Regulatory compliance and standard requirements

Threat of group GDPR legal action haunts CISOs

The vast majority of security leaders questioned for a new report say they are concerned about the possibility of group legal settlements against them following a serious data breach Continue Reading

Industry reflects on three years of GDPR

Looking back on 12 tumultuous months, we assess how GDPR has weathered the effects of the Covid-19 pandemic and Brexit, and consider what the coming year may hold for data protection Continue Reading

Air India is latest victim of Sita hack

Data on millions of people who flew with Air India between 2011 and 2021 appears to have been compromised in the recent Sita supply chain attack Continue Reading

Dutch researchers build security software to mimic human immune system

Software could help IT systems develop immunity to some cyber attacks in a similar way to how the body fights infection Continue Reading

How Bureau Veritas migrated 85% of its applications to the AWS cloud

In six years, France-based services giant BV has migrated 115 applications to the AWS cloud, mostly using in-house expertise. We talk to the company’s IT director Continue Reading

MEPs urge European Commission to revise UK adequacy decisions

Members of the European Parliament are calling for the European Commission to ensure EU citizens have greater privacy rights Continue Reading

Pandemic tech use heightens consumer privacy fears

Report on consumer attitudes to privacy finds evidence of a “heightened sense of fear” as digital footprints expand inexorably Continue Reading

UK government publishes framework on automated decision-making

The framework focuses on making the use of algorithms and automated decision-making systems within the public sector more ethical, transparent and accountable Continue Reading

Reports of stolen Irish health service data being leaked online

Leaking of deeply confidential and personal information on patient healthcare marks a new low for the criminal Conti gang Continue Reading

Microsoft EU Data Boundary dubbed ‘smoke and mirrors’

Data protection experts claim Microsoft’s decision to create an EU Data Boundary is a tacit admission that it routinely transfers and processes the personal data of European citizens outside the bloc Continue Reading

Irish High Court dismisses legal bid by Facebook over EU-US data transfers

Latest twist in long-running legal battle sees Facebook lose legal bid to prevent the Irish Data Protection Commissioner suspending its transfer of data about European citizens to the US Continue Reading

Dutch police used deep learning model to predict threats to life

Dutch police developed a deep learning model in their EncroChat investigation to predict which messages contain serious threats to life Continue Reading

The shape of fraud and cyber crime: 10 things we learned from 2020

While a pandemic-driven increase in cyber crime and an exacerbation of existing fraud trends were, to a large extent, to be expected, the LexisNexis Risk solutions UK cybercrime report 2020 still contained a few surprises Continue Reading

Biden beefs up public-private security cooperation

Joe Biden has signed a new Executive Order to harden US cyber security and government networks, with an emphasis on information sharing Continue Reading

Verizon DBIR underscores year of unprecedented cyber challenge

Verizon 2021 Data Breach Investigations Report draws predictable conclusions as the impact of the Covid-19 pandemic continues to be felt Continue Reading

UK government publishes Online Safety Bill draft

Bill builds on previous commitments by the government, which has added new measures to uphold democracy and freedom of speech while making tech giants more accountable Continue Reading

Collaboration key to success of UK’s Cyber Security Council

The founders of the UK’s Cyber Security Council have been setting out their plans to professionalise the cyber sector at the NCSC’s CyberUK 2021 event Continue Reading

Government to reform Computer Misuse Act

Home secretary Priti Patel will explore reforming the Computer Misuse Act as calls mount for the 31-year-old law to be updated to reflect the changed online world Continue Reading

Colonial Pipeline ransomware attack has grave consequences

The ramifications of a major ransomware attack against a US fuel pipeline operator could spread far and wide Continue Reading

Swedish court finds ambiguities in hacked EncroChat cryptophone evidence

Defence lawyer claims evidence obtained by hacking the EncroChat encrypted phone network has ‘no legal’ value following Swedish appeal court ruling Continue Reading

How do I get my users to pay attention to security training?

