Regulatory compliance and standard requirements

Microsoft shares progress on Secure Future Initiative

Microsoft has published a progress report on its Secure Future Initiative, launched last year in the wake of multiple security incidents, and made a series of commitments to improve its internal cyber culture Continue Reading

By

• Alex Scroxton, Security Editor

Gartner: Mitigating security threats in AI agents

Agents represent a step-change in the use of artificial intelligence in the enterprise - as attendees at Salesforce's annual conference saw first hand this month - but do not come without their risks Continue Reading

By

• Avivah Litan, Gartner

CrowdStrike incident shows we need to rethink cyber

The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading

By

• Mike Gillespie

Global AI regulation is heating up: can the UK afford to remain silent?

Why UK lawmakers should be pro-active about introducing AI regulation Continue Reading

By

• Peter van der Putten, Director, AI Lab, Pegasystems  

Salesforce’s agentic AI platform to transform business automation

CRM giant’s Agentforce lets organisations build and deploy autonomous agents to automate business processes through advanced learning and data integration Continue Reading

By

• Aaron Tan, Informa TechTarget

Crest secures FCDO funding to help overseas countries increase their cyber-readiness

Non-profit Crest is launching an initiative to help overseas, private-sector firms get better prepared for cyber threats Continue Reading

By

• Caroline Donnelly, Senior Editor, UK

Cyber workforce must almost double to meet global talent need

Research from ISC2 finds global cyber workforce needs additional 4.8 million people to fully secure businesses Continue Reading

By

• Clare McDonald, Business Editor

Kubernetes disaster recovery: Five key questions

We look at disaster recovery for Kubernetes environments, the key challenges to deployment of K8s DR, the risks we aim to mitigate, how to build a plan and the key infrastructure requirements Continue Reading

By

• Stephen Pritchard

Teenager arrested in TfL cyber attack investigation

New security measures following the cyber attack, which took down some of TfL’s services, have led to delays in contactless roll-out Continue Reading

By

• Cliff Saran, Managing Editor

Lord introduces bill to regulate public sector AI and automation

A private members’ bill seeking to regulate the use of artificial intelligence (AI) and other automated technologies throughout the public sector has been brought to Parliament Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Developing nations need the UN cyber crime treaty to pass

The UN cyber crime treaty is flawed but represents a move in the right direction for developing nations seeking greater digital sovereignty Continue Reading

By

• Kyle Hiebert, Computer Weekly

What is an ESG score?

An ESG score is a way to assign a quantitative metric, such as a numerical score or letter rating, to the environmental, social and governance (ESG) efforts or an organization. Continue Reading

By

• Cameron Hashemi-Pour, Former Site Editor
• Sean Michael Kerner

Fraud and scam complaints hit highest ever level in UK

The Financial Ombudsman Service says it recorded almost 9,000 complaints about fraud and scams from April to June, the most ever recorded Continue Reading

By

• Alex Scroxton, Security Editor

Cyber firms need to centre their own resilience

The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading

By

• Niel Harper

UK and Ukraine digital trade deal comes into force

The UK eases access to the deep tech startup community in Ukraine through digital-only agreement Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Telegram CEO Pavel Durov under formal investigation, released on bail

European Commission confirms it has powers to place Telegram under ‘direct supervision’ if it meets the threshold for regulation under the Digital Services Act Continue Reading

By

• Bill Goodwin, Investigations Editor

Cyber law reform should be top of Labour's policy list

With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading

By

• Craig Watt

A coherent Labour cyber strategy depends on consistency

With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading

By

• Aled Lloyd Owen

Global cyber spend to rise 15% in 2025, pushed along by AI

Security spending will increase at pace in 2025, with artificial intelligence, cloud and consultancy services all pushing outlay to new highs, according to Gartner Continue Reading

By

• Alex Scroxton, Security Editor

Cambridge Enterprise saves big with Keepit SaaS backup

University innovation body avoids hardware spend and saves management time as it switches from tape to cloud-to-cloud backup, instant recovery and decades-long retention from Keepit Continue Reading

By

• Antony Adshead, Computer Weekly

Telegram founder Pavel Durov questioned over cyber crime charges

Billionaire founder of Telegram accused of failing to co-operate with law enforcement requests for lawful interception Continue Reading

By

• Bill Goodwin, Investigations Editor

Extending zero-trust principles to endpoints

By combining zero-trust principles with other security strategies and continuously monitoring and improving their security posture, organisations can effectively mitigate risks and protect their resources, says Gartner's Nikul Patel Continue Reading

