Security policy and user awareness

Privileged access management moving to cloud

Survey shows nearly half of information security professionals are either planning to move privileged access management to the cloud or are exploring the possibility Continue Reading

AWS to power Australia’s 2021 online census

PwC Australia, one of two firms appointed by the government to run the next Census, will build and operate an online form and a website on Amazon Web Services Continue Reading

Why IT departments miss basic IT security hygiene

IT departments are failing to patch security holes in software because of a disconnect between security and operations teams, survey finds Continue Reading

Nearly half of UK IT pros report serious data breaches

Integration of security systems and employee training recognised as key ways to reduce the growing severity of data breaches Continue Reading

Australians lost half a billion dollars to scams in 2018

Most of the losses went to investment scams as tricksters found innovative ways to dupe victims into parting with their money Continue Reading

GDPR cases drive bigger budgets for Nordic regulators

High-profile General Data Protection Regulation cases in Finland and Sweden have increased the workload for regulators, which are to receive an increase in funding Continue Reading

NCSC urges better online security practices

UK cyber security agency is urging citizens to improve online safety and password security after research reveals most-hacked passwords and a survey exposes gaps in online security Continue Reading

Facebook leaks: Zuckerberg turned data into dollars in ruthless battle with competitors

Facebook’s CEO ruthlessly exploited personal data shared by its users to turn Facebook into the biggest social network, but internal documents show that privacy appeared to be an afterthought for executives Continue Reading

How Palo Alto Networks fends off its cyber adversaries

Palo Alto Networks CIO Naveen Zutshi talks up the company’s approach in keeping threat actors at bay Continue Reading

Why cyber security needs to be prioritised at board level

Despite the rising number of headline-grabbing security breaches, many company executives are still not prioritising cyber security in the boardroom Continue Reading

UK plans for online safety laws not enough, says BCS

Government plans for online safety laws need to be complemented with a national cyber safety programme in schools, according to IT and computer science professional and educational body Continue Reading

London council fined by the ICO for disclosing personal information held on Met Police Gangs Matrix

The London Borough of Newham has been fined for disclosing the sensitive personal information of more than 200 individuals that police held information on Continue Reading

Document-based malware on the rise, businesses warned

Document-based malware spiked in the first quarter of the year, building on a gradual rise in the past year, warn researchers Continue Reading

Singapore government to review data security in public sector

A high-level committee comprising ministers and private sector security experts will review data security practices and recommend measures to better protect citizens’ data Continue Reading

Firms urged to gear up for new malware and tactics as threats proliferate

The volume of malware attacks reached a record level in 2018, with UK and India bucking global trend of increased ransomware attacks, a study shows Continue Reading

UK police should not deploy live facial recognition technology until issues are resolved, MPs told

The Science and Technology Committee has heard from the information and biometrics commissioners about the flawed use of live facial recognition technology by UK police Continue Reading

Spike in cyber attacks targeting Cisco Webex

Cyber attacks targeting a leading web conference tool have increased dramatically and sextortion is becoming more popular with attackers, according to WatchGuard Technologies Continue Reading

Firms urged to protect against spear phishing

Spear phishing attacks are sophisticated, targeted, costly and increasing in popularity among cyber attackers, a report warns Continue Reading

National Cyber Security Programme at risk of missing targets

The National Audit Office has sharply criticised the Cabinet Office over failings in how it set up the National Cyber Security Programme that mean it may struggle to meet its goals Continue Reading

Almost half UK firms hit by phishing attacks

Almost half of UK organisations have been compromised in the past two years using phishing attacks, despite high levels of cyber awareness and training, research shows Continue Reading

Security Think Tank: Is it true you can't manage what you don't measure?

What should be the key cyber security risk indicator for any business? Continue Reading

Citrix breach once again highlights password weaknesses

A reported breach of Citrix, which has potentially exposed data at hundreds of thousands of customer organisations, has once again highlighted the need for an alternative to passwords and the importance of supply chain security Continue Reading

Cyber espionage group behind SingHealth attack

A cyber espionage group dubbed Whitefly has been identified as the perpetrators behind Singapore’s largest data breach to date Continue Reading

Supplier consolidation tops infosec goals for 2019

Supplier consolidation, collaboration between networking and security teams, and security awareness are the top priorities for information security professionals trying to prepare for the unknown, annual benchmark study shows Continue Reading

Sextortion accounts for one in 10 spear-phishing emails

Email sextortion scams have increased in frequency and scope in the past four months, as well as evolving to bypass spam filters and trick recipients into reading the messages, research shows Continue Reading

