Regulatory compliance and standard requirements

Blackbaud blasted for failing to prevent customer breaches

A supply chain attack at software supplier Blackbaud in 2020 saw data on multiple UK organisations compromised. The US authorities are now taking steps to ensure it can’t happen again Continue Reading

By

• Alex Scroxton, Security Editor

US sanctions Iranians behind CNI cyber attacks

US government issues new sanctions against six Iranians suspected of being behind a series of cyber attacks targeting critical national infrastructure, notably water supply systems Continue Reading

By

• Alex Scroxton, Security Editor

IT security strategy: Assessing the risks of generative AI

Most industry watchers see 2024 as the year when generative AI and large language models will begin moving into enterprise IT Continue Reading

By

• Cliff Saran, Managing Editor
• Adrian Bridgwater

UK police facial recognition explained: What you need to know

In this essential guide, Computer Weekly looks at the use of facial recognition technology by UK police forces, including the points of contention around its deployment so far and where it’s heading next Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

AI everywhere all at once

Artificial intelligence became mainstream in 2023. Advances in technology and accessibility led to increased awareness and use of AI Continue Reading

By

• Resham Kotecha

We need backup! Pennsylvania police data loss shows why

Police evidence systems data was lost during ‘routine maintenance’, with human error blamed – the case clearly illustrates why data protection can’t be left to chance Continue Reading

By

• Antony Adshead, Storage Editor

Tech companies warn EU over encryption plans

In this week’s Computer Weekly, tech companies are calling on the European Commission to rethink plans to weaken internet encryption – we explore the issues. We talk to credit rating agency Moody’s about why it thinks now is the time to start investing in quantum computing. And we examine how a different approach to recruitment could ease the datacentre sector skills gap. Read the issue now. Continue Reading

GenAI tools ‘could not exist’ if firms are made to pay copyright

AI firm Anthropic hits out at copyright lawsuit filed by music publishers, claiming the content ingested into its models falls under ‘fair use’ and that any licensing regime would be too complex and costly Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Security Think Tank: Expect more from GenAI in 2024

But 2024 also feels slightly different; the past 12 months have seen generative AI burst on to the scene, and this year its impact will continue to be felt, says Turnkey Consulting's Harshini Carey. Continue Reading

By

• Harshini Carey, Turnkey Consulting

Quantum, AI and geopolitical conflict: '24 will be a big year for cyber

With big trends like quantum, generative AI and geopolitical conflict, 2024 looks set to be a big year in security, but defenders have an unparalleled opportunity to harness these trends for good, says Quorum's Federico Charosky Continue Reading

By

• Federico Charosky

Security Think Tank: What to expect in cyber this year

Risk arising from insecure generative AI, an explosion in mainstream acceptance of zero-trust, and increasingly tight cyber insurance policies will all be high on the agenda in 2024, writes Forrester senior analyst Alla Valente Continue Reading

By

• Alla Valente

Bulk sender authentication: More vital than ever

With new guidelines from Google and Yahoo governing bulk emails coming into force in February 2024, here's what you need to know to keep your sales and marketing lists compliant Continue Reading

By

• Gerasim Hovhannisyan

The race to regulate AI: 2024 unpacked

EU’s AI Act is set to become ‘gold standard’ of AI regulation. Will other countries adopt the same high standards or like the UK opt for a light touch in favour of growth and investment? Continue Reading

By

• Jamie Rowlands and Angus Milne, Haseltine Lake Kempner

Bugcrowd sees surge in vulnerability submissions, led by public sector

Crowdsourced vulnerability disclosure and bug bounty platform Bugcrowd says it saw a 151% uptick in submissions related to government and public sector organisations in 2023 Continue Reading

By

• Alex Scroxton, Security Editor

Security Think Tank: 2024 is the year we bridge the cyber divide

ISACA's Steven Sim Kok Leong shares his thoughts on the coming year in cyber security, considering the impact of regulatory change, the evolving role of the CISO, and advances in innovative cyber tech Continue Reading

By

• Steven Sim Kok Leong

AI will heighten global ransomware threat, says NCSC

The benefits of artificial intelligence to cyber criminals being well-known, the NCSC now assesses it’s likely AI will soon be widely used to enhance ransomware attacks Continue Reading

By

• Alex Scroxton, Security Editor

Podcast: Storage and compliance outlook for 2024

Interesting times ahead in 2024 as we talk to Mathieu Gorge, CEO of Vigitrust, about updates to EU regs, PCI, NIST, post-Brexit divergence and 60 national elections across the globe Continue Reading

