQ experts that using artificial intelligence to scan encrypted messaging services is the wrong approach to protecting children and preventing terrorism Continue Reading

Dutch influence standards for post-quantum cryptography

Cryptology group at Dutch research institute is involved in the two primary algorithms of the next NIST portfolio comprising four new standards Continue Reading

French Supreme Court rejects EncroChat verdict after lawyers question secrecy over hacking operation

France’s Supreme Court has sent a case back to the court of appeal after police failed to disclose technical details of EncroChat hacking operation Continue Reading

ICO selectively discloses reprimands for data protection breaches

Data protection experts question ICO’s selective approach to publishing formal reprimands for contravening the law, after FoI request reveals the Cabinet Office was among the organisations reprimanded Continue Reading

Ukraine and EU explore deeper cyber collaboration

A Ukrainian delegation has met with officials from the EU’s ENISA cyber agency to explore deeper cooperation on cyber security issues Continue Reading

Australia to amend telecoms regulations following Optus breach

Amendments to Australia’s telecoms regulations are in the works to temporarily allow sharing of individuals’ identifier information between telcos and financial institutions Continue Reading

EU rolling out measures for online safety and AI liability

The European Council has approved the passage of the Digital Services Act to protect people’s rights online, while the European Commission has announced proposals to help those negatively affected by artificial intelligence to claim compensation Continue Reading

Proposals for scanning encrypted messages should be cut from Online Safety Bill, say researchers

Automatic scanning of messaging services for illegal content could lead to one billion false alarms each day in Europe Continue Reading

Italian Supreme Court calls for prosecutors to disclose information on Sky ECC hacking operation

Italy’s Supreme Court says Italian prosecutors and police should disclose information on how they obtained intercepted messages from the Sky ECC cryptophone network Continue Reading

Inside Dell Technologies’ zero-trust approach

Dell Technologies’ zero-trust reference model starts with defining business controls and having a central control plane that manages all the security aspects of an organisation’s infrastructure Continue Reading

Tories to replace GDPR

IT industry reacts to the government’s plan to replace the pan-European data protection regulation Continue Reading

France extradites Spanish EncroChat cryptophone distributors for complicity with organised crime

Three phone sellers have been extradited from Spain to France to face charges that they were complicit in the activities of criminal EncroChat phone users   Continue Reading

Security regulation cuts online payment fraud at 73% of retailers

New online payments security standard, Strong Customer Authentication (SCA), sees immediate fall in fraudulent payments to retailers Continue Reading

CIO interview: James Fleming, Francis Crick Institute

Francis Crick Institute CIO discusses how Europe’s largest biomedical research institute has co-developed a framework for data sharing Continue Reading

Failure of Russia’s cyber attacks on Ukraine is most important lesson for NCSC

Russia has so far failed in its attempts to destabilise Ukraine through cyber attacks due to strength of Ukrainian, security industry and international efforts Continue Reading

Optus breach casts spotlight on cyber resilience

The massive data breach that affected more than 10 million Optus customers has cast the spotlight on API security and other factors that contribute to the cyber resilience of organisations in Australia Continue Reading

Whistleblower Peter Duffy calls for oversight of NHS records to prevent evidence tampering

A whistleblower has called for greater oversight in the handling of ‘safety-critical digital information’ across the NHS, in light of a number of cases that raise questions about data governance and record-keeping within the health service Continue Reading

Data protection in Finland, four years after GDPR came into force

Data privacy has always been a big concern in Finland, so the country naturally has a lot to say about the General Data Protection Regulation four years on Continue Reading

More than 30 startups to join Plexal’s Cyber Runway accelerator

Now in its second year, the Cyber Runway accelerator has been designed to support firms at various stages of growth, as well as help the cyber security sector to improve on its diversity, inclusion and regional representation Continue Reading

It’s time for engineering teams to own DevSecOps

It may seem counterintuitive, but maybe organisations should consider delegating responsibility for DevSecOps to engineering teams, not security teams, argues Elastic’s Mandy Andress Continue Reading

NCA ‘deliberately concealed’ information when it applied for EncroChat warrants, tribunal hears

Investigatory Powers Tribunal hears that the National Crime Agency made ‘serious and fundamental errors’ Continue Reading

Nordic private equity firms pursue cyber security acquisitions

Increasing interest in the security sector from Nordic private equity firms is a reflection of growing threats and increasing enterprise security budgets Continue Reading

Privacy Pledge signatories dream of alternative internet

A group of privacy-focused organisations have come together to establish a set of principles for taking the internet back from big tech and surveillance capitalism Continue Reading

