Security policy and user awareness

ICO launches data security campaign for UK General Election

Information commissioner Elizabeth Denham launches campaign to remind the public of their rights when personal data is used for political purposes Continue Reading

Security Think Tank: Secure the cloud when negotiating contracts

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

Sumo Logic buys into cloud security software market

Jask’s cloud-native autonomous security operations software will be integrated into Sumo Logic’s intelligence platform Continue Reading

Insurability is the key to Cybermaturity

Most organisations are uninsurable. They spend large amounts on security products and services technology but they are not doing that which reduces the risk of a successful cyberattack, limits the ... Continue Reading

Security Think Tank: In the cloud, the buck stops with you

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

Banks let customers down with mixed approaches to security

Treasury Committee report recommends new measures to tackle financial fraud Continue Reading

What will succeed the National Cyber Security Strategy?

As the National Cyber Security Strategy nears the end of its working life, the government is considering what comes next, and is asking probing questions of its successes and failures Continue Reading

Security Think Tank: Embedding security in governance

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

Security puzzle calls for some joined-up thinking

The age of digitisation brings new risks to organisations, so security needs to be more integrated Continue Reading

Hack the Kop – the Reds are sitting ducks

Liverpool may be flying high at the top of the Premier League table right now, but when they get home after a hard-fought 90 minutes, their fans are the most likely to have had their personal data ... Continue Reading

Endpoint security is a procurement issue, says HP, IDC study

Report warns that buyers are falling at the first hurdle on security by not including it in their endpoint RFPs and tenders Continue Reading

Take responsibility for cyber security basics, urges NCSC CEO

At the launch of its third annual review, NCSC head Ciaran Martin appealed for individuals and businesses to address the fundamentals of cyber security hygiene to help lighten the load Continue Reading

Banks move to contain impact of Samsung biometric flaw

NatWest and Nationwide have moved to lock down their mobile banking apps after Samsung warned of a biometric security flaw on its Galaxy and Note S10 devices Continue Reading

Malware volumes decline, but risks are higher

More insidious and targeted strains of malware are going after high-quality targets, rather than a large volume of targets Continue Reading

Attacker hit VPN firm Avast through its VPN

Avast has published details of how attackers attempted to gain access to its network over a five month period Continue Reading

Secure Bacon Butties With Gherkin But No Gherkins

Had my first visit to The Gherkin recently at a “mini” Netevents security briefing in London. I can certainly recommend the brioche-bun bacon butties with a view of the London rain from the 38th ... Continue Reading

Over-30s tend to do better at cyber security than younger colleagues

Attitudes to workplace cyber security differ by age group, but not in the way one might imagine, according to a new study by NTT Security Continue Reading

Equifax lawsuit offers more evidence against passwords

Equifax’s internal security policies were a mess and directly led to one of the largest recorded data breaches in history, according to a lawsuit, demonstrating fundamental insecurities inherent in the use of passwords Continue Reading

Trend Micro buys cloud security firm to broaden offering

Acquisition of Cloud Conformity will address often overlooked cloud security fundamentals Continue Reading

Sodinokibi emerging as a diverse, multi-vector threat to businesses

McAfee shares insight into the Sodinokibi ransomware campaign gleaned from its network of honeypots Continue Reading

Huge rise in rogue banking apps driving fraud attacks

Fraud perpetrated through fake mobile apps purporting to be from legitimate banks has seen a statistically significant spike, says RSA Continue Reading

NHSX could transform NHS security capabilities

The health sector is increasingly confident that NHSX can deliver a streamlined, effective cyber security policy for the health service Continue Reading

Security Think Tank: Focus on metrics to manage risk

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading

Pitney Bowes ‘considering options’ after malware attack

Mailing and shipping services firm in recovery mode after key systems were encrypted by a malware attack Continue Reading

Security Think Tank: Embed security professionals in your risk strategy

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

Attackers hunt iPhone jailbreakers in click fraud campaign

Research by Cisco’s Talos threat intel unit has identified a new click fraud campaign targeting people looking to jailbreak their iPhone devices Continue Reading

Security Think Tank: Risk management must go beyond spreadsheets

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading

Security Think Tank: Consider risk holistically, not just from an IT angle

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading

McAfee’s push for secure cloud adoption

Organisations must do more to secure their cloud environments as malicious actors increasingly focus their attention on exploiting cloud vulnerabilities, says McAfee Continue Reading

Data management strategies are evolving – so must enterprises

A growing number of data-driven initiatives, alongside heightened demand for security in governance, data management and compliance, has led to the rise of a more holistic approach – integrated risk management Continue Reading