By

• Antony Adshead, Storage Editor

Expert guide to e-discovery

An expert guide to why your organisation needs an electronic discovery policy and how to go about creating one Continue Reading

By

• Martin Nikel, Thomas Murray

Treat cyber risk like financial or legal issue, says UK government

UK government and NCSC launch proposed code of practice on cyber security governance to help directors and business leaders toughen their defences Continue Reading

By

• Alex Scroxton, Security Editor

SEC bitcoin hack was result of SIM-swapping

A cyber attack on the US financial regulator earlier in January 2024 occurred after hackers took over one of its mobile phone accounts in a so-called SIM-swapping attack Continue Reading

By

• Alex Scroxton, Security Editor

Davos 2024: AI disinformation tops global risks

In this week’s Computer Weekly, AI-generated disinformation and misinformation will be the top risks for businesses, governments and the public over the next two years, according to the World Economic Forum. Intel’s CTO discusses the chip maker’s plans for the European market. And we examine the dearth of digital skills among elected officials. Read the issue now. Continue Reading

Chat control: Tech companies warn ministers over EU encryption plans

Tech companies have written to EU ministers to urge them to back the European Parliament, rather than the European Commission, over proposed regulations to police child abuse Continue Reading

By

• Bill Goodwin, Computer Weekly

ICO prompts confusion over police cloud legality

The UK data regulator has suggested that, despite major data protection concerns, it is likely to greenlight police cloud deployments because of an information-sharing agreement with the US government Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Cyber non-profit enlists ex-NCSC head as technical chair

Founding NCSC chief exec Ciaran Martin is to join the newly launched Cyber Monitoring Centre non-profit as chair of its technical committee Continue Reading

By

• Alex Scroxton, Security Editor

NCSC invites security pros to join the big leagues

The NCSC is inviting security pros from across the UK to sign up to work with its experts on an intelligence-sharing initiative Continue Reading

By

• Alex Scroxton, Security Editor

Cloud-to-cloud backup: What it is and why you (probably) need it

Basic cloud data protection is just not enough. Several loopholes leave business data vulnerable and that means additional cloud-to-cloud backup should be seriously considered Continue Reading

By

• Stephen Pritchard

Victims of 2023 Capita data breaches head to High Court

More than 5,000 people impacted by data breaches arising from two cyber incidents affecting outsourcer Capita have joined a group action lawsuit Continue Reading

By

• Alex Scroxton, Security Editor

Singapore proposes governance framework for generative AI

AI Verify Foundation and Infocomm Media Development Authority have proposed a governance framework for generative AI to address the risks and concerns about the emerging technology Continue Reading

By

• Aaron Tan, Informa TechTarget

British Library cyber attack explained: What you need to know

In this essential guide, Computer Weekly investigates the cyber attack on the British Library that has rendered IT systems inoperable and caused service disruption to thousands of users Continue Reading

By

• Alex Scroxton, Security Editor

Russia hacked ex-MI6 chief’s emails – what they reveal is more Dad’s Army than deep state

A Russian hacking group that published emails of ex-MI6 chief Richard Dearlove claimed to have uncovered a conspiracy, but it was more Dad’s Army than the ‘deep state’, Computer Weekly and Byline Times reveal Continue Reading

By

• Sophie Hill

How legal disclosure failures disrupted the Post Office Horizon inquiry

From overly narrow search terms, overzealous deduplication of documents and failed email migrations, poor management of legal discovery has delayed justice for postmasters in the Horizon inquiry   Continue Reading

By

• Martin Nikel, Thomas Murray

EU amendment changes open source definition

The EU Cyber Resilience Act has the potential to cause confusion among open source developers, with questions remaining over open development Continue Reading

By

• Cliff Saran, Managing Editor

NCA director sacked after WhatsApp and email security breaches

Nikki Holland, former director of investigations at the NCA, was sacked for “misconduct” after sending sensitive NCA information over personal email and WhatsApp Continue Reading

By

• Bill Goodwin, Computer Weekly

UK government seeks public views on impacts of AI-generated porn

The government’s Pornography Review will look in part at the use of AI throughout the industry to generate sexually explicit content without people’s consent Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Redefining the cyber domain to tackle the challenges of tomorrow

Emerging technologies have brought about a new age of cyber – and we need a 360-degree collaborative approach more than ever to succeed Continue Reading

By

• Saj Huq, Plexal

Davos 2024: AI-generated disinformation poses threat to elections, says World Economic Forum

Disinformation and misinformation are the top risks facing businesses, governments and the public over the next two years Continue Reading