As cyber security risks grow daily, businesses must educate staff about these through cyber awareness training. But how can they ensure this is taken seriously by employees? Continue Reading

NCSC publishes smart city security guidelines

Guidance for local authorities, IT and cyber professionals aims to ensure the security of connected, smart city projects Continue Reading

Cyber accreditation to improve legal standing of security pros

Institute of Cyber Digital Investigations Professionals will help incident responders and cyber investigators get the professional recognition they deserve Continue Reading

Government urged to add scam protections to Online Safety Bill

Group of organisations calls for the government to use the Online Safety Bill to protect people from cyber scams Continue Reading

Scammers accidentally reveal fake Amazon review data

More than 13 million records relating to an organised fake review scam have been found on an unsecured ElasticSearch database, implicating hundreds of thousands of people in unethical behaviour Continue Reading

HSBC blocks £249m in UK fraud with voice biometrics

HSBC voice recognition technology has reduced telephone banking fraud as demand for the channel increases Continue Reading

Why ITAM can aid IT-fuelled business recovery

As a sense of normality returns, we look at why IT asset management is the stealth tool for clearing a path towards greater digitisation Continue Reading

How GCHQ proposes to implement and use ethical AI

The rise of cyber crime and the escalating threat vectors facing the UK have led GCHQ to invest in automated threat detection and response systems to meet this challenge, as well as liaising with the private sector for the first time Continue Reading

Deploying productivity monitoring software ethically

While software that tracks the activities of staff can be helpful to companies with a remote workforce, managers must consider employees’ concerns and privacy Continue Reading

Half of organisations breached via a third party in 12 months

New report highlights the risks of outsourcing key business processes without paying due care and attention to your service provider’s security Continue Reading

EncroChat: Top lawyer warned CPS of risk that phone hacking warrants could be unlawful

Lord David Anderson QC warned prosecutors that there were formidable arguments against the lawfulness of a police operation to infiltrate the encrypted phone network, EncroChat Continue Reading

MPs accuse government of unduly interfering in information commissioner appointment

Cross-party group of MPs says government is influencing the appointment of a new information commissioner by explicitly seeking a candidate who will support its policy agenda, rather than regulate independently Continue Reading

The case for vaccine passports: the real world versus the digital world

What are the security issues challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind? Continue Reading

G7 countries to cooperate on digital regulation

Digital and technology ministers outline their agenda for how technology can be used to facilitate the post-Covid recovery, signalling closer collaboration in key areas of the digital economy Continue Reading

Covid-19 security challenges leave bank customers at risk

Challenges arising from the pandemic have left gaping holes in banking security, putting consumers at risk of fraud Continue Reading

Recruiters can’t afford to hold out for cyber ‘unicorns’

The perfect security candidate is hard to find, so hiring policy needs to be more pragmatic Continue Reading

Office 365 compromise likely led to Merseyrail ransomware attack

Compromise of Merseyrail employee data seems to have begun after a key email account was hacked Continue Reading

NHS App to serve as vaccine passport for foreign holidays

Existing NHS App will have vaccine passport functionality added to it, transport secretary confirms Continue Reading

Backup failure: Four key areas where backups go wrong

We look at the key ways that backups can fail – via software issues, hardware problems, trouble in the infrastructure and good old human error – and suggest ways to mitigate them Continue Reading

UK supermarkets to trial age estimation tech for alcohol purchases

Biometric age estimation technology developed by Yoti to be tested in UK supermarkets for alcohol purchases as part of government-led digital identities initiative Continue Reading

The Security Interviews: Making sense of outbound email security

Screening inbound emails is an accepted part of an organisation’s security posture, but the topic of securing outbound traffic is less often discussed. Zivver’s Rick Goud is on a mission to change this Continue Reading

GCHQ: Cyber investment a guarantor of UK’s global status

GCHQ director Jeremy Fleming sets out a vision for the UK’s cyber security future Continue Reading

NCSC offers teachers free cyber security training

The NCSC’s latest security training offer builds on a package of measures designed to protect schools from cyber attack Continue Reading

EU lays out plans to regulate AI development

Proposal aims to encourage the development of ethical artificial intelligence systems that do not infringe the human rights of EU citizens Continue Reading

Health app myGP adds Covid-19 vaccine passport function

The new feature is described as the UK’s first NHS-assured Covid-19 certification feature Continue Reading

UK’s proposed IoT cyber security law gathers momentum

New statistics appear to vindicate UK government proposals to force suppliers to be upfront about IoT security Continue Reading

Government puts Facebook under pressure to stop end-to-end encryption over child abuse risks

Facebook faces growing government pressure to abandon its plans to offer users end-to-end encryption to secure the privacy of their messages as the NSPCC raises concerns about child protection Continue Reading

Finnish government strengthens country’s IT network security

Finland’s government has created a new national organisation to help public and private bodies improve network security Continue Reading

Biden sanctions Russia over SolarWinds cyber attacks

US president imposes new sanctions on Russia following malicious cyber attacks against the US and allies Continue Reading

Ireland’s DPC launches probe into Facebook leak

The Irish Data Protection Commission has launched an ‘own volition’ inquiry into the leak of data from 500 million Facebook profiles Continue Reading

Security Think Tank: Vaccine passports must be secure by design

What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind? Continue Reading

Security Think Tank: Vaccine passports cannot be taken lightly

What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind? Continue Reading

What has a year of home working meant for the DPO?