Small business guide: How to keep your organisation secure from fraudsters and hackers

Doing a few things well can keep your organisation protected from common cyber attacks and fraudsters Continue Reading

Security Think Tank: The operational approach to integrated risk management

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

Security Think Tank: Get basic security policy right, and the rest will follow

Paying attention to basic aspects of cyber security such as policy and permission will give you a sold base to build from Continue Reading

Security Think Tank: Risk is unavoidable in digital transformation

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

Local authorities hit by 800 cyber attacks every hour

Local authorities and councils in the UK have reported being hit by more than 263 million cyber attacks in the first six months of this year Continue Reading

New threat group behind Airbus cyber attacks, claim researchers

Context Information Security’s threat intel and response teams says it has evidence that the recent supply chain attacks on Airbus are the work of a newly identified group called Avivore Continue Reading

Nodersok malware campaign is infecting thousands, Microsoft warns

Thousands of Windows endpoints in the US and Europe have been infected by a new fileless malware campaign in the past few weeks Continue Reading

Five million DoorDash customers’ details lost in data breach

Takeaway delivery service was breached in May 2019, resulting in the data of millions of users and delivery drivers being stolen Continue Reading

GDPR compliance: Whose job is it and is it really possible?

Nobody seems to have a good handle on business GDPR compliance, how many businesses are compliant, or indeed what compliance really is, but according to security experts, it very much depends on who you talk to Continue Reading

Enterprises exposed to data loss by cloud configuration errors

Only 1% of misconfigured cloud environments are spotted and attackers are capitalising on this, claims McAfee Continue Reading

Google pushes back on scale of YouTube phishing threat

Millions of YouTubers may be at risk after some high-profile influencers reported their accounts were compromised in an apparent phishing attack, but the platform’s owner, Google, is not so sure Continue Reading

Universities tempting targets for cyber criminals, warns NCSC

As hundreds of thousands of students prepare for the new academic year, universities have been warned that they are at high risk of cyber attack Continue Reading

WannaCry variants accidentally protecting against WannaCry

New variants of the infamous WannaCry malware continue to emerge, and many of them have accidentally turned themselves into a somewhat effective, although ill-advised, vaccine against infection Continue Reading

Emotet phishing botnet returns from summer vacation

The Emotet phishing trojan-turned-botnet is back in action after a three-and-a-half month break, say threat researchers Continue Reading

Ecuador citizens’ data breach holds lessons for enterprises

What caused the mass breach of Ecuadorian citizens’ data, and what can businesses learn from it? Continue Reading

PSD2 security deadline extension is not a reason for further can kicking

The extension of a compliance deadline for PSD2 should not be a signal for banks to reduce preperations Continue Reading

Ensign InfoSecurity opens global headquarters in Singapore

The Singapore-based cyber security firm’s new headquarters will also be home to a new security operations centre that will be supported by Singapore-centric threat intelligence Continue Reading

European court to decide on legality of bulk phone and internet surveillance

The European Court of Justice will decide whether intelligence agencies across Europe can continue to lawfully collect the telephone and internet communications data of citizens, following a two-day hearing this week Continue Reading

A Cybercommunity Safety Partnership to address On-line Harms and Abuse

We need voluntary co-operation to join up cybercommunity safety across silo boundaries without waiting for governments, regulators and lobbyists Continue Reading

Nordic countries deepen collaboration with Estonia-based cyber security operation

Nordic countries are now working closer with Nato’s Estonia-based centre of excellence in cyber security Continue Reading

GDPR non-compliance worse than feared

Over half of UK businesses do not yet appear to be fully GDPR-compliant, and many have de-prioritised their compliance efforts Continue Reading

UK calls for cyber capacity-building at UN security group

The UK’s representative to a United Nations cyber security working group has called for increased investment in capacity around cyber security Continue Reading

Social engineering a factor in virtually all cyber attacks, report claims

Almost every single cyber attack will, at some stage, require a human to be tricked into doing something, according to research by Proofpoint Continue Reading

Australia government to chart 2020 cyber security strategy

Australia’s home affairs ministry has released a discussion paper to seek views from all segments of society on the country’s next cyber security blueprint Continue Reading

Singapore’s SecureAge eyes US market

The Singapore-based supplier of encryption and anti-malware tools has set up a new office in Greater Washington, DC as the next logical step in its global expansion plan Continue Reading

CISOs turn to AI, detection, response and education

Information security leaders are looking to artificial intelligence, better detection and response capabilities and user education in the face of cyber threats, but need more budget, a study shows Continue Reading