Cyber criminals earn $3bn a year exploiting social platforms

Businesses urged to respond to research findings that the ready availability of hacking tools, wildfire spread of malware and proliferation of cryptocurrency mining has seen a 300-fold increase in social media-enabled cyber crimes in two years Continue Reading

Facebook planned to spy on Android phone users, internal emails reveal

Facebook planned to use its Android app to track the location of its customers and to allow advertisers to send political advertising and invites to dating sites to ‘single’ people, confidential documents show Continue Reading

Finding security in the cloud

When choosing a cloud security provider, enterprises will need to consider the level of data privacy and data security risk involved Continue Reading

Fit for whose purpose? Submit your views on the Initial National Cybersecurity Skills Strategy

The meeting illustrated the difficulty of the task the DCMS team will have reconciling the need of MoD and GCHQ for patriotic cyberwarriors and the need of the rest of us for the skills to protect ... Continue Reading

Telegram bot gets users hooked

Popular social media service provides a rich set of features for cyber criminals, RSA warns Continue Reading

APAC healthcare providers losing $23m to cyber attacks

Healthcare organisations in the Asia-Pacific region could lose an average of $23.3m to cyber attacks, including losses from productivity and customer churn, a study finds Continue Reading

A guide to choosing cloud-based security services

Cloud-based security services can help organisations with a growing cloud footprint to reduce cost and address the manpower crunch in cyber security Continue Reading

Data breaches in Australia show no sign of abating

Australia’s privacy watchdog recorded over 800 cases of data breaches, nearly one year into the country’s mandatory data breach notification regime Continue Reading

New stolen credentials cache puts spotlight on authentication

The discovery of billions more stolen usernames and passwords in Collections #2 to #5 have prompted fresh calls for the implementation of better authentication methods across industry Continue Reading

YouTuber impersonation scam not new, say researchers

Scam that tricked users into clicking on phishing links has affected tens of thousands of victims and has been active for several years, say security researchers Continue Reading

Personal records of HIV-positive individuals in Singapore leaked online

The personal information of 14,200 people with the human immunodeficiency virus was leaked by an American who lived in Singapore Continue Reading

Budding UK cyber strategists gear up for national competition 

Teams of UK university students are preparing to compete for the second time in analysing the threat of a simulated cyber attack to develop policies and strategies Continue Reading

Young Dutch cyber criminals get re-education rather than jail time

Young hackers in the Netherlands are being rehabilitated through punishments that educate rather than incarcerate Continue Reading

New Zealand faces more state-sponsored attacks

Nearly four in 10 cyber security incidents recorded by the National Cyber Security Centre were the work of state-sponsored threat actors Continue Reading

Davos: World leaders need to grasp future technological risks

Technological advancement is both a benefit and risk to society, but often the risks are not identified until they are exploited Continue Reading

Security Think Tank: Walk before you run

How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network? Continue Reading

The rise of DevSecOps

The increasing complexity of security threats facing enterprises is leading to DevSecOps approaches, which combine operations and development with security, so that all business units are involved in security operations Continue Reading

AI application overlooked in cyber security research

Despite the proliferation of cyber security products and services claiming to be driven by artificial intelligence, the application of the technology is being overlooked by research, a study shows Continue Reading

UK Finance plays down fraud threat through contactless card skimming

Contactless card fraud is rising bit it is easily preventable Continue Reading

Germany races to boost cyber defences after breach

Germany is scrambling to improve its cyber defences before the European parliamentary elections after a student leaked politicians’ personal data Continue Reading

2FA bypass tool highlights top business security vulnerabilities

CEOs are the most likely target of two-factor authentication phishing bypasses, demonstrated by a security researcher’s proof-of-concept attack Continue Reading

Second Lorca cohort to focus on supply chain security

The second cohort of companies to benefit from the new London cyber innovation centre will focus on user-centric security and securing supply chains Continue Reading

Can we live without passwords?