By

• Nikul Patel

The US courts may have thrown a wrench into cyber regulation

A recent decision by the US Supreme Court to overrule the longstanding Chevron Deference has serious implications for global cyber security regulation Continue Reading

By

• Brian Arnold

Public education on security must be a top priority for Labour

With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading

By

• Petra Wenham

Pakistani national arrested over Southport ‘cyber terrorism’

Authorities in Pakistan have arrested a man on suspicion of cyber terrorism over his role in the spread of online misinformation in the wake of the Southport knife attack Continue Reading

By

• Alex Scroxton, Security Editor

From manifesto to material: What No. 10 needs to make reality

With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading

By

• Paul Lewis, Nominet

ICO launches privacy notice tool for SMEs

ICO tool designed to make it easier for small businesses and sole traders operating online to create bespoke data privacy notices for compliance purposes Continue Reading

By

• Alex Scroxton, Security Editor

Helsinki braced for elevated cyber attacks

The City of Helsinki is increasing its collaboration with cyber security and crime investigators following a major attack on its systems Continue Reading

By

• Gerard O'Dwyer

What is ICD-9-CM (International Classification of Diseases, Ninth Revision, Clinical Modification)?

The International Classification of Diseases, Ninth Revision, Clinical Modification, also known simply as ICD-9-CM, is the U.S. healthcare system's adaptation of the World Health Organization's (WHO) ICD-9 standard list of six-character alphanumeric codes to describe medical diagnoses and procedures and to track diseases and mortality. Continue Reading

By

• Rahul Awati
• Don Fluckinger, Senior News Writer

Challenges of deploying PQC globally

Quantum computers will eventually be powerful and reliable enough to crack strong encryption. PQC is the answer, but it could take years to deploy Continue Reading

By

• Cliff Saran, Managing Editor

How might the UK's cyber landscape change under Labour?

With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading

By

• Dhairya Mehta and Cate Pye

Google's cookie conundrum: What comes next?

Google's revised approach to third-party cookies shouldn't come as a surprise, and may also be welcome Continue Reading

By

• Christian Ward

Dawn Project calls out Big Tech for selling AI snake oil

A campaigning group focused on safety critical technology has called out the major tech firms for putting people’s lives at risk with flawed AI Continue Reading

By

• Cliff Saran, Managing Editor

NIST debuts three quantum-safe encryption algorithms

NIST has launched the first three quantum-resistant encryption algorithms, and as the threat of quantum-enabled cyber attacks grows greater, organisations are encouraged to adopt them as soon as they can Continue Reading

By

• Alex Scroxton, Security Editor

Labour's first cyber priority must be the NHS

With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading

By

• Adam Button

How UK firms can get ready for the implementation of NIS2

Many British companies will need to adhere to NIS2’s cyber security risk management and reporting requirements if they want to continue operating in the EU market and avoid huge fines Continue Reading

By

• Nicholas Fearn

US lawmakers seek to brand ransomware gangs as terrorists

Proposals from legislators in Washington DC could shake up the global ransomware ecosystem and give law enforcement sweeping new powers Continue Reading

By

• Alex Scroxton, Security Editor

Ofcom issues online safety warning to firms in wake of UK riots

Ofcom has issued a warning reminding social media firms of their upcoming online safety obligations, after misinformation about the Southport stabbings sparked racist riots throughout the UK Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Microsoft and CrowdStrike hit back at Delta’s legal threats

Microsoft and CrowdStrike have rejected claims by Delta Air Lines that it was left high and dry amid thousands of flight cancellations during July’s software outage, accusing the airline of ignoring their offers of help and running out-of-date IT systems Continue Reading

By

• Alex Scroxton, Security Editor

Cyber security adoption is vital to Scotland’s space race

Scotland has a golden opportunity to capitalise on space technology to make itself a global leader, but to maximise its potential in the new space race, more attention must be paid to cyber security risk Continue Reading

By

• David Ferguson

Advanced faces fine over LockBit attack that crippled NHS 111

Advanced Software faces a multimillion pound fine for a series of failings which directly led to a 2022 LockBit ransomware attack that disrupted NHS and social care services across the UK Continue Reading

By

• Alex Scroxton, Security Editor

Cyber lessons, and priorities for the UK's new government

With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading

By

• Ameet Jugnauth and Mark Pearce

Labour should focus on talent to improve UK's cyber posture

With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading

By

• Elliott Wilkes

CrowdStrike shareholders sue, alleging false security claims

A US pension fund is lining up a lawsuit against CrowdStrike, claiming the cyber company lied about the integrity of its systems, leading to failings that caused a worldwide IT outage Continue Reading

By

• Alex Scroxton, Security Editor

Is it time to refresh the UK's cyber strategy?