By

• Bill Goodwin, Computer Weekly

Scotland ‘sleepwalking’ to mass surveillance with DPDI Bill

The independent checks and balances over biometrics and biometric-enabled surveillance must be strengthened to prevent Scotland from sliding into a surveillance state along with the rest of the UK Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Study reveals cyber risks to US elections

With the 2024 US presidential election cycle beginning, a study produced by Arctic Wolf has highlighted big gaps in preparedness and resourcing at government bodies across the US Continue Reading

By

• Alex Scroxton, Security Editor

Dutch working to promote cooperation in Europe to keep internet safe

A Dutch cooperative approach offers national and international cooperation opportunities for ISPs to guard against DDoS attacks, lawful interception and detect abuse in networks Continue Reading

By

• Kim Loohuis

Fighting money laundering with AI

Mike Foster, CEO of SymphonyAI Sensa-NetReveal, talks up how AI can be used to fight financial crime and how the company’s technology can augment existing AML investments Continue Reading

By

• Aaron Tan, Informa TechTarget

Top 10 India IT stories of 2023

We recap the year’s top 10 stories in India, including the country’s datacentre boom and innovations in space and agriculture technologies Continue Reading

By

• Aaron Tan, Informa TechTarget

Top 10 AI regulation stories of 2023

From the UK government’s publication of its long-awaited AI whitepaper to its convening of the world’s first AI Safety Summit, here are Computer Weekly’s top 10 AI regulation stories of 2023 Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Decoding zero trust in endpoint security: A practical guide for CISOs

The exponential increase in endpoints has vastly expanded the average organisation’s attack surface – address this by applying zero-trust best practice to endpoints Continue Reading

By

• Isla Sibanda

Top 10 police technology stories of 2023

Here are Computer Weekly’s top 10 police technology stories of 2023 Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Top 10 cyber crime stories of 2023

Ransomware gangs dominated the cyber criminal underworld in 2023, a year that will prove notable for significant evolutionary trends in their tactics Continue Reading

By

• Alex Scroxton, Security Editor

Top 10 storage supplier strategy stories of 2023

In 2023, we looked at the top storage suppliers, their market share and how they set themselves for a future of hybrid cloud, containerisation and consumption models of purchasing Continue Reading

By

• Antony Adshead, Storage Editor

Beyond the office walls: Safeguarding remote workers from attack

Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading

By

• Paul Lewis, Nominet

Zero-trust principles: Your gateway to securing remote workers

Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading

By

• Michael Healey, Turnkey Consulting

What we learned in cyber in 2023, and what to look out for

PA Consulting's Rasika Somasiri looks back at a busy 12 months in the cyber security world, and highlights some key learnings from 2023 Continue Reading

By

• Rasika Somasiri

Security Think Tank: Testing to improve remote worker security

Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading

By

• Rowland Johnson

Top 10 cyber security stories of 2023

The past 12 months have seen the security agenda dominated by the usual round of vulnerabilities, concerns over supply chain security and more besides, but it was the chaotic state of global geopolitics that really made an impact Continue Reading

By

• Alex Scroxton, Security Editor

Security Think Tank: Anytime, anywhere access is achievable

Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading

By

• Tim Holman, 2-sec

Government plans to regulate to tackle datacentre threats

DSIT outlines a range of proposals designed to protect data storage facilities from cyber attacks, as well as physical threats and the effects of climate breakdown Continue Reading

By

• Alex Scroxton, Security Editor

The Security Interviews: Talking identity with Microsoft’s Joy Chik

Microsoft’s president of identity and network access, Joy Chik, joins Computer Weekly to discuss the evolving threat landscape in identity security, using innovations in artificial intelligence to stay ahead, and advocating for the coming passwordless future Continue Reading

By

• Alex Scroxton, Security Editor

NCSC CEO Lindy Cameron to step down in 2024

NCSC chief exec Lindy Cameron, who helped lead and elevate the national dialogue on cyber security through major events such as Covid-19, SolarWinds Sunburst and Colonial Pipeline, is to step down in the New Year Continue Reading

By

• Alex Scroxton, Security Editor

ICO complaint seeks answers from prosecutors over deleted Assange emails

An Italian journalist has complained to the data protection watchdog after the Crown Prosecution Service gave conflicting explanations over its deletion of key emails on WikiLeaks founder Julian Assange Continue Reading

By

• Bill Goodwin, Computer Weekly

How ransomware gangs use the tech media against their victims

Ransomware gangs are increasingly media-savvy operators, and this means incident response plans now need to account for communications and PR strategies too Continue Reading