Byron Shirley of The Compliance Space explores how the role of the data protection officer has changed in the past 12 months Continue Reading

Executive interview: Unleashing blockchain’s potential

Labrys founder and CEO Lachlan Feeney offers his observations about blockchain adoption in Australia, and what his firm is doing to help organisations unleash the full potential of the technology Continue Reading

Nation-state cyber attacks double in three years

Cyber attacks backed by nation states are becoming more frequent and varied, moving the world closer to a point of ‘advanced cyber-conflict’, according to a University of Surrey research project Continue Reading

A billion extra contactless payments in year since limit increase

Visa said there was an extra one billion contactless payments made by its customers last year Continue Reading

API Daze

Earlier this week, the US Supreme Court ruled that Google did not infringe Oracle copyright on the Java SE API (application programming edition). The fact the US Supreme Court has digested a load ... Continue Reading

EncroChat hearings delayed as lawyers seek disclosure on police hacking

Court hearings precipitated by police cracking the EncroChat secure mobile phone network have been delayed after defence lawyers request further disclosures on police decryption capabilities Continue Reading

NHS is apparently closing security skills gap

By the end of 2020, there were more than twice as many in-house security professionals at NHS trusts as there were two years before Continue Reading

Security Think Tank: Evolving threats, tech, leaves CNI exposed

In light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

Cyber Security Council to champion UK security pros

A new cyber security professional body has launched with the aim of developing and promoting UK cyber security excellence globally and growing the skills base Continue Reading

Nordics run information sharing on digital vaccination passports

Nordic countries advance plans for digital Covid-19 vaccination passports in a bid to kick-start their economies Continue Reading

Surveillance expert ‘unfairly’ refused job at intelligence regulator after MI5 intervened

The Home Office unfairly refused Eric Kind, a specialist in criminal justice and UK surveillance law, clearance for a job at an intelligence watchdog after MI5 claimed he was “insufficiently deferential” Continue Reading

Backup appliances the hot topic for Pas-de-Calais fire brigade

With requirements for strict, long-duration backup and archiving, French fire brigade set out to replace optical media with a StorageCraft appliance and disaster-proof storage Continue Reading

Cyber security complacency puts UK at risk, says NCSC head

National Cyber Security Centre CEO Lindy Cameron, in her maiden speech in the role, warns of challenges ahead for the UK and sets out the future agenda for cyber Continue Reading

UK faces significant cyber talent shortfall

Cyber security sector is struggling to attract the talented workforce it needs Continue Reading

Employees must be given the right to disconnect

As enterprises increasingly turn to workplace monitoring technologies and more of the workforce moves to remote or hybrid working, unions are campaigning for workers’ ‘right to disconnect’ and not engage in digitally enabled work after hours Continue Reading

Anti-money laundering technology must operate in a collaborative ecosystem

With new technologies making it easier for banks to spot money laundering activity, we look at why the problem persists at scale, finding that ecosystems and collaborative processes need to be built Continue Reading

Unionised drivers call on Microsoft to suspend Uber’s Face API licences

Unionised private hire drivers in the UK are calling for Microsoft to suspend Uber’s licences to use its Face API technology after claims the ride-hailing firm’s ID-checking system has led to drivers losing their jobs and having licences revoked Continue Reading

Eastern Health reports ‘cyber incident’, takes systems offline

Australian healthcare provider Eastern Health takes IT systems offline as a precaution while it looks into a cyber incident Continue Reading

Security Think Tank: Take a realistic perspective on CNI cyber attacks

In light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

Digital Green Certificate proposed for travel in Europe

Digital Green Certificates will supposedly help re-establish freedom of movement within the European Union Continue Reading

Cyber sector welcomes PM’s defence review

Security commentators approve of measures to improve the UK’s cyber resilience, strengthen its R&D and skills base, lead on the development of new technology and promote a free, open, peaceful and secure global internet Continue Reading

Uber and Ola ordered to hand over more data to drivers

A Dutch court has rejected Uber and Ola’s claims that drivers collectively taking action to access their data amounts to an abuse of their individual data access rights, laying the ground for drivers to form their own union-controlled data trust Continue Reading

MoD partners playing fast and loose with confidential data

Clear spike in data breach incidents at defence partners may reflect better reporting standards, claims MoD Continue Reading