Thousands of customers affected in Revolut data breach

Digital challenger bank has warned its customers to be vigilant after their data was exposed in a cyber attack Continue Reading

New player pioneers ‘active cyber insurance’ for UK market

Arrival of US-based insurer Coalition in London will supposedly offer SMEs more options when it comes to cyber security insurance Continue Reading

Organisations failing to account for digital trust

The vast majority of businesses are well aware of the importance of digital trust, yet very few have a dedicated staff role responsible for it, report finds Continue Reading

Ex-CISA head Krebs: Disrupt ransomware support networks to win the war

Speaking at an event hosted by data protection specialist Rubrik, former CISA director Chris Krebs calls for the security community to work collectively to kick out the supports from under ransomware gangs Continue Reading

DDoS attacks on UK financial sector surged during Ukraine war

A quarter of cyber security incidents reported to the Financial Conduct Authority in the first six months of 2022 involved DDoS, with a likely link to events in Ukraine Continue Reading

Blancco works with charity to provide IT for African schools

Blancco is providing data sanitisation and erasure software to The Turing Trust so that old IT equipment can be securely reused by school children in Sub-Saharan Africa, instead of adding to world’s growing e-waste problem Continue Reading

CISOs should spend on critical apps, cloud, zero-trust, in 2023

Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts Continue Reading

Security Think Tank: Adding trust to AppSec and DevSecOps

When building in trust and assurance into app development through standards, it is critically important not to stifle innovation Continue Reading

NCSC CyberUK event heads to Belfast in 2023

National Cyber Security Centre’s annual CyberUK roadshow is crossing the Irish Sea to Belfast in April 2023 Continue Reading

Dutch cyber security organisations to join forces

Cyber security organisations in the Netherlands are going to merge into a single central expertise centre and information hub, which all organisations in the country will soon be able to tap into Continue Reading

Security Think Tank: Creating a DevSecOps-friendly cyber strategy

When slowing down is not an option, you need to find a security strategy that is DevSecOps friendly, says Airbus Protect’s Olivier Allaire Continue Reading

India’s wake-up call on health data privacy

Health app developers and industry watchers in India are keeping an eye on data privacy following the reversal of the Roe vs Wade ruling in the US Continue Reading

Prince’s Trust teams with threat management specialist in skills push

Prince’s Trust hopes to address shortfall in cyber professionals and improve diversity in the industry Continue Reading

Cyber threats to Europe’s grid: Utilities rethink strategy

The separation of operational and information technology at utilities across Europe is opening doors for cyber criminals Continue Reading

Digital identity is key to coping with surge in air travel

The International Air Transport Association’s One ID digital identity initiative will pave the way for seamless air travel from curb to gate and help airports cope with growing passenger traffic Continue Reading

Campaigners call on Truss to change UK’s archaic hacking laws

The CyberUp coalition, a campaign to reform the Computer Misuse Act, has called on Liz Truss to push ahead with needed changes to protect cyber pros from potential prosecution Continue Reading

Saudi Arabian organisations choose to outsource to improve cyber security posture

Overwhelmed by rising threats and a growing number of government mandates, many organisations in Saudi Arabia are looking for outside help to take care of cyber security Continue Reading

Out with the old at Asda

In this week’s Computer Weekly, we talk to Asda’s CIO, Carl Dawson, about the supermarket’s cloud-oriented renovation of its technology stack. We narrate the security woes at Twitter. And we examine best practices for data backup. Read the issue now. Continue Reading

Security Think Tank: Good procurement practices pave the way to app security

Application security is as much a question of good procurement practice as it is good development practice, says Petra Wenham of the BCS Continue Reading

Local authorities experience 10,000 attempted cyber attacks every day

Local authorities across the UK face a daily deluge of cyber incidents, with phishing and DDoS attacks the most prevalent, according to an insurance broker Continue Reading

Swedish Electronics Protection Act coincides with major cyber spend

Swedish cyber security law comes at a time of heavy government investment Continue Reading

New (ISC)² cyber careers schemes go live

(ISC)² has opened up two new global cyber careers schemes to applicants to try to help organisations fill 2.7 million vacant roles worldwide Continue Reading

Security Think Tank: Effective DevSecOps requires collaboration

Application security and effective DevSecOps can only be achieved through collaboration with the business – the ultimate goal is to make it safer to do business, which requires considering integrated risk management and identity and access management alongside cyber security and application security Continue Reading

