Security policy and user awareness

Most small businesses fail to act after a cyber attack  

Nearly half of small businesses have suffered at least one cyber attack in the past year, yet most fail to take action afterwards, citing lack of budget at the biggest challenge Continue Reading

By

• Warwick Ashford, Senior analyst

Singapore remains hotbed for cyber threats

Singapore was a victim of advanced persistent threats, phishing and website defacements in 2017, according to the latest threat landscape report by the Cyber Security Agency Continue Reading

By

• Aaron Tan, Informa TechTarget

Surface web used in private data sales

The surface web plays an integral role in the selling of personal information, a report on identify fraud has revealed Continue Reading

By

• Warwick Ashford, Senior analyst

Email-based cyber attacks gathering momentum

Email-based cyber attacks are gathering momentum and the cost of these attacks are rising, with several hidden costs, a survey of IT professionals in Europe, Middle East and Africa reveals Continue Reading

By

• Warwick Ashford, Senior analyst

APAC remains a hotbed for software piracy

The Asia-Pacific region is still seeing the highest use of unlicensed software installations globally, making enterprises more susceptible to cyber attacks from malware Continue Reading

By

• Kimberly Chua

Parliamentary computers at risk after staff targeted by phone phishing

Police are investigating phone phishing attacks targeted against Parliament. Staff warned not to disclose details of their computers to fraudulent callers. Continue Reading

By

• Bill Goodwin, Computer Weekly

Cyber security focus too much on tech, says Domino’s CISO

Many organisations are still focusing only on technology and compliance, which means their cyber defences are not as solid as they think, according to Domino’s Pizza chief information security officer Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Data controllers are essential in modern business environment

Why is it important to know where data flows, with whom it's shared and where it lives at rest, and what is the best way of achieving this? Continue Reading

By

• Petra Wenham

Security Think Tank: Data governance is good for business and security

Why is it important to know where data flows, with whom it's shared and where it lives at rest, and what is the best way of achieving this? Continue Reading

By

• Maxine Holt, Omdia

GDPR puts people first, says ICO

The day of 25 May 2018 marks the biggest change to UK data protection law in a generation, with benefits for businesses and consumers, according to the UK privacy watchdog Continue Reading

By

• Warwick Ashford, Senior analyst

Pen testers find weaknesses in banks’ cyber security

Humans are the biggest weakness in banks’ cyber defences, but there are several others that also need attention, penetration testers have revealed Continue Reading

By

• Warwick Ashford, Senior analyst

BSI launches kitemark for internet of things devices

The British Standards Institution has launched a new kitemark for IoT devices, designed to improve consumer trust in the technology Continue Reading

By

• Alex Scroxton, Security Editor

IoT and personal devices pose huge security risk to enterprises

After years of speculation about the risk IoT and personal devices pose to enterprise security, research has revealed the threat is “immense” and probably greater than most firms realise Continue Reading

By

• Warwick Ashford, Senior analyst

Police Scotland did not inform public of mobile phone searches

Members of the Scottish Parliament heard that Police Scotland did not conduct impact assessments or give explanations to the public when they were accessing private data on their mobile phones Continue Reading

By

• Bill Goodwin, Computer Weekly

Hacking the internet of things just got easier – it’s time to look at your security

Are you taking security for internet-connected devices seriously enough? Continue Reading

By

• Dan Mosca, PA Consulting

Security Think Tank: Five tips for killing the campers on your network

Why is reducing cyber attacker dwell time important and how should this be tackled? Continue Reading

By

• Adrian Davis, (ISC)²

Twitter password security bug underlines need for industry change

Twitter has revealed that a bug in its systems resulted in some passwords being stored in a log in clear text, underlining the need for alternative authentication methods, say industry commentators Continue Reading

By

• Warwick Ashford, Senior analyst

City Police use Lego simulation to teach businesses cyber security

City of London Police are offering to train business leaders and IT security in cyber security using a Lego simulation that is surprisingly close to real life Continue Reading