By

• Alex Scroxton, Security Editor

Critical UK infrastructure a ‘hostage of fortune’ to ransomware

A lack of ransomware planning and preparedness at the highest levels of government is leaving UK operators or critical national infrastructure dangerously exposed, according to a Joint Committee report Continue Reading

By

• Alex Scroxton, Security Editor

Inside the Singapore government’s cloud journey

The Smart Nation Group’s chief digital technology officer outlines the government’s cloud journey, including its approach to cloud migration and how it came to host mission-critical workloads on AWS Continue Reading

By

• Aaron Tan, Informa TechTarget

MoD fined after breach of Afghan staffers’ data put lives at risk

The MoD has been fined £350,000 by the ICO after an email blunder exposed data on Afghan nationals who had worked with British forces and were at risk of Taliban reprisals Continue Reading

By

• Alex Scroxton, Security Editor

Top IT predictions in APAC in 2024

Generative AI will continue to leave its mark on many areas in business and IT, along with other trends such as sustainability, cyber security and smart factories that are expected to shape the region’s technology landscape in 2024 Continue Reading

By

• Aaron Tan, Informa TechTarget

Nordic governments join forces to protect data transfers

Nordic countries deepen their cooperation over cyber security amid heightened threat from neighbouring Russia Continue Reading

By

• Gerard O'Dwyer

How to recover systems in the event of a cyber attack

Recovering compromised systems after a cyber attack isn’t easy, but understanding industry best practice offers a template for the key processes to follow Continue Reading

By

• Nicholas Fearn

Operator of Sellafield nuclear facility denies hacking claims

The operator of the Sellafield nuclear site has denied allegations that senior managers covered up a series of cyber security lapses that enabled Chinese and Russian threat actors to compromise its networks Continue Reading

By

• Alex Scroxton, Security Editor

PCAOB (Public Company Accounting Oversight Board)

The Public Company Accounting Oversight Board (PCAOB) is a congressionally established nonprofit that assesses audits of public companies in the United States to protect investors' interests. Continue Reading

By

• Ben Cole, Executive Editor

Rhysida ransomware gang hits hospital holding royal family’s data

Ransomware gang boasts of having stolen data on the royal family in an attack on a private London hospital Continue Reading

By

• Alex Scroxton, Security Editor

Report reveals sorry state of cyber security at UK football clubs

Football clubs up and down the country are putting staff, players and fans alike at risk through outdated attitudes to cyber security, according to a report Continue Reading

By

• Alex Scroxton, Security Editor

Lords committee urges caution on UK use of autonomous weapons

UK government must ensure proper democratic oversight of its development and use of AI-powered weapon systems, says Lords committee Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Prepare for your worst day: How to create a cyber incident response plan

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

By

• James Allman-Talbot

Meta faces GDPR complaint over processing personal data without 'free consent'

Paid-for service means data protection is only available to those who can afford it, privacy group argues in data protection complaint Continue Reading

By

• Bill Goodwin, Computer Weekly

Scope of British Library data breach widens

Personal data on British Library users has appeared for sale on the dark web following a Rhysida ransomware attack, as the scope of the still-developing incident widens again Continue Reading

By

• Alex Scroxton, Security Editor

NCSC publishes landmark guidelines on AI cyber security

The NCSC and its US counterpart CISA have brought together tech companies and governments to countersign a new set of guidelines aimed at promoting a secure-by-design culture in AI development Continue Reading

By

• Alex Scroxton, Security Editor

DORA raises the stakes for cloud use in financial services

The EU's DORA regulations will raise the stakes for cloud in financial services but resilience is more than just a tech issue, says NetApp's Steve Rackham Continue Reading

By

• Steve Rackham

Navigating the DPDI Bill: A transformative shift ahead

The Data Protection and Digital Information (No. 2) Bill, or DPDI, is set to reshape the UK’s data protection framework. Louise Brooks of DQM GRC considers the implications Continue Reading

By

• Louise Brooks, DQM GRC

North Korean APTs go all in on supply chain attacks, warns NCSC

Threat actors linked to the North Korean regime are becoming more adept at targeting software supply chains in the service of their cyber attacks Continue Reading

By

• Alex Scroxton, Security Editor

Australia ups ante on cyber security

Australia’s new cyber security strategy will focus on building threat-blocking capabilities, protecting critical infrastructure and improving the cyber workforce, among other priorities Continue Reading

By

• Stephen Withers

Palantir awarded NHS FDP data contract

NHS England has awarded a £330m, seven-year contract to US data specialist Palantir, prompting concerns from data privacy practitioners Continue Reading

