Regulatory compliance and standard requirements

Singapore rolls out cyber security certification scheme

Two new cyber security marks are expected to provide an edge for Singapore businesses with good cyber security practices Continue Reading

IT professionals wary of government campaign to limit end-to-end encryption

Members of the Chartered Institute of IT, the professional body for technology professionals in the UK, warn against limiting end-to-end encryption Continue Reading

US offers concessions on surveillance and privacy as EU and US agree successor to Privacy Shield

EU and US agree data privacy framework allowing trans-Atlantic data transfers after US offers concessions on surveillance and new rights of redress for EU citizens Continue Reading

NHS urgent care provider uses ID and access management to reduce complexity for clinicians

Provider of care through NHS 111 is using a cloud-based identity and access management system to remove the need for clinicians to remember multiple passwords Continue Reading

Revised scope of UK security strategy reflects digitised society

The omission of the word ‘security’ from the title of the UK government’s new National Cyber Strategy is a telling one, reflecting our increasingly digitised society, say Maximillian Brook and Arunoshi Singh of the ISF Continue Reading

Siloed data holding back coordinated health responses

Digital health experts discuss the role of data in coordinating the NHS’s pandemic response and how managing privacy and governance issues are key to further success Continue Reading

How 2022’s most significant data privacy trends affect your organisation

Data privacy and protection are now core responsibilities for most, but as we all know by now, compliance is a moving target. Here, expert Alan Calder looks ahead at what to expect in the coming months Continue Reading

UK Cyber Strategy a welcome injection of progress

The National Cyber Strategy should be seen as a welcome injection of both focus and investment in bettering cyber defence for everyone, says Turnkey Consulting senior consultant Louise Barber Continue Reading

National Cyber Strategy will enhance UK’s cyber power status

The UK punches above its weight when it comes to wielding cyber power around the world, but challenges to this status are clear. The National Cyber Strategy has a clear role to play in maintaining and enhancing this status, writes Paddy Francis of Airbus Cybersecurity Continue Reading

Kaspersky CEO: Ukraine war must end through diplomacy

Eugene Kaspersky speaks out on the war in Ukraine, and rebuffs Germany’s BSI, branding its warnings over his company’s trustworthiness as insulting Continue Reading

Online Safety Bill introduced in Parliament

The government has introduced its long-awaited Online Safety Bill in Parliament, alongside new criminal offences and sanctions for tech company execs Continue Reading

Biden signs ransomware reporting mandate into law

CNI operators in the US must now report cyber attacks within 72 hours, and ransomware payments within 24 hours Continue Reading

Two men convicted after using EncroChat cryptophones to plot killing

Evidence from the encrypted phone network EncroChat led to the conviction of two men for conspiracy to murder Continue Reading

Meta fined €17m over EU data breaches

The Irish Data Protection Commissioner has fined Meta after finding it in breach of GDPR rules Continue Reading

How cyber security teams can conquer the four-day working week

The four-day week may be an idea whose time has come, but for always-on cyber security professionals, the impact of squeezing more work into fewer days is a tricky proposition Continue Reading

Achieving agility, collaboration and data control in the cloud

Organisations have historically had to make a trade-off between the proven benefits of the cloud and maintaining full control of their data, but with the right strategy it is possible to have both Continue Reading

Encryption myths versus realities of Online Safety Bill

The UK government can’t legislate the impossible – a safer society depends on encryption, not breaking it Continue Reading

Police EncroChat cryptophone hacking implant did not work properly and frequently failed

Surveillance operation against EncroChat encrypted phone network had repeated technical failures Continue Reading

National Cyber Strategy misses the mark in one important way

The National Cyber Strategy is full of fine words, says Petra Wenham, but as the old expression goes, fine words butter no parsnips, and it misses the mark in one very important way Continue Reading

Paid-for advertising measures included in Online Safety Bill

New measures to deal with fraudulent paid-for advertising have been included in the government’s draft Online Safety Bill, marking the fourth extension in two months Continue Reading

Cloud-era disaster recovery planning: Maintenance and continuous improvement

In the final article in this four-part guide to disaster recovery planning, we look at how and when to update, maintain, audit, review and continually improve the DR plan Continue Reading

Microsoft serves up three zero-days on March Patch Tuesday

Three zero-days pop up in Microsoft’s March update, along with a number of other noteworthy concerns for defenders Continue Reading

Security Think Tank: Building the cyber workforce we need

The UK’s new National Cyber Strategy is clear in its ambitions, but to fulfil them, we must double down on appropriate skills development, says ISACA director Mike Hughes Continue Reading

Ukraine joins Nato cyber knowledge hub

Ukraine is to become a contributing participant in Nato’s Cooperative Cyber Defence Centre of Excellence Continue Reading