With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading

By

• Jon Carpenter

Banks, telcos call for more data sharing to fight fraud

A Which?-led coalition of banks and telecoms operators is calling on the UK's new government to take the lead on enabling data sharing to help fight digital fraud Continue Reading

By

• Alex Scroxton, Security Editor

When critical cyber response becomes second nature

When alerts and headlines blare out warnings of critical vulnerabilities in widely-used software, the cyber security community needs to adopt a more decisive and clear-cut approach, says Huntress' Chris Henderson Continue Reading

By

• Chris Henderson, Huntress

Campaigners call for evidence to reform UK cyber laws

The CyberUp Campaign for reform of the 1990 Computer Misuse Act launches an industry survey inviting cyber experts to share their views on how the outdated law hinders legitimate work Continue Reading

By

• Alex Scroxton, Security Editor

Breach costs soar as record ransomware payment made

IBM publishes data on the spiralling costs of cyber attacks and data breaches, while researchers identify what appears to be the largest ransomware payment ever made Continue Reading

By

• Alex Scroxton, Security Editor

Mastering data privacy in the age of AI

AI continues to revolutionise how organisations operate, using vast amounts of personal data to make smart, informed decisions. However, this incredible potential comes with concerns about data privacy. DQM GRC's Mark James explores the issues. Continue Reading

By

• Mark James

Cyber crisis? How good PR can save your brand

Cyber attacks and data breaches can happen to anybody and often bring reputational damage and a loss of customer trust. How organisations publicly respond to such incidents can make or break them, and the importance of a good PR strategy cannot be underestimated Continue Reading

By

• Ed Coram-James

Cloud security challenges not just technological

The Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading

By

• Temi Akinlade

Fortune 500 stands to lose $5bn plus from CrowdStrike incident

The largest global organisations hit by the CrowdStrike-Microsoft incident on 19 July will likely be out of pocket to the tune of billions of dollars Continue Reading

By

• Alex Scroxton, Security Editor

Mimecast to buy insider threat specialist Code42

Mimecast is to buy fellow human-centred risk experts Code42 for an undisclosed sum to take advantage of its insider threat and data loss protection specialisms Continue Reading

By

• Alex Scroxton, Security Editor

WhatsApp and Signal messages at risk of surveillance following EncroChat ruling, court hears

Defence lawyers seek leave to appeal a decision by the Investigatory Powers Tribunal that the National Crime Agency lawfully obtained warrants to intercept messages sent over an encrypted phone network Continue Reading

By

• Bill Goodwin, Investigations Editor

Innovations to power secure-by-design development

Secure Code Warrior unveils technology designed to help CISOs and AppSec teams ensure their projects remain safe and free of coding errors and vulnerabilities – a big issue following the CrowdStrike incident Continue Reading

By

• Alex Scroxton, Security Editor

What is the Cybersecurity Information Sharing Act (CISA)?

The Cybersecurity Information Sharing Act (CISA) allows United States government agencies and non-government entities to share information with each other as they investigate cyberattacks. Continue Reading

By

• Katie Terrell Hanna

Chrome cookies reprieved amid Google Privacy Sandbox changes

Google abruptly changes tack on third-party cookies in its Chrome web browser, cancelling plans to deprecate them in favour of an unspecified ‘new experience’ for users Continue Reading

By

• Alex Scroxton, Security Editor

Enhancing mobile app security with behaviour-based biometrics

Behavioural-based biometrics offer tantalising advantages over more traditional biometric solutions. Learn about some of the benefits and potential challenges for safe and secure implementation Continue Reading

By

• Isla Sibanda

CrowdStrike chaos shows risks of concentrated ‘big IT’

The concentration of so much mission-critical technology in the hands of a few large suppliers makes incidents like the Microsoft-CrowdStrike outage all the more dangerous Continue Reading

By

• Alex Scroxton, Security Editor

Growth in nude image sharing heightens cyber abuse risk

The normalisation of sharing self-created intimate content with others is putting great numbers of people at risk of online abuse, says Kaspersky Continue Reading