Google debuts open source bug bounty programme

Google is calling on hackers to take pot-shots at its open source projects for the first time through a new vulnerability research programme Continue Reading

Four years into GDPR, Norway hopes for safer data transfer to US

Much of the data on the internet ends up on US servers at some point, and that is not always compatible with the General Data Protection Regulation, says Norwegian data protection authority Continue Reading

UK government presses on with new cyber rules for telcos

Government has finalised new security rules for telecoms companies and will move to make them binding in the near future Continue Reading

CIOs: Geopolitics impacts your IT strategy

Research from analyst Gartner illustrates how geopolitics is influencing IT strategies Continue Reading

James Hatch, BAE Systems: Computer Weekly Downtime Upload podcast

We speak to the chief digital officer at BAE Systems’ Digital Intelligence business about the challenges of “digital” in high-trust organisations Continue Reading

Security pros fret about stress and promotion over cyber attacks

CIISec’s annual report on the state of the security profession reveals some home truths for security leaders Continue Reading

Alleged Twitter security failings spell trouble ahead

Twitter’s former security head, Peiter Zatko, has alleged a number of serious cyber failures at the social media platform, raising the spectre of investigations and sanctions Continue Reading

NCSC shares cyber guidance for large infrastructure builds

Balfour Beatty and McAlpine are among the large construction firms to have input into latest NCSC guidance for ensuring the security of major infrastructure projects Continue Reading

Lloyd’s to end insurance coverage for state cyber attacks

Lloyd’s of London has instructed its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels of risk Continue Reading

It takes a breach to force boards to take notice of cyber, says UK government

Too often, it takes a major incident for business leadership to pay attention to cyber issues, according to a government-commissioned study of victims Continue Reading

Why you should start your post-quantum encryption migration now

Some say we have the best part of a decade to prepare for the security risks that quantum computing presents to current encryption tech, but PA Consulting experts believe that timeframe is shrinking dramatically Continue Reading

Why organisations need to harmonise their CIO and CISO roles

Unless properly managed, conflicting responsibilities between the chief information officer and the chief information security officer can cause project delays and budget overruns, says Netskope’s Mike Anderson Continue Reading

Lawyers and journalists sue CIA and Mike Pompeo over Assange surveillance claims

CIA and its former director sued over allegations that they authorised unlawful spying on US citizens when they visited WikiLeaks founder Julian Assange at the Ecuadorian Embassy in London Continue Reading

Report reveals consensus around Computer Misuse Act reform

A study produced by the CyberUp campaign reveals broad alignment among security professionals on questions around the Computer Misuse Act, which it hopes will give confidence to policymakers as they explore its reform Continue Reading

Cyber insurance getting harder to obtain

Organisations looking to shore up their security postures face more and more barriers to obtaining cyber insurance Continue Reading

Reliance on PSN may have exacerbated cyber attack impact

As it seeks a new supplier to reinvigorate the migration away from the Public Services Network, the Cabinet Office says relying on the legacy network may be putting public sector bodies at heightened risk in cyber attacks Continue Reading

The dangers of the UK’s illogical war on encryption

The unintended consequences of the Online Safety Bill will have a dramatic effect on our ability to communicate securely, including in Ukraine, where it is needed most Continue Reading

UK has biggest card fraud problem in Europe

Social Market Foundation calls on the UK to get a grip on its huge problem with bank card fraud in Europe Continue Reading

SBRC to administer NCSC training across Scotland

The Scottish Business Resilience Centre has been awarded a £500,000 contract to extend cyber resilience training across more than 250 at-risk organisations Continue Reading

Financial services regulator opens digital delivery centre in Leeds

The Financial Conduct Authority is increasing the number of tech experts in its workforce through a new digital delivery centre in Leeds Continue Reading

Reimagining ethical digital technology

With ever-increasing digitisation leading to greater dependence on a range of digital technologies, enterprises need to urgently look at how they can incorporate ethical and social considerations into the tech they develop Continue Reading

NCSC startups scheme turns focus to operational technology, SME security

NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses Continue Reading

Consumers left out of pocket as security costs soar

As the average cost of a security incident reaches an all-time high of nearly $4.5m, an IBM Security study reveals how these costs are being passed on to ordinary people Continue Reading

Cyber security training ‘boring’ and largely ignored

Two-thirds of employees don’t bother to pay attention to cyber security training – and the fault does not lie with them Continue Reading

Security Think Tank: Don’t rely on insurance alone

Cyber insurance is a useful addition to the cyber protection toolbox. However, it cannot be regarded as a replacement for the controls that should be in operation, says Turnkey Consulting’s Tom Venables Continue Reading