Scrapping NHS Digital a backward step for patient data rights

Former NHS Digital chair Kingsley Manning has spoken out over proposals to fold NHS Digital into NHS England, saying that more oversight is needed to safeguard patient data in light of recent events Continue Reading

Microsoft stops sales of products and services to Russia

Citing sanctions and cyber security concerns, Microsoft has become the latest company to withdraw from the Russian market Continue Reading

Assessing the aims of the Government Cyber Security Strategy

The clear aims of the Government Cyber Security Strategy are welcome, but are they realistic or achievable? Continue Reading

Boardroom does not see ransomware as a priority

Less than a quarter of company directors think ransomware is a top priority for their security teams, according to Egress Continue Reading

Nato Cyber Security unit tests post-quantum VPN

Nato’s Cyber Security Centre has successfully tested secure communication flows in a post-quantum world using a UK-designed VPN Continue Reading

Direct action is a risky business for Ukraine's volunteer hackers

Hackers have been responding to Ukraine’s call to create an IT army, but there are many reasons why taking direct action in a kinetic conflict is a bad idea Continue Reading

DCMS opens consultation on telecoms cyber standards

Proposed rules will set out the specific measures telecoms providers need to take to fulfil their legal duties under the Telecommunications Security Act Continue Reading

Irish data watchdog calls for ‘objective metrics’ for big tech regulation

Helen Dixon, Ireland’s data protection commissioner, says EU regulators must agree on metrics to measure the effectiveness of data protection regulation Continue Reading

Define RPO and RTO tiers for storage and data protection strategy

We look at RPO and RTO in defining data protection and disaster recovery strategies and how to specify tiers that reflect the importance of different systems in your organisation Continue Reading

The UK’s cyber security sector is thriving, but our work has only just begun

The government’s Annual Cyber Sector Report painted a positive picture of the UK security industry. CIISec’s Amanda Finch thinks we can go further in developing cyber talent and opening up the sector Continue Reading

Attempted burglary exposes risk of NatWest customer data in former worker’s home

Former Royal Bank of Scotland employee offers bank a compromise in her dispute over the return of confidential customer information Continue Reading

It takes a village: Protecting kids online is everyone’s responsibility

The rapid uptake of smartphones among children has contributed to the increasing number of cases of cyber bullying and online grooming. Is this an educational issue or a cultural problem, and can modern enterprise help? Continue Reading

2021 another record year for UK cyber investment

Total revenue generated by the UK’s cyber sector was up 14% last year, and UK-registered security firms raised over £1bn in investment Continue Reading

Cloud Security Alliance publishes guidelines to bridge compliance and DevOps

The Cloud Security Alliance has published a report detailing practices that organisations can adopt to bridge the gap between compliance and software development and operations Continue Reading

CMA secures final Privacy Sandbox guarantees from Google

The CMA has secured a final set of Privacy Sandbox commitments from Google relating to the proposed removal of third-party cookies from its Chrome browser Continue Reading

Lack of knowledge disastrous for effective security strategy within Dutch companies

Most Dutch companies still haven’t realised that security is an integral part of their IT and company strategy Continue Reading

Hackney Council could be forced to answer questions about IT security training after Psya ransomware

Council is negotiating with the information commissioner after refusing to reply to questions under the Freedom of Information Act about staff IT and security training during the pandemic Continue Reading

How diplomatic immunity silenced the prosecutor who coordinated Sweden’s EncroChat probe

Defence lawyers claim Swedish court decision not to hear evidence from a Swedish prosecutor leaves important legal questions unanswered over international police operation to hack EncroChat cryptophone network Continue Reading

Phishing tests are a useful exercise, but don’t overdo it

The vast majority of cyber attacks start with a phish, so it’s not surprising that phishing tests form part of cyber training plans. But sometimes these tests go too far. Cyberis’ Gemma Moore looks at how to avoid the pitfalls Continue Reading

UK second in money laundering hall of shame

Banks need to step up their anti-money laundering processes if billions of pounds’ worth of criminal activity is to be prevented Continue Reading

Minister defends digital economy legislation before Lords

A digital minister has said that the UK’s forthcoming digital markets legislation is ‘superior’ to similar efforts in the EU, but could not commit to a specific time frame for when it will be introduced to Parliament Continue Reading

Tech companies risk being compelled by law to protect children, says online safety expert

John Carr, a child safety campaigner backing a government-funded campaign on the dangers of end-to-end encryption to children, says tech companies have no choice but to act Continue Reading

How Dutch hackers are working to make the internet safe

We hear how the personal mission of a Dutch hacker grew into a serious organisation with international ambitions Continue Reading