By

• Bill Goodwin, Computer Weekly

Redscan warns of GDPR phishing scams

Cyber criminals are using fake GDPR-related privacy notices to trick recipients into disclosing personal data and spread malware, a security firm warns Continue Reading

By

• Warwick Ashford, Senior analyst

Security industry welcomes City of London Police cyber initiative

The security industry has welcomed plans to fight cyber crime in the heart of London using a community-based approach, but says more investment in cyber security skills is required Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Reducing cyber attacker dwell time is critical

Why is reducing cyber attacker dwell time important, and how should it be tackled? Continue Reading

By

• Simon Persin, Turnkey Consulting

Password practices still poor despite increased threats

Despite growing cyber threats and heightened global awareness of hacking and data breaches, password behaviours remain poor and UK users are in denial, a study has revealed Continue Reading

By

• Warwick Ashford, Senior analyst

Conquer the end-user productivity balancing act

Keeping users productive is one of the most critical jobs IT pros have. But there are some hurdles to jump, including understanding the risks with collaboration tools. Continue Reading

By

• Gary Olsen

Government urges UK businesses to beef up cyber crime defences

Government is urging UK organisations to defend against cyber crime, as newly released figures show that large numbers of businesses and charities suffered at least one cyber attack in the past year Continue Reading

By

• Warwick Ashford, Senior analyst

Employees still in the dark about data protection

With just a month to go before the GDPR compliance deadline, many employees still don’t know how to protect confidential data, a study shows Continue Reading

By

• Warwick Ashford, Senior analyst

Cyber fraud costs SMEs more than £1,000 per case

Just over half of IT and telecoms SMEs are targeted by fraudsters, with each case of cyber fraud costing more than £1,000, study reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Nearly half of UK manufacturers hit by cyber attacks

Nearly half of UK manufacturers have been hit by a cyber security incident, according to a report by an industry organisation, which calls for greater government focus on the specific security needs of the sector Continue Reading

By

• Warwick Ashford, Senior analyst

No business safe from cyber attack, says KPMG

Businesses that operate online should be working to ensure operational resilience, while the financial sector should focus more on collaboration, says professional services firm KPMG Continue Reading

By

• Warwick Ashford, Senior analyst

Data protection is a business issue, says IAPP

Data privacy is a rapidly maturing profession as organisations around the world increasingly see data protection as a business issue, according to an industry association Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Use good practice to address cryptojacking risk

How can organisations best defend against cryptojacking? Continue Reading

By

• Simon Persin, Turnkey Consulting

UK identity fraud reaches record level

The level of identity fraud has reached its highest level to date, a UK fraud report shows Continue Reading

By

• Warwick Ashford, Senior analyst

Top tech firms take cyber security pledge

Top tech firms have committed to protecting customers worldwide from cyber attacks and prevent the misuse of their technology Continue Reading

By

• Warwick Ashford, Senior analyst

Australian healthcare services most hit by data breaches

Nearly a quarter of data breaches reported under Australia’s new mandatory data breach regime took place in the healthcare sector Continue Reading

By

• Beverley Head

Cyber security a shared responsibility, says Amber Rudd

The UK home secretary has emphasised that cyber security is a shared responsibility and committed to promote EU cyber cooperation post-Brexit at the National Cyber Security Centre’s conference in Manchester Continue Reading

By

• Warwick Ashford, Senior analyst

Government to set up £13.5m cyber security centre

Located at the 2012 Olympic Park, the London Cyber Innovation Centre could create up to 2,000 jobs in cyber security Continue Reading

By

• Alex Scroxton, Security Editor

NSA calls for cyber security community collaboration

A US National Security Agency (NSA) representative has called for cyber security community collaboration at the National Cyber Security Centre’s conference in Manchester Continue Reading

By

• Warwick Ashford, Senior analyst

Mobile phishing a growing threat, warns report

Phishing on mobile devices is a growing threat to business as attacks move beyond email to text messages and apps Continue Reading