By

• Alex Scroxton, Security Editor

UK Cyber Bill teases mandatory ransomware reporting

In the Cyber Security and Resilience Bill introduced in the King's Speech, the UK's new government pledges to give regulators more teeth to ensure compliance with security best practice and to mandate incident reporting Continue Reading

By

• Alex Scroxton, Security Editor

Hackney Council reprimanded over 2020 ransomware attack

The London Borough of Hackney has been reprimanded by the ICO over a series of failures that led to a devastating cyber attack, but at the same time, the regulator praised the local authority for its response and commitment to making improvements Continue Reading

By

• Alex Scroxton, Security Editor

Strategic Defence Review must emphasise cyber security, says industry

Cyber security leaders say the new government's Strategic Defence Review needs to put digital security front and centre Continue Reading

By

• Alex Scroxton, Security Editor

Dutch research firm TNO pictures the SOC of the future

In only a few years, security operations centres will have a different design and layout, and far fewer will remain Continue Reading

By

• Kim Loohius

The security interview: Managing the ‘no’ mindset

Matt Riley, data protection and information security officer at Sharp Europe, discusses balancing cyber risks with business leaders’ goals Continue Reading

By

• Cliff Saran, Managing Editor

How data drives decisions at BAE Systems

In this week’s Computer Weekly, we talk to the chief data officer of one of the UK’s biggest manufacturers, BAE Systems, about data strategy and diversity. Microsoft’s claims over sovereign cloud for government IT are under scrutiny – we examine the issues. And our latest buyer’s guide looks at trends in cloud databases. Read the issue now. Continue Reading

Synnovis attack highlights degraded, outdated state of NHS IT

More cyber attacks against the health service are likely, and will succeed if something isn’t done to address the increasingly elderly NHS IT estate, experts are warning Continue Reading

By

• Alex Scroxton, Security Editor

Cyber Essentials at 10: Success or failure?

The Cyber Essentials scheme passed its 10th anniversary in June 2024. CyberSmart's Adam Pilton reflects on progress and argues that more needs to be done to raise security awareness among Britain's small business community Continue Reading

By

• Adam Pilton

Security Think Tank: Securing today's ubiquitous cloud environment

The Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage Continue Reading

By

• Kashil JagmohanSingh

How Broadcom cemented its European cloud sovereignty credentials

The owner of VMware targets flexible deployment options for European public cloud sovereignty Continue Reading

By

• Bola Rotibi

Security in the public cloud explained: A guide for IT and security admins

In this guide, IT security and industry experts share their top recommendations for protecting public cloud deployments Continue Reading

By

• Cliff Saran, Managing Editor

No cyber barriers: A Computer Weekly Downtime Upload podcast

We speak to Sharp Europe’s data protection and information security officer about how to balance cybersecurity with the needs of the business Continue Reading

By

• Cliff Saran, Managing Editor

Gulf Edge to operate Google Distributed Cloud in Thailand

The Gulf Energy subsidiary will offer Google’s sovereign cloud service in Thailand with a focus on air-gapped configurations Continue Reading

By

• Aaron Tan, Informa TechTarget

NHS experts raise warning over patient data breach risk in registries project

Clinicians warn that the NHS England Outcome Registries Platform has poor security and is vulnerable to cyber attack, putting critical patient data at risk of being exposed Continue Reading

By

• Alex Scroxton, Security Editor

Sellafield whistleblower ordered to pay costs after email tampering claims

A former consultant at Sellafield has been ordered to pay costs for having ‘acted unreasonably’ in claiming the nuclear facility tampered with metadata in letters used against her in court Continue Reading

By

• Tommy Greene

Qilin ransomware gang publishes stolen NHS data online

The ransomware gang behind a major cyber attack on NHS supplier Synnovis has published a 400GB trove of private healthcare data online Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Kaspersky says it can continue to sell cyber threat intelligence in spite of US ban

The US government is stopping Kaspersky Lab from offering its antivirus software and cyber security tools to US firms and citizens Continue Reading

By

• Cliff Saran, Managing Editor

Why AI is talking politics this year

AI is already playing a part in this year’s General Election - for good and bad Continue Reading

By

• Resham Kotecha

Microsoft admits no guarantee of sovereignty for UK policing data

Documents show Microsoft’s lawyers admitted to Scottish policing bodies that the company cannot guarantee sensitive law enforcement data will remain in the UK, despite long-standing public claims to the contrary Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