The Security Interviews: Building the UK’s future cyber ecosystem

As the government lays out the next iteration of its Cyber Security Strategy, we speak to Plexal and Lorca’s Saj Huq about his work building a cyber ecosystem to support the UK’s future ambitions Continue Reading

Parasol data breach: Contractors rage as fallout from umbrella cyber attack continues

Contractors working for the Parasol umbrella company are querying why it has taken so long for news of the firm's data breach, which is linked to a cyber attack on its systems five weeks ago, to come to light Continue Reading

Porn sites will be legally required to verify users’ ages

Porn sites could be legally obliged to verify that their users are 18 or over under proposed online safety rules, in UK government’s second attempt to prevent children from accessing pornography online Continue Reading

Brookson and Parasol cyber attacks: Contractor complaints about delayed payments continue

Several weeks on from the suspected ransomware attack that blighted two of the umbrella industry’s biggest players, contractors are still chasing their missing money Continue Reading

French Supreme Court raises constitutional questions over EncroChat hacking secrecy

Conseil Constitutionnel to decide whether ‘defence secrecy’ over state EncroChat cryptophone hacking breaches French constitution Continue Reading

Security Think Tank: How to build a human firewall

In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service? Continue Reading

Mechanism underlying cookie popups found in breach of GDPR

A fundamental element of the mechanism by which the advertising industry requests tracking consent from web users has been found in breach of the General Data Protection Regulation Continue Reading

Reforms needed to tackle economic crime, says Treasury Committee

The Treasury Committee is disappointed at progress towards tackling economic crime and fraud in both the online and offline worlds, and is calling for more action Continue Reading

What neurodivergent people really think of working in cyber security

Many firms are filling cyber security skills gaps by hiring neurodivergent talent – but more support is needed for neurodivergent cyber security professionals, writes autistic tech journalist Nicholas Fearn Continue Reading

Met Police faces legal action over Gangs Matrix

Campaign group Liberty is taking legal action against the Met over its use of the Gangs Matrix, claiming it is driven by racial stereotypes and disproportionately affects people from black and minority ethnic backgrounds Continue Reading

Data on children of armed forces personnel exposed in breach

Data on 4,142 children of serving armed forces personnel was exposed in a data breach at the Ministry of Defence Continue Reading

Understand your cyber training ‘need’ before committing to a programme

In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training-as-a-service? Continue Reading

Cyber skills gap affecting data privacy practice, finds ISACA

Organisations are struggling to fill both legal and technical privacy roles, with potentially damaging consequences, according to a report Continue Reading

Navigating PIPL: European businesses plot their next steps into China

How does China’s strict new Personal Information Protection Law impact European businesses? Continue Reading

Cloud-era disaster recovery planning: Setting strategy and developing plans

In the second in a series on cloud-era disaster recovery, we look at how to formulate a DR strategy and develop detailed DR plans for your organisation, while taking cloud services into account Continue Reading

Security Think Tank: Focus on ‘nudging’ to build effective cyber training

In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training-as-a-service? Continue Reading

MPs to debate landmark IoT security law

Proposed bill mandates tighter protections for connected products, and adds new rules for broadband roll-out into the bargain Continue Reading

Cyber Essentials programme gets biggest update since launch

NCSC implements a thorough revision of its Cyber Essentials scheme to reflect the changing security landscape Continue Reading

UK government launches internal cyber strategy

Multi-pronged government security strategy is designed to protect both core systems and public services Continue Reading

WikiLeaks founder Julian Assange can ask Supreme Court to hear extradition appeal

Senior judges said today that WikiLeaks founder Julian Assange can petition the Supreme Court to decide whether to hear an appeal against his extradition to the US Continue Reading

Tinder algorithm charging users more based on age

Popular dating app Tinder could have broken data protection and equality laws by using personal data about people’s age to set different prices Continue Reading

ICO criticises government-backed campaign to delay end-to-end encryption

Data protection watchdog warns that delaying end-to-end encryption will put children at risk Continue Reading

Updated cyber security regulations proposed for managed services sector

The Network and Information Systems regulations are to be updated to include MSPs and outsourcers, following a spate of supply chain attacks Continue Reading

Cloud-era disaster recovery planning: Assessing risk and business impact

In the first in a series on cloud-era disaster recovery, we provide a step-by-step guide to building firm foundations for the disaster recovery plan, with risk assessment and business impact analysis Continue Reading

The race to quantum computing

In this week’s Computer Weekly, researchers are racing to create the first commercially useful quantum computer – we look at one of the European candidates. Cyber security is one of the greatest risks facing the global economy, warns the World Economic Forum. And we examine the role of employee experience in hybrid working. Read the issue now. Continue Reading

Podcast: 2022 compliance preview – GDPR goes global

We talk to Mathieu Gorge, CEO of VigiTrust, about what’s looming in compliance, with regulations based on the principles of the General Data Protection Regulation plus the concept of cyber accountability Continue Reading