By

• Alex Scroxton, Security Editor

Why transparency and accountability are important in cyber security

If we accept that the humans who build technology and systems are naturally fallible and mistakes inevitable, and then deal with that with good grace, we could do much to improve cyber standards, writes Bugcrowd's Casey Ellis Continue Reading

By

• Casey Ellis

IT not ready for AI, Pure Storage survey finds

Storage, compute and networking hardware won’t cope without upgrades, and that often means total IT infrastructure overhaul Continue Reading

By

• Antony Adshead, Storage Editor

Microsoft and Meta quizzed on AI copyright

Large language models are trained using vast amounts of public data – but do the hyperscalers comply with copyright laws? Continue Reading

By

• Cliff Saran, Managing Editor

Ransomware gang grasses up uncooperative victim to US regulator

The ALPHV/BlackCat ransomware gang has added a new tactic to its playbook, going to ever more extreme lengths in search of a pay-off Continue Reading

By

• Alex Scroxton, Security Editor

cardholder data environment (CDE)

A cardholder data environment (CDE) is a computer system or networked group of IT systems that processes, stores or transmits cardholder data or sensitive payment authentication data. Continue Reading

By

• Rahul Awati
• Sharon Shea, Executive Editor

Rogue state-aligned actors are most critical cyber threat to UK

The prospect of rogue nation-state-aligned attackers bringing down the UK’s critical infrastructure is keeping the NCSC up at night Continue Reading

By

• Alex Scroxton, Security Editor

Victims’ legal action over 2015 Carphone Warehouse breach moves forward

A class action against Currys Retail over the 2015 data breach of Carphone Warehouse customers has been granted permission to move forward in the courts Continue Reading

By

• Alex Scroxton, Security Editor

ICO alerted after technical ‘issue’ exposed college files to student barristers

A training college for barristers has reported a data breach that left sensitive data on hundreds of current and former students accessible to other trainees Continue Reading

By

• Tommy Greene

Breached? Don't panic… if you created a robust IR plan

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

By

• Paul Lewis, Nominet

UN disarmament body calls for global action on autonomous weapons

UN draft resolution highlighting the dangers of autonomous weapons passes with overwhelming majority Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

How the Online Safety Act will impact businesses beyond Big Tech 

The Online Safety Act will impact an estimated 100,000 online services in the UK and overseas Continue Reading

By

• Ria Moody, Linklaters

The best IR plans are well-revised and deeply familiar

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

By

• Elliott Wilkes

The Security Interviews: Why cyber needs to integrate better

Cyber security is an intensely technical field, but we shouldn’t ignore the soft skills of communication and collaboration. Wipro’s Tony Buffomante explains why a robust security posture is dependent on a security team engaging with the wider organisation Continue Reading

By

• Peter Ray Allison

Data-sharing management gap highlights cyber risk, says report

Organisations are struggling to secure their use of communications tools to share data with third-party partners and suppliers, and in the process are exposing themselves to heightened levels of risk, according to a report Continue Reading

By

• Alex Scroxton, Security Editor

The plan for the inevitable cyber attack: Get the gist of NIST

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

By

• Theodore Wiggins, Airbus Protect

King’s Speech misses the mark on cyber law reform, says campaign

A group of activists who want to reform the UK’s computer misuse laws to protect bona fide cyber pros from prosecution have been left disappointed by a lack of legislative progress Continue Reading

By

• Alex Scroxton, Security Editor

The Security Interviews: ISC2’s Clar Rosso on cyber diversity and policy

Computer Weekly catches up with ISC2 CEO Clar Rosso to talk about diversifying the cyber workforce and supporting cyber pros as they keep up with growing compliance and security policy demands Continue Reading

By

• Alex Scroxton, Security Editor

Enhancing security: The crucial role of incident response plans

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

By

• Chris McGowan

How ExxonMobil is leading with data

In this week’s Computer Weekly, we talk to the leader of ExxonMobil’s data organisation, about the energy giant’s strategy to establish enterprise-wide principles for the use of data. As the UK’s Online Safety Act comes into force, we examine the tech sector’s concerns over the laws around end-to-end encryption. And we look at the software tools available to HR teams to help improve staff retention. Read the issue now. Continue Reading

IR plans: The difference between disaster and recovery

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

By

• Becky Gelder, Turnkey Consulting

How Trellix’s CISO keeps threat actors at bay

Trellix’s chief information security officer, Harold Rivas, outlines how the company mitigates security threats through containment and by helping security analysts to respond faster to cyber incidents Continue Reading

By

• Aaron Tan, Informa TechTarget

Incident response planning requires constant testing

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

By

• Jack Chapman

Use existing structures to build your incident response plan

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

By

• Sam Lascelles