Secret court asked to quash a decade of MI5 surveillance warrants following ‘systemic breaches’

The culture at MI5 was to ‘prioritise’ missions ‘over everything else’, including compliance with safeguards designed to protect the public, the UK’s most secret court heard yesterday Continue Reading

Home Office ‘unlawfully’ approved MI5 bulk surveillance warrants

MI5 provided ‘false information’ to the Home Office to secure bulk surveillance warrants, the Investigatory Powers Tribunal heard Continue Reading

NCSC seeks community input for Cyber Advisor service

The NCSC is proposing to establish a new Cyber Advisor service to train up experts in security guidance, and is inviting interested parties to come forward Continue Reading

GCHQ experts back scanning of encrypted phone messages to fight child abuse

Ian Levy, technical director of the NCSC, and Crispin Robinson, technical director of GCHQ, back client-side scanning software on mobile phones to detect child abuse Continue Reading

Buy ‘plug-n-play’ malware for the price of a pint of beer

Three-quarters of malwares and almost 90% of exploits retail on the dark web for about £8.40 or less, according to a report Continue Reading

(ISC)² expands entry-level cyber programme after UK success

Flush with success from a UK certification programme, reaching 100k in the UK, (ISC)² now wants to provide free security certification to a million people worldwide Continue Reading

Log4Shell on its way to becoming ‘endemic’

US government report concludes that, like Covid, Log4Shell will be with us for a long time to come Continue Reading

Government pauses Online Safety Bill’s progress

The government has paused the Online Safety Bill’s journey towards becoming law, amid timetable pressure Continue Reading

ICO wants to ‘empower people through information’

Information Commissioner’s Office sets out commitment to safeguard the information rights of the most vulnerable people in UK society Continue Reading

ICO calls for review into government use of private email and WhatsApp messages

Information Commissioner’s Office reprimands Department of Health and Social Care after ministers and officials conducted government business on their own email accounts and messaging apps Continue Reading

Brits say social media must do more to block harmful content

UK citizens want social media companies to do more to prevent harmful content appearing on their platforms Continue Reading

Ransomware and backup: Overcoming the challenges

Ransomware attacks that exfiltrate data don’t nullify the value of backups to restore from, but the challenges – such as not restoring corrupted data – require careful planning Continue Reading

Singapore doubles down on OT security

The Cyber Security Agency of Singapore will fund 80 scholarships to groom a talent pool of operational technology security experts, among other efforts to bolster the security of critical infrastructure in the city-state Continue Reading

Cyber insurance: An effective use of your scant security budget?

The ISF’s Paul Watts asks if cyber insurance is a must-have item, an expensive luxury, or the emperor’s new clothes Continue Reading

Cyber insurance: Tips for keeping the right level of cover

Transferring risk to an insurer doesn’t mean you are risk-free – so what is not included in your cyber insurance cover? Continue Reading

Sweden and GDPR – four years on

Swedish data protection coordinator talks to Computer Weekly four years into the General Data Protection Regulation Continue Reading

Lots to consider when buying cyber insurance, so do your homework

When considering implementing a cyber insurance policy, due diligence should be your watchword, says Paddy Francis of Airbus CyberSecurity Continue Reading

UK government does not yet understand threat of technology to foreign policy

Select committee chair warns government that the threat posed to global security by malign actors influencing tech standards is no ‘dystopian fantasy’ Continue Reading

MI5, FBI chiefs warn of Chinese cyber espionage threat

In a joint appearance in London, MI5 director general Ken McCallum and FBI director Chris Wray warn of the growing threat posed by the Chinese government to UK and US interests Continue Reading

UK signs ‘in principle’ data adequacy agreement with South Korea

Bilateral adequacy agreement will allow businesses to conduct cross-border data transfers with minimal restrictions Continue Reading

Security Think Tank: Cyber insurance – A nice safety blanket, but don’t count on it

In the second instalment of this month’s Security Think Tank, Mike Gillespie argues that cyber insurance should be thought of like car insurance – you don’t start driving recklessly because you’re covered Continue Reading

Tech companies face pressure over end-to-end encryption in Online Safety Bill

An amendment to the Online Safety Bill, currently going through Parliament, will put pressure on tech companies over end-to-end encrypted messaging services Continue Reading

Plexal seeks new scaleups for next phase of Cyber Runway

Established security startups looking to grow and scale their operations are being invited to join the next phase of Plexal’s Cyber Runway programme Continue Reading