By

• Warwick Ashford, Senior analyst

Cyber criminals earn up to $2m a year, study shows

Academic study reveals just how lucrative cyber crime can be, with top-level cyber criminals out-earning government leaders and university graduates Continue Reading

By

• Warwick Ashford, Senior analyst

Security of big data fashions a whole new look with GDPR

As data managers scramble to protect their precious lakes of washed and unwashed data from the evils of hacking, malware, ransomware and botnets, there comes a privacy regulation of European Union origin that could change the way many U.S. companies protect their data from inside and outside forces. For some U.S. companies doing business in Europe and preparing for compliance, the EU's General Data Protection Regulation could be a well-intended enforcer of better data governance practices. But for businesses forced to change their old data protection habits, GDPR can be a four-letter word.

The April issue of Business Information opens with our editor's note and historical insights into the fundamental differences in attitude between the U.S. and Europe when it comes to protecting the data privacy of customers. As data breaches mount, however, the U.S. government -- willing or not -- may have to take steps beyond current regulations to ensure companies increase their security of big data.

Along those lines, our cover story examines some GDPR rules that can directly impact U.S. companies doing business overseas and, in the process, their data governance and ethics procedures. With the noted lack of maturity in data governance and security tools, we see in another feature how IT teams are addressing data security issues upfront in do-it-yourself ways when deploying big data systems.

Also in this issue, a GDPR compliance expert advises data managers on the best ways to prepare for a regulation that puts more control of information in the hands of users, the internet of things and edge computing could be compromising the security of big data and surveys show that companies place data protection among the top reasons for escalating their security spending.

 Continue Reading

GDPR requirements put focus on data ethics, governance

The General Data Protection Regulation makes privacy paramount and reinforces the practice of good data governance. Will a new focus on data ethics be an important side effect? Continue Reading

By

• Jack Vaughan

U.S. data protection laws fall short in the age of big data

Data breaches and a history of data abuse led the EU to adopt GDPR, but it might take massive scale data security crises for the U.S. to legislate similar data protection laws. Continue Reading

By

• Bridget Botelho, Editorial Director, News

Security Think Tank: Cryptojacking can be costly

How can organisations best defend against cryptojacking? Continue Reading

By

• Emma Bickerstaffe, Information Security Forum (ISF)

Security Think Tank: Six tips for securing your organisation against cryptojacking

How can organisations best defend against cryptojacking? Continue Reading

By

• Adrian Davis, (ISC)²

Why businesses must think like criminals to protect their data

Cyber criminals use three main methods of operation to steal commercial data. Understanding their mindset can help organisations put the right defences in place Continue Reading

By

• Andy Barratt, Coalfire

Retail sector top cyber attack target

The retail sector was the top cyber attack target in 2017, as cyber attacks evolved to become more organised and structured, a report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: User vigilance key to cryptojacking defence

How can organisations best defend against cryptojacking? Continue Reading

By

• Tim Holman, 2-sec

Lawyers more influential than IT staff in cloud deployments

Traditionally considered risk-adverse, lawyers are twice as more influential than in-house technology staff about cloud, research finds Continue Reading

By

• Aaron Tan, Informa TechTarget

Europol operation nabs another 20 cyber criminals

Police have arrested 20 cyber criminals in connection with a €1m fraud operation across Italy and Romania Continue Reading

By

• Warwick Ashford, Senior analyst

Most airports not protected from cyber threats

The chairman of the Israel Airports Authority paints a dismal picture of the state of cyber security in aviation, and offers advice on what can be done to avert the next disaster Continue Reading

By

• Aaron Tan, Informa TechTarget

Majority of European firms unprepared for phishing attacks

Most cyber attacks can be traced back to a phishing email, but more than half of European firms are unprepared to deal with email-based attacks, research has revealed Continue Reading