Can you imagine a future in which we can be secure online without having to remember an unwieldly list of passwords? Solutions are emerging that could make passwords redundant, but there will be other security problems to resolve Continue Reading

Top 10 cyber crime stories of 2018

Here are Computer Weekly’s top 10 cyber crime stories of 2018 Continue Reading

APAC cyber security landscape to be more tumultuous in 2019

Amid growing cyber threats, the Asia-Pacific cyber security landscape will not get any rosier in 2019 unless organisations start shoring up their cyber hygiene Continue Reading

Iranian cyber espionage highlights human element

State-backed hackers in Iran have reportedly upped efforts to compromise US officials’ email accounts using phishing scams Continue Reading

Social engineering at the heart of critical infrastructure attack

Social engineering is the core technique used in a series of cyber attacks targeting government, defence, nuclear, energy and financial organisations around the world, which means people are key to defence Continue Reading

Half of business leaders unaware of BPC cyber attacks

Half of management teams polled in 12 countries, including the UK, are unaware of business process compromise (BPC) attacks Continue Reading

Raising security awareness through phishing simulation – how to get it right

Testing employees’ security practices by sending fake phishing emails has become commonplace, but few organisations are conducting such exercises effectively Continue Reading

Phishing at centre of cyber attack on Ukraine infrastructure

Phishing is one of the key tools used by cyber attackers against critical national infrastructure (CNI), as highlighted by attacks on telecommunications in Ukraine Continue Reading

The future of network-connected device security

The proliferation of poorly secured network-connected devices has prompted the UK government to publish new best practice guidelines. Do these go far enough? Continue Reading

Security Think Tank: Combine tech, process and people to block malware comms

As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including "sleepers" designed to be activated at a future date. Continue Reading

120,000 police officers to receive cyber security training

Cisco is partnering with UK police forces to offer cyber security training through the Cisco Networking Academy Continue Reading

GDPR is encouraging UK IT directors to pay cyber ransoms

As predicted ahead of the General Data Protection Regulation enforcement deadline, research shows that fear of fines under the new laws is making some firms more likely to pay cyber ransoms Continue Reading

Securing the SD-WAN: The next network challenge

Every time an enterprise weighs up whether or not to try SD-WAN, security is an essential part of the picture Continue Reading

Keep people at the centre of risk management, says consultant

In assessing the cyber risks to a business, security professionals should start with the people in an organisation and keep them at the centre in identifying and mitigating risk, says consultant Continue Reading

DeepMind won’t share patient data with Google ‘at this stage’, says company’s health boss

Amid concerns and questions around Google’s takeover of the DeepMind’s Streams app, Dominic King, the company’s health lead, promises that ‘at this stage’, nothing will change, and it won’t share any patient data with the internet giant Continue Reading

Making the UK the safest place to live and work online

Government, industry and individuals all have to play their part in enhancing cyber security practices Continue Reading

Facebook to appeal EU-US data transfer ruling in Irish Supreme Court

Facebook will appeal a decision by the Irish High Court to refer questions over the legality of EU-US data transfers to the European Court of Justice in January, as the Dublin court rejects attempt by a UK IT expert to join the case Continue Reading

Security Think Tank: A three-pronged approach to application security

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

DNS attacks cost finance firms millions of pounds a year

Average cost of recovering from a single DNS attack is $924,390 for a large financial services company, survey shows Continue Reading

Belgian startup makes a game of creating secure software code

A global tech startup has placed its research and development centre in Belgium, taking advantage of regional financial support as well as cooperations with local educational organisations Continue Reading

Choose security tools wisely to gain upper hand

The cyber threat landscape is continually changing, but staying abreast of attacker and defender innovation can help business leaders gain the upper hand, says KuppingerCole Continue Reading

Sibos 2018: ‘Black swan’ cyber event is inevitable

With security experts and bankers expecting a 9/11-style cyber event, deeper collaboration between companies and governments is necessary to identify emerging threats before they occur Continue Reading

Centralised identity risky and not web 3.0 friendly, says entrepreneur

User controlled identity is less risky than centralised identity and essential for the next evolution of the web, according to an entrepreneur and evangelist of self-sovereign identity and blockchain technologies Continue Reading

McAfee CTO raises concerns about election cyber security

The security industry needs to look at the security of election processes around the world as well as the security of voting and counting machines, says McAfee CTO Continue Reading

Removable storage devices: Why are companies banning them?