ST Engineering teams up with Google Cloud

Singapore’s ST Engineering and Google Cloud will explore offering secure cloud services for organisations in regulated industries Continue Reading

UK plans ‘full spectrum’ approach to national cyber security

PM Boris Johnson expands on proposed National Cyber Force and plans to set up a north of England Cyber Corridor Continue Reading

Judges refuse EncroChat defendants’ appeal to Supreme Court

Experts suggest Parliament and Investigatory Powers Tribunal need to consider the implications of a court decision on police use of data from the EncroChat phone network Continue Reading

Security Think Tank: CNI operators are in an unenviable position

In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

India is becoming a hotspot for IoT

India is set to be a cradle for internet of things deployments thanks to its vibrant economy and its potential to play a bigger role in global manufacturing Continue Reading

Does email security need a human solution or a tech solution?

People spend a lot of time using email systems, but many do not realise that this makes them attractive targets for cyber criminals. With education and technology, businesses can tackle this problem head-on Continue Reading

Interview: Uber driver Yaseen Aslam on his Supreme Court battle and what’s next for gig workers

Private hire driver and union organiser Yaseen Aslam speaks to Computer Weekly about his legal battle with Uber and what the UK Supreme Court ruling means to workers in the gig economy Continue Reading

CW Innovation Awards: Fighting fake Covid-19 vaccines with blockchain

A blockchain-based system developed by Singapore-based Zuellig Pharma can help governments and healthcare providers weed out fake vaccines and manage vaccine distribution and administration Continue Reading

Security Think Tank: US security efforts may centre on collaboration

As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice heard Continue Reading

UK digital regulators set out plans to strengthen cooperation

Digital Regulation Cooperation Forum outlines plans for the coming year, marking a shift towards a more collaborative regulatory approach Continue Reading

Attack on surveillance cameras a warning over security, ethics

The attack on a video surveillance startup by a hacktivist group raises questions not just over cyber security, but the use and extent of surveillance technology Continue Reading

Top five threats to compliance during the pandemic

We survey the top five pandemic compliance threats – remote working, Covid tracking, criminal exploits, compliance measures slipping, and heightened enforcement to come Continue Reading

EBA restores services after Microsoft Exchange attack

European Banking Authority was breached through vulnerabilities in Microsoft Exchange Server, but is now back online Continue Reading

Nottinghamshire schools suspend online learning following cyber attack

Cyber attack on central trust that manages secondary schools in Nottinghamshire leaves them unable to access IT systems and deliver remote lessons Continue Reading

Singapore Airlines the latest victim of supply chain attack

A restricted set of data of over 580,000 frequent flyer members of Singapore Airlines was exposed in a supply chain attack against Sita’s passenger service system Continue Reading

Five ways that disaster recovery changes in a pandemic

Covid-19 has changed IT. Previously, working remotely was a business continuity measure, but now it is the norm. That means disaster recovery has to adapt to new risks and new ways to respond Continue Reading

UK contactless payment limit more than doubled

UK increases the amount that can be spent in one go using a contactless payments card to £100 Continue Reading

Veritas looks beyond NetBackup for growth in ASEAN

Veritas has seen increased demand for its availability tools as it looks to address backup and recovery requirements from cloud, database and VMware workloads Continue Reading

EU seeking pan-European Covid-19 passport solution

The European Union’s proposal could see the creation of a Covid-19 vaccine passport to enable travel across the EU Continue Reading

Digital secretary Dowden outlines UK post-Brexit data approach

The UK government is searching for a new information commissioner with an updated remit to use data to support growth and innovation, and plans on reaching new international data partnerships Continue Reading

GCHQ sets out rules of the road for AI in cyber

A paper produced by GCHQ shows how the intelligence agency can use artificial intelligence responsibly as a tool to protect the UK’s national security Continue Reading

Npower shuts off app after credential stuffing attack

Npower customers will have to log in to their accounts on its website after its app was withdrawn following a security breach Continue Reading

Transport for NSW hit by Accellion breach

Australian state agency Transport for New South Wales is the latest victim of the supply chain attack against Accellion’s legacy file transfer system Continue Reading

Vaccine passports prove an ethical minefield

Privacy campaigners warn that vaccine passports may turn out to be discriminatory and invasive, while technologists agree careful consideration must be given to their design Continue Reading

Is Clubhouse safe, and should CISOs stop its use?

With more concerns being raised over the privacy and security of social media app Clubhouse, we consider whether security teams should consider restricting or stopping employees from using it Continue Reading