By

• Warwick Ashford, Senior analyst

Facebook announces more privacy control updates

Social media giant updates privacy settings and tools in response to the unfolding controversy over Cambridge Analytica’s use of Facebook data for political campaigns Continue Reading

By

• Warwick Ashford, Senior analyst

Dutch SMEs’ cyber security is insufficient

Nowhere in the Netherlands is digitisation as big as it is in small and medium-sized enterprises, but the sector still has a lot to do in terms of cyber security Continue Reading

By

• Kim Loohuis

Businesses lack cyber security confidence after majority were breached in past year

Most businesses were hit by a data breach in the past year, yet less than half are confident they would detect a breach, a survey shows Continue Reading

By

• Warwick Ashford, Senior analyst

Think tank reports lifts lid on police cyber crime training

UK think tank Parliament Street has lifted the lid on spending by police forces on training staff to deal with cyber crime and recommended greater collaboration in this regard Continue Reading

By

• Warwick Ashford, Senior analyst

CW ASEAN: Time to boost cyber defences

With a relatively young and tech-savvy population, ASEAN has been at the forefront of technology adoption. Yet, this has exposed its people and businesses to more cyber threats, including the massive data leak in Malaysia in 2017. In this month’s issue of CW ASEAN, we take a closer look at ASEAN’s patchy cyber security landscape, including varying levels of cyber resilience across the region, cyber security strategies adopted by different countries, as well as efforts to improve cyber capabilities and foster greater collaboration in the common fight against cyber threats. Download the issue now. Continue Reading

CW ANZ: Report data break-ins – it’s the law

Cyber security is an increasingly global endeavour, with threat actors who know no boundaries unleashing attacks from nearly anywhere in the world. In this month’s issue of CW ANZ, we look at how Australia’s mandatory data breach notification law underscores recent efforts to lift its cyber security game, both locally and internationally. Download the issue now. Continue Reading

Security Think Tank: Fileless malware not totally undetectable

What should organisations do at the very least to ensure business computers are protected from fileless malware? Continue Reading

By

• Greg Temm

Government ‘unlawfully delegated’ bulk data powers to GCHQ, court hears

Privacy International urges Britain’s most secret court, the Investigatory Powers Tribunal, to rule that the government illegally collected surveillance data from internet and phone companies until at least September 2017 Continue Reading

By

• Bill Goodwin, Computer Weekly

Security Think Tank: Human, procedural and technical response to fileless malware

What should organisations do at the very least to ensure business computers are protected from fileless malware? Continue Reading

By

• Mike Gillespie

UK government criticised over lack of GDPR explanation

Most IT decision makers in the UK are critical of the government for failing to educate organisations about the GDPR and its implications, and few have a clear understanding of it, a survey shows Continue Reading

By

• Warwick Ashford, Senior analyst

Security researchers demonstrate ransomware attack on robots

Researchers have carried out a ransomware attack on robots to show that such attacks are possible and should be guarded against Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Use layered security and patch management to defeat fileless malware

What should organisations do at the very least to ensure business computers are protected from fileless malware? Continue Reading

By

• Maxine Holt, Omdia

Security Think Tank: Multi-layered security key to fileless malware defence

What should organisations do, at the very least, to ensure business computers are protected from fileless malware? Continue Reading

By

• Simon Persin, Turnkey Consulting

Mac malware more than doubled in 2017

Malware targeting Apple Mac computers more than doubled from 2016 to 2017, according to security firm Malwarebytes Continue Reading

By

• Warwick Ashford, Senior analyst

Cyber security is a team sport, says NCSC

The UK’s national cyber security agency aims to help organisations understand the need to act collaboratively and collectively against the cyber threat, urging them to raise the bar Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Social engineering at the heart of fileless malware attacks

What should organisations do at the very least to ensure business computers are protected from fileless malware? Continue Reading

By

• Emma Bickerstaffe, Information Security Forum (ISF)

Security Think Tank: How to tackle fileless malware attacks

What should organisations do at the very least to ensure business computers are protected from fileless malware? Continue Reading