IBM banned removable storage devices to encourage employees to use the company's internal file-sharing system. Learn how a ban like this can improve enterprise security. Continue Reading

Learn lessons from attacks, says McAfee investigations chief

Organisations should use every cyber attack as an opportunity to learn, identify weaknesses and improve security posture, according to McAfee’s head of cyber investigations Continue Reading

Best of VMworld Europe 2018 Awards nominations now open until 26 October

Read the criteria for the Best of VMworld Europe User Awards and find out how to submit your nomination Continue Reading

Zero-trust security model gaining traction

The zero-trust model of security is finally gaining traction as security professionals tap into new tools and executive buy-in to support this approach in an effort to improve security posture and practices Continue Reading

UK faces 10 cyber attacks a week as hostile states step up hacking, says NCSC

The UK’s National Cyber Security Centre has thwarted more than 1,600 attacks over the past two years – many by hostile nation states Continue Reading

IoT firms sign up to UK security code of practice

Internet of things technology firms have begun signing up to a UK code of practice to strengthen the security of internet-connected devices. The code is expected to form the basis of an international standard Continue Reading

Some 10% of user-reported emails malicious

On average, 1 in 10 user-reported emails is identified as malicious, and more than half can be tied to credential phishing, a Cofense report reveals Continue Reading

AI is no silver bullet for cyber security

A security expert has called for businesses to manage the risks of adopting new technologies and improve their cyber hygiene, rather than see artificial intelligence as a panacea for their security woes Continue Reading

Crypto-mining malware poses as Flash updates

Cryptocurrency mining malware is posing as Flash updates that appear to be legitimate, Palo Alto Networks security researchers warn Continue Reading

MEPs urge Facebook to roll out election fraud prevention measures

Facebook is coming under pressure from European lawmakers to do more to prevent its user data from being misappropriated during elections Continue Reading

Detail of Dutch reaction to Russian cyber attack made public deliberately

Four Russian intelligence officials were expelled from the Netherlands after an attempted hack on the global chemical weapons watchdog. The Dutch government has been open about the detail Continue Reading

Bug bounties not a silver bullet, Katie Moussouris warns

Targeted bug bounties have a role to play in cyber security, but they are not a "silver bullet", and run the risk of wiping out talent pipelines if poorly implemented, warns bug bounty pioneer Continue Reading

NCSC head says attribution of GRU attacks important

The head of the UK’s National Cyber Security Centre has described the attribution of a wave of cyber attacks to Russia’s military intelligence service as “historically important” at a conference in Poland Continue Reading

NCSC head calls for technocratic partnership to fix cyber risks

The UK’s National Cyber Security Centre is appealing for collaboration with the technology industry to remedy key vulnerabilities in current IT Continue Reading

ICO hits Heathrow Airport with £120,000 data breach fine over lost USB stick

Information Commissioner’s Office fines airport after a member of the public came across a USB stick containing sensitive personal information about airport staff Continue Reading

Google Safety Center goes live in the UK

Google says its commitment to transparency is as strong as ever as its new Safety Center goes live in the UK to help keep businesses and consumers safe online Continue Reading

Security Think Tank: C-suite needs to drive outcomes-based security

What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome? Continue Reading

Security Serious Unsung Heroes announced

Awards celebrate the people of the cyber security industry on the front lines of organisations battling cyber threats Continue Reading

Security Think Tank: Use Cyber Essentials to kick-start outcomes-based security

What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome? Continue Reading

Companies failing to recognise the internal cyber threat

The focus at many companies is on external cyber threats, and internal threats are being overlooked as a consequence, a researcher warns Continue Reading

Everyone, everywhere is responsible for IIoT cyber security

Cyber security in the industrial internet of things is not limited to a single company, industry or region – it is an international threat to public safety, and can only be addressed through collaboration that extends beyond borders and competitive interests Continue Reading

NHS Digital hires chief information security officer

Robert Coles will lead the health and care sector’s response to cyber attacks and help local organisations meet the government’s cyber security standards Continue Reading

Europol cyber crime report highlights emerging threats to enterprise security

Research highlights increase in sophistication of ransomware attacks, while revealing details of new and emerging threats to enterprises Continue Reading

Cutting through the blockchain hype

Blockchain adoption is still in its infancy, with security challenges standing in the way of more widespread deployment, according to a blockchain expert Continue Reading

Security Think Tank: Supplement security with an MSSP to raise the bar

What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

Two-thirds of emails not clean, says research

Two-thirds of emails don't make it to the inbox because security systems consider them unsafe, according to research Continue Reading

Higher education sector's poor response to cyber threats laid bare in EfficientIP report

The 2018 EfficientIP Global DNS Report shines a light on how ill-prepared the higher education sector is for handling cyber threats Continue Reading

Cyber criminals outspend businesses in cyber security battle

Cybercriminals are flexing their financial might and UK organisations are facing more attacks as a result Continue Reading

Ransomware down, but not out, report reveals

Cryptojacking has taken over from ransomware as the top money spinner for cyber criminals, but the threat is not over and spam is also seeing a resurgence as an attack method, a report reveals Continue Reading