Social media and enterprise apps pose big security risks

The lack of security policies in many business applications is putting enterprise data at risk and social media apps are the biggest source of malware, a poll of IT professionals reveals Continue Reading

Towards a joined-up Cybersecurity Policy

It is not enough to have policies that satisfy the conflicting requirements of the EU and US for data protection, including notification to attract fraudsters to the victims of a breach, like ... Continue Reading

Finland’s security agencies collaborate after cyber attacks

National Bureau of Investigations and National Cyber Security Centre aim to increase expertise and capability to defend Finland’s critical IT infrastructure Continue Reading

Targeted cyber attacks, including ransomware, on the rise

Governments and healthcare institutions are prime targets of ransomware operators, a report shows Continue Reading

Mitigating social engineering attacks with MFA

The growing frequency of social engineering attacks highlights the increasing need for organisations to take steps to mitigate the effects of phishing Continue Reading

Most UK firms ignore security in tech investments

Less than a quarter of UK firms prioritise security when investing in new technology, despite the threat of cyber attacks and data protection regulations, a survey reveals Continue Reading

Kaspersky eyes enterprise business, opens APAC transparency hub

The security firm wants to engage with enterprises and use its newly launched Malaysian Transparency Centre to burnish its credentials Continue Reading

CW Nordics: Copenhagen woos tech startups

Copenhagen offers all the advantages startups need to get off the ground and many are setting up with the intention of staying there for the long haul. Also read how shipping giant Maersk is employing a cloud-first strategy to disrupt competition and build innovation, and why three Finnish banks are sharing a core IT platform. Continue Reading

Box aims to shield businesses from data loss threat

Box has introduced an add-in to its cloud-based collaboration platform to lock down and monitor access to files and folders Continue Reading

Malware still top security threat, say infosec pros

Malware remains the top security threat to organisations, with ransomware still considered to be the top malware threat and lack of budget the biggest obstacle to defence, a study shows Continue Reading

From Action Fraud to Action Plans

1 Action Fraud had an impossible task The Times undercover investigation at Action Fraud  has led to a rash of publicity, both tabloid  and professional . The only surprise is that it has taken so ... Continue Reading

Australia needs to get digital identity right

A top Ping Identity executive urges Australia to put more focus on digital identity management following the government’s efforts to lay the groundwork for an open banking regime Continue Reading

Most UK financial firms hit by cyber attack in the past year

The majority of UK financial companies are failing to prevent cyber security incidents, mainly because of employees failing to follow security policies and a lack of security budget, a survey reveals Continue Reading

DCMS funding aims to increase diversity in cyber sector

A funding round has been announced as part of the Cyber Skills Immediate Impact Fund (CSIIF) with aims of encouraging more diverse talent into the UK’s cyber security sector Continue Reading

Digital domain identified as major security threat by Norway’s intelligence service

Norway's intelligence services has revealed the extent of the threat posed to the country by cyber attacks Continue Reading

A new look at the Cybersecurity Skills Market

Hence the need to address the cyberskills for justice and deterrence , not just those for cyberwarfare, protection and surveillance. And the more widespread those skills, the more dangerous the ... Continue Reading

Australian firms grappling with “train-smash” of security legislation

While businesses should avoid going into checkbox compliance mode, the constant flux of regulations on cyber security and privacy has led to calls for more legislative coherence from regulators Continue Reading

86 million reasons to support No More Ransom

Anti-ransomware cross-industry initiative says it has prevented more than £86m in ransom payments as it marks its third anniversary, which coincides with a resurgence in ransomware in many parts of the world Continue Reading

F-Secure talks up threat-hunting to stay ahead of cyber attacks in APAC

Cyber security firm calls for organisations to double up on threat-hunting now that nearly all attack and reconnaissance traffic is automated Continue Reading

Zuckerberg responsible for Facebook privacy compliance after $5bn FTC fine

Facebook pays record fine after breaching users’ privacy, following settlements with Federal Trade Commission and Securities and Exchange Commission Continue Reading

How Apollo 11 influenced modern computing

In this week’s Computer Weekly, on the 50th anniversary of the Moon landings we look at the influence Apollo 11 had on modern hardware and software. Our latest buyer’s guide examines data protection. And we find out how retailers with physical stores are using technology to respond to the rise of online shopping. Read the issue now. Continue Reading

How IT pros are building resilience against email security threats

For most people, emails are an easy and harmless way to communicate in the workplace, but they could also be a security disaster waiting to happen Continue Reading