By

• Adrian Davis, (ISC)²

Cyber crime is a top threat to UK charities, says NCSC

Cyber crime poses the most serious threats to UK charities, the National Cyber Security Centre has warned Continue Reading

By

• Warwick Ashford, Senior analyst

New privacy fears as IT challenges delay surveillance oversight body by a year

IT challenges have delayed government plans for an independent body to authorise requests to access the public’s internet and phone records by nearly a year, raising new legal and privacy concerns Continue Reading

By

• Bill Goodwin, Computer Weekly

Singapore firms unprepared for GDPR

An EY study reveals that only 10% of organisations in Singapore are ready to comply with Europe’s new data protection regime Continue Reading

By

• Aaron Tan, Informa TechTarget

Surveillance watchdog investigates security risks of GCHQ IT contractors

The investigatory powers commissioner is reviewing the security arrangements for IT contractors that have access to live computer systems at GCHQ holding highly sensitive records on the UK population Continue Reading

By

• Bill Goodwin, Computer Weekly

Avast discovers Tempting Cedar Android spyware campaign

Security researchers have uncovered a three-year-old Android spyware campaign spread through social media and targeting people in the Middle East Continue Reading

By

• Warwick Ashford, Senior analyst

Unprotected Kubernetes consoles expose firms to cryptojacking

A number of big companies have been targeted by crytojacking attacks, where cyber criminals hijack computing power to mine cryptocurrencies, but some have unprotected Kubernetes consoles in common Continue Reading

By

• Warwick Ashford, Senior analyst

UK plans laws to protect company directors from ID theft

Legislation will make it easier for directors to remove their personal addresses from the company register Continue Reading

By

• Warwick Ashford, Senior analyst

CW Nordics: Nordics CIOs’ priorities in 2018

A select group of CIOs and analysts in Denmark, Finland, Norway and Sweden give their views on the top IT priorities in 2018. As in 2017, digital transformation will continue to be a buzzword. Also read how Sweden is tightening up its cyber security defences as part of a wider national security strategy, and how Nordic banks cannot afford to slow their digital transformations as PSD2 comes into force. Continue Reading

Hawaii missile alert: Why the wrong guy was fired

In January 2018, an employee at Hawaii’s emergency management agency sent out a false alarm of an imminent missile attack, and was subsequently fired – but perhaps poor system design is really to blame Continue Reading

By

• Jonny Corbett, Norman & Sons

Businesses face unprecedented volume of cyber attacks

Organisations are facing the highest levels of cyber attacks in both number and sophistication as automated swarm attacks increase, a cyber threat report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Strategic cyber criminals likely to capitalise on GDPR

As cyber criminals concentrate on targeted, strategic, money-making attacks, they are likely to use GDPR fines as leverage to extort money from organisations, a report warns Continue Reading

By

• Warwick Ashford, Senior analyst

UK local councils under huge cyber attack pressure

Investigation underlines importance of security automation and employee awareness training Continue Reading

By

• Warwick Ashford, Senior analyst

Getting a handle on mobile security in your enterprise

Everyone now has a mobile device at work, so how can enterprises ensure they are secure? Continue Reading

By

• Rene Millman

A third of Brits plan to exercise right to be forgotten

After the General Data Protection Regulation compliance deadline, a third of Britons polled say they plan to exercise their right to be forgotten, but few fully understand the GDPR and how it will affect them Continue Reading

By

• Warwick Ashford, Senior analyst

F-Secure warns against ‘evil maid’ attacks

Business people are being urged not to underestimate the importance of physical security for their laptops, which can be used as entry points by attackers if not adequately protected Continue Reading

By

• Warwick Ashford, Senior analyst

UK Foreign Office minister condemns Russia for NotPetya attacks

The UK has attributed to Russia the NotPetya malware that caused significant disruption globally, based on an assessment by the NCSC Continue Reading