We need a judge-led inquiry into police spying on journalists and lawyers

When journalists Barry McCaffrey and Trevor Birney were wrongly arrested in 2018, their case led to the discovery of a widespread police surveillance operation targeting journalists and lawyers in Northern Ireland. Barry McCaffrey tells the story Continue Reading

By

• Barry McCaffrey

Cloud security: Finding the right provider to protect your data

This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading

By

• Stephen McDermid

chief trust officer

A chief trust officer (CTrO) in the IT industry is an executive job title given to the person responsible for building confidence around the use of customer information. Continue Reading

By

• Scott Robinson, New Era Technology
• Francesca Sales

Data leakage in the cloud – can data truly be safe in the cloud?

This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading

By

• Scott Swalling

How to ensure public cloud services are used safely and securely

This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading

By

• Beji Jacob

PSNI ran secret unit to monitor journalists’ and lawyers’ phones, claims former senior officer

The Police Service of Northern Ireland denies claims that its anti-corruption unit used a standalone computer to ‘avoid scrutiny and control’ Continue Reading

By

• Bill Goodwin, Investigations Editor

True cloud security requires in-depth understanding

This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading

By

• Elliott Wilkes

More than 160 Snowflake customers hit in targeted data theft spree

Mandiant reports that more than 160 Snowflake customers have been hit in a broad data theft and extortion campaign targeting organisations that have failed to pay proper attention to securing valuable credentials Continue Reading

By

• Alex Scroxton, Security Editor

Northern Irish police used covert powers to monitor over 300 journalists

PSNI publishes report on police surveillance of journalists and lawyers, but Northern Ireland’s Policing Board says it does not give the assurances needed Continue Reading

By

• Bill Goodwin, Investigations Editor

Bitdefender makes MDR services free to NHS bodies hit by Qilin

Bitdefender offers NHS bodies affected by a major cyber incident free access to its product suite, as the health service continues to deal with the impact of the Qilin ransomware attack on partner Synnovis Continue Reading

By

• Alex Scroxton, Security Editor

OAIC files civil penalty action against Medibank

The OAIC alleges that Medibank failed to take reasonable steps to protect the personal information of 9.7 million Australians in the October 2022 data breach Continue Reading

By

• Aaron Tan, Informa TechTarget

Security Think Tank: The cloud just got more complicated

This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading

By

• Rob Dartnall, SecAlliance

Building a more secure, and sustainable, open source ecosystem

In April 2024, the discovery of an intentionally-placed backdoor in the open source XZ Utils data compression caused concern. Sentry's Chad Whitacre says a more thoughtful approach is needed to balance the individual freedom and creativity of open source, with more rigorous security practice. Continue Reading

By

• Chad Whitacre

Police chief commissions ‘independent review’ of surveillance against journalists and lawyers

PNSI chief constable appoints lawyer to conduct review into police phone surveillance of journalists, lawyers and NGOs Continue Reading

By

• Bill Goodwin, Investigations Editor

97 FTSE 100 firms exposed to supply chain breaches

Between March 2023 and March 2024, 97 out of 100 companies on the UK’s FTSE 100 list were put at risk of compromise following supply chain breaches at third-party suppliers Continue Reading

By

• Alex Scroxton, Security Editor

AI Seoul Summit review

Dozens of governments and tech companies attending the second global AI Safety Summit have committed themselves to the safe and inclusive development of the technology, but questions remain around whether the commitments made go far enough Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Ticketek Australia hit by data breach

Customer names, dates of birth and email addresses of Ticketek Australia account holders reportedly impacted in latest data breach affecting event ticketing firm Continue Reading

By

• Aaron Tan, Informa TechTarget

Law student ‘unfairly disciplined’ after reporting data breach blunder

A law student has accused a leading legal college of unethical behaviour and a “lack of integrity” after it brought misconduct proceedings against him when he reported a data security blunder Continue Reading

By

• Tommy Greene

How to avoid joining the Dead Java Code Society

Unused or dead Java code is bogging down software engineers and developers, causing weird dependencies and security risks. Eric Costlow of Azul shares some advice on how to avoid becoming a member of a rather unpleasant club Continue Reading

By

• Eric Costlow

AI governance needs global approach

Doreen Bogdan-Martin, Secretary-General of the UN agency, International Telecommunication Union (ITU) argues that AI governance needs a world-wide approach Continue Reading

By

• Doreen Bogdan-Martin