HID weighs in the glacial move towards digital ID

There are still concerns over data integrity, security and privacy of digital identities, but the convenience of the technology outweighs the risks, says a HID expert Continue Reading

CW ASEAN: Trend Watch – Security

Artificial intelligence tools are becoming a vital part of the security arsenal for organizations and cyber criminals alike. In this handbook, Computer Weekly looks at how ASEAN firms are using AI to combat cyber threats and experts discuss the latest smart cyber security tools. Continue Reading

CW ANZ: Trend Watch – Security

With regulations pushing data protection up the business agenda, we look at how Australia’s Notifiable Data Breaches scheme has been received and consider why a survey that found Australian firms are experiencing fewer cyber breach incidents appears to conflict with anecdotal evidence that suggests the opposite. Continue Reading

UK poor cyber security practice undermining controls

UK firms investing in the latest cyber security products and services risk this being undermined by poor security practices, a survey reveals Continue Reading

Lateral phishing used to attack organisations on global scale

Lateral phishing is a growing type of account takeover that has enabled attackers to target more than 100,000 people by hijacking just 154 email accounts Continue Reading

Digital safety skills initiative launched against cyber crime

Security industry partners have launched an initiative aimed at raising individuals’ digital safety skills to enable them to protect themselves and their families from most common cyber attacks Continue Reading

Organisations turn to AI in race against cyber attackers

Businesses are racing to automate their defences as hackers and nation states launch increasingly sophisticated cyber attacks Continue Reading

UK boards ignoring £30bn cyber risk

Despite the danger posed by cyber attacks to mid-sized companies, boards are not prepared to manage the risk and firms are over-confident in their cyber capabilities, report finds Continue Reading

Podcast: The Computer Weekly Downtime Upload – Episode 22

In this week’s episode of the Computer Weekly Downtime Upload podcast, Brian McKenna, Caroline Donnelly and Clare McDonald talk about digital transformation in the NHS, Sky’s efforts to get more women working in tech and how big businesses could be risking extinction by ignoring IT Continue Reading

Symantec gearing up for future cyber security

Symantec is focusing on enabling businesses to secure data in the cloud after a string of acquisitions, but it also has its eye on the future, which will be all about empowering people, says CTO Hugh Thompson Continue Reading

Facebook’s privacy game – how Zuckerberg backtracked on promises to protect personal data

Facebook promised its users privacy then quietly abandoned its promises in pursuit of profits. Now it faces antitrust regulation Continue Reading

TIN coalition calls for industry action against cyber fraud

An industry group aimed at improving cyber security by tackling enduring challenges has called for collaboration in the fight against cyber fraud Continue Reading

Hospitality industry at highest risk of phishing

Benchmarking report shows average phish-prone percentage across all industries and sizes of organisations at 29.6% – up 2.6% since 2018 Continue Reading

Security Think Tank: Business needs to see infosec pros as trusted advisers

How can security professionals communicate effectively with the board and senior business leaders – what works and what doesn’t? Continue Reading

Inside F5’s cyber security playbook

F5 Networks' CISO talks up measures that the application delivery and security specialist is employing to fend off cyber attackers that come knocking on its doors Continue Reading

UK firms need to address risky user habits

McAfee calls for companies to ramp up their security culture and improve the integration of technical security controls to minimise exposure from workers Continue Reading

Threat vs trust: the overlooked power of words

Words have power – in particular, your choice of words modifies how your readers or listeners react to what you write or say. Politicians do this sort of thing all the time, swapping one word or ... Continue Reading

Joining the dots to deliver effective cyber security

In too many organisations, cyber security is dislocated and siloed. Security chiefs need to take a more joined-up approach, but that is likely to mean a rethink of how the security team operates Continue Reading

Making threat intelligence greater than the sum of its parts

Organisations can become more secure if they join up their varied sources of intelligence about business threats, and avoid losing valuable information within individual silos Continue Reading

Businesses investing blindly in cyber security

Businesses need to find out what their real cyber risks and weaknesses are before investing in new technologies, says ethical hacker Continue Reading

Passing the baton on Cybersecurity Skills

This year will be the first time I visit Infosec with no agenda. Or to be more precise I will have a Community Safety rather than a Cybersecurity Skills Agenda. This has caused me to take a cool ... Continue Reading

IT in the Tory Candidates' Manifestos

I added a comment on Dominic Rabb's inclusion of degree apprenticeships in his call for Fairness and Choice to my recent blog on the IfA apprenticeship review.  In his opening campaign letter Rory ... Continue Reading