Nordic companies targeted in wave of cyber attacks

After a slew of cyber attacks hit major companies in the Nordics at the end of last year, we look at how they were affected and how they have recovered Continue Reading

UK government bodies challenged on secure identity

Public sector bodies in the UK recognise secure identity and access management as critical to the roll-out of digital services, but face challenges in addressing this Continue Reading

Banks accused of neglecting customer security measures

Which? singles out Metro Bank, Virgin Money and TSB over insecure online banking processes Continue Reading

Companies propose scanning content pre-encryption to fight CSAM

Firms working on the UK government’s Safety Tech Challenge have suggested that scanning content before encryption will help prevent the spread of child sexual abuse material – but privacy concerns remain Continue Reading

Cyber security failure one of biggest risks facing countries and businesses, warns WEF

Cyber risks are among the top five risks facing organisations and governments over the next two to five years. Digital inequality and the over-crowding of space with communication satellites present further risks  Continue Reading

Proofpoint acquires Singapore data security startup

Proofpoint’s acquisition of Dathena will bolster its data loss prevention capabilities, enabling organisations to better understand information risk through the use of AI Continue Reading

Ministry of Justice caught up in multiple cyber incidents

Besides multiple disclosed data breaches, department was also affected by two ransomware attacks Continue Reading

Singapore retailer hit by data breach

The personal data of OG’s basic and gold members stored in a database managed by a third-party service provider was reportedly compromised Continue Reading

France fines Facebook and Google over alleged cookie malpractice

French data protection authorities clamp down on tech platforms for purposely making it more burdensome for users to decline tracking cookies Continue Reading

Top 10 crime, national security and law stories of 2021

Here are Computer Weekly’s top 10 crime, national security and law stories of 2021 Continue Reading

Top 10 technology and ethics stories of 2021

Here are Computer Weekly’s top 10 technology and ethics stories of 2021 Continue Reading

Vulnerabilities to fraud are increasing across the board

As the pandemic continues to affect how we work, socialise, shop and conduct business, so it has increased opportunities for digital fraud and cyber crime. Jason Lane-Sellers explores the latest LexisNexis Risk Solutions ‘Cybercrime report’ Continue Reading

Top 10 cyber security stories of 2021

Cyber security dominated the headlines in 2021, making it hard to gain a clear picture of what to pay attention to. What is an IT buyer to do? Continue Reading

Security Think Tank: Reframing CISO-boardroom relations

Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months Continue Reading

HSBC fined £64m for automated transaction monitoring failures

Bank hit by multimillion-pound fine for failures related to its transaction monitoring, which failed to spot potential money-laundering activity Continue Reading

Security Think Tank: Get to know your personal threat landscape

Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months Continue Reading

UK government to take ‘whole-of-society’ approach to cyber

Second iteration of the UK’s National Cyber Strategy broadens its focus to build a ‘whole-of-society’ security posture Continue Reading

Julian Assange can be extradited to the US to face espionage and hacking charges, court rules

High Court overturns decision not to extradite WikiLeaks founder after US government gives assurances over his treatment Continue Reading

C-suite’s biggest ransomware fear: Post-attack regulatory sanctions

Exposure to regulatory sanctions such as fines are the biggest worry for C-suite executives in the wake of a ransomware attack Continue Reading

What are the challenges associated with the MITRE ATT&CK framework?

Businesses sometimes struggle to use the MITRE ATT&CK framework effectively. Learn more about some of the challenges, and how to overcome them Continue Reading

UK and US to collaborate on privacy innovation contest

Joint UK-US innovation challenge contest centring on privacy-enhancing technology announced at Summit for Democracy in Washington DC Continue Reading

Security Think Tank: Good documentation could save your bacon

Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months Continue Reading

Number of .uk domain suspensions at record low

Statistics from Nominet show how effective law enforcement action against cyber crime in the UK is paying off Continue Reading

IT Priorities 2022: Pandemic’s long tail for cyber buyers

Pandemic response has been top of mind for cyber leaders these past 18 months, and as Covid-19 turns two, the TechTarget/Computer Weekly IT Priorities 2022 study shows buyers are still focused on how Covid has upended the workplace Continue Reading

Security Think Tank: Think people, processes and systems

Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months Continue Reading

Kaspersky introduces cyber policy for bionic devices

Cyber firm Kaspersky has become one of the first organisations in the world to develop and implement a security policy covering the use of bionic devices and other forms of human augmentation Continue Reading

A ‘whole of society’ approach to cyber may be on the horizon

Nominet Cyber managing director David Carroll reflects on the NCSC’s latest annual review amid 2021’s fast-evolving threat landscape Continue Reading