By

• Warwick Ashford, Senior analyst

Telegram zero-day exploit is a warning

The discovery of an exploit of a zero-day vulnerability in the Telegram messaging app demonstrates that not all “secure” apps are automatically safe, security experts have warned Continue Reading

By

• Warwick Ashford, Senior analyst

Home Office fights terrorist content online with detection tool

The Home Office has partnered ASI Data Science to create a tool which automatically detects terrorist content on online platforms Continue Reading

By

• Lis Evenstad

Industrial cyber security improving, but needs work

Cyber attacks on industrial and critical infrastructure systems are increasing in number and sophistication, but more attention is being paid to security, says Honeywell at it opens new Dubai facility Continue Reading

By

• Warwick Ashford, Senior analyst

CW ANZ: Prepare for EU data law

Faced with the double whammy of complying with Australia’s upcoming data breach notification requirement and Europe’s new data protection regime, Australian firms are behind where they need to be in their compliance efforts. In this month’s edition of CW ANZ, find out how Australian organisations are getting ready for the GDPR, the challenges they are facing in meeting two new laws at the same time, as well as what they need to do to achieve their compliance goals. Read the issue now. Continue Reading

Cyber security awareness top priority in financial sector

Information security chiefs in the financial sector say cyber security awareness needs to be a top priority Continue Reading

By

• Warwick Ashford, Senior analyst

FS-ISAC enables safer financial data sharing with API

The global financial industry's body for cyber and physical threat intelligence analysis and sharing has published an API to facilitate safer sharing of consumer financial information Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: How to evolve SecOps capacity

How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments? Continue Reading

By

• Adrian Davis, (ISC)²

UK government orders review of online laws

The UK Law Commission is to review current legislation on offensive online communications to ensure they are up to date with technology Continue Reading

By

• Warwick Ashford, Security Editor

Lauri Love plans to use ‘internet as a force for good’

Engineering student Lauri Love says he plans to help businesses fight cyber crime, after the court of appeal ruled that he can be tried in the UK for allegedly hacking US computer systems, rather than face extradition to the US Continue Reading

By

• Julia Gregory and Niels Ladefoged

Safer Internet Day: Building online safety practices with young people

Many organisations around the UK are contributing to the important work on making the internet a safer place for everyone Continue Reading

By

• Julian David, TechUK

Researchers discover malicious Chrome extensions

Security researchers have discovered a new botnet delivered via malicious Chrome extensions designed to hijack computers to mine cryptocurrency and record victims’ every move Continue Reading

By

• Warwick Ashford, Security Editor

Appeal Court to give landmark verdict on Lauri Love extradition

The Appeal Court will decide whether Lauri Love, who has serious health issues, should be extradited to the US to face hacking charges, or face trial in the UK. The landmark case is the first test of legal protections introduced by Theresa May to protect vulnerable people Continue Reading

By

• Bill Goodwin, Computer Weekly

Security Think Tank: Automating basic security tasks

How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments? Continue Reading

By

• Petra Wenham

UK finance sector cyber security pros admit shocking practices

UK financial sector IT security teams face immense challenges that are undermining business opportunities and continuity in financial services, a survey reveals Continue Reading

By

• Warwick Ashford, Security Editor

IT Priorities 2018: Data protection a top priority ahead of GDPR

Data protection continues to be a key focus for IT security investment for European firms in 2018, as does the emphasis on cloud and mobile security as companies move to these technology platforms Continue Reading

By

• Warwick Ashford, Security Editor

Davos debates global tech risks

In this week's Computer Weekly, world leaders at Davos discuss the growing reliance on technology and how to tackle the political and economic threats of the digital age. Our latest buyer's guide examines mobile app development. And we look at the biggest challenges facing CIOs in 2018 - including digital skills, automation, innovation and diversity. Read the issue now. Continue Reading

IoT security risks need immediate action, says report

The security failings in today’s internet-connected devices will only become more pervasive unless action is taken immediately, according to industry experts Continue Reading

By

• Warwick Ashford, Security Editor