IT governance
IT governance provides the core workflows and processes that help IT managers to oversee the successful functioning of the IT department, and to prove the value of IT to the business. Regulations and compliance are just as important as technological and management skills, and we highlight the best practice in IT governance and the example of successful IT leaders.
-
News
20 Nov 2024
ORG urges ICO to revise public sector enforcement approach
The Open Rights Group is urging the Information Commissioner’s Office to revise its light touch approach to public sector data protection issues, arguing that its experimental policy of limiting its enforcement actions to reprimands and notices, rather issuing fines, is allowing bad practices to continue largely unabated Continue Reading
-
News
20 Nov 2024
Apple addresses two iPhone, Mac zero-days
Two zero-day vulnerabilities uncovered in Apple’s operating systems could have allowed for arbitrary code execution and cross-site scripting attacks Continue Reading
-
Feature
17 Jun 2022
What the EU’s content-filtering rules could mean for UK tech
EU proposals to clamp down on child sexual abuse material will have a material impact on the UK’s technology sector Continue Reading
-
News
17 Jun 2022
Government responds to Data Reform Bill consultation
Westminster claims its new data laws will boost British benefits, protect consumers, and seize the ‘benefits’ of Brexit Continue Reading
-
News
17 Jun 2022
MoD sets out strategy to develop military AI with private sector
The UK Ministry of Defence has outlined its intention to work closely with the private sector to develop and deploy a range of artificial intelligence-powered technologies, committing to ‘lawful and ethical AI use’ Continue Reading
-
News
15 Jun 2022
Patch Tuesday dogged by concerns over Microsoft vulnerability response
The last Patch Tuesday in its current form is overshadowed by persistent concerns about how Microsoft deals with vulnerability disclosure Continue Reading
-
News
14 Jun 2022
CIO interview: Morten Holm Christiansen, Haldor Topsoe
There’s no point digitising if there is no benefit to the customer, says the Danish chemicals giant’s head of IT Continue Reading
-
News
14 Jun 2022
MS Azure Synapse vulnerability fixed after six-month slog
Microsoft patched a critical Azure Synapse vulnerability twice, but each time the researcher who discovered it was able to bypass it with ease, leading to a lengthy saga Continue Reading
-
News
13 Jun 2022
New warning over tech suppliers in thrall to hostile governments
Ukraine war could lead to shakeup of dual-use tech exports, says former UK intelligence officer Continue Reading
-
News
13 Jun 2022
Health data strategy to exorcise ghosts of GPDPR
Government publishes a revised data in health strategy, with an emphasis firmly on preserving the integrity and privacy of patients’ confidential information Continue Reading
-
News
10 Jun 2022
ICO fails to disclose majority of reprimands issued under GDPR
London law firm Mishcon de Reya forces disclosure of reprimands issued to organisations by the Information Commissioner’s Office for contraventions of UK data protection law Continue Reading
-
Opinion
10 Jun 2022
Security Think Tank: Don’t trust the weakest link? Don’t trust any link
Your security model shouldn’t fall apart just because a part of your business, or a partner, has weak security. This is why information-centric security is a must Continue Reading
-
Opinion
10 Jun 2022
Government wrong to pass the buck on computer evidence reform
IT expert James Christie tells Computer Weekly why he is disappointed that the government has no plans to change the rules on the use of computer evidence in court Continue Reading
-
News
10 Jun 2022
Commercialising open source
Most software developed today takes advantage of open source, but there are still gaps in understanding what open source means in business Continue Reading
-
News
09 Jun 2022
SolarWinds CEO offers to commit staffers to government cyber agencies
A new proposal from SolarWinds’ outspoken CEO, Sudhakar Ramakrishna, could see software companies commit key staff to work with government cyber agencies to improve cooperation and incident response Continue Reading
-
News
09 Jun 2022
Trade body calls for public-private sector collab on digital ID
TechUK has published a report outlining 10 key recommendations it believes are urgently needed to enable the rapid creation of an effectively regulated digital identity marketplace Continue Reading
-
Feature
09 Jun 2022
Cloud-to-cloud backup: When native cloud protection is not enough
There is a certain amount of protection built into cloud services, but it has its limits and full data protection requires that cloud data is secured with cloud-to-cloud backup Continue Reading
-
News
08 Jun 2022
China using top consumer routers to hack Western comms networks
An advisory from US cyber authorities shares details of multiple vulnerabilities exploited by Chinese state actors to hack into Western telecoms networks Continue Reading
-
News
08 Jun 2022
ProxyLogon, ProxyShell may have driven increase in dwell times
The median network intruder dwell time was up 36% to 15 days last year, thanks to massive exploitation of the ProxyLogon and ProxyShell vulnerabilities by IABs, according to new Sophos data Continue Reading
-
News
07 Jun 2022
Software house Mega achieves holistic SaaS security with Synopsys
Mega International, a supplier of IT management software, turned to Synopsys’s Coverity and Black Duck products to reassure both itself and its customers that its software-as-a-service offerings were built to the best possible security standards Continue Reading
-
Opinion
01 Jun 2022
What does the EU’s NIS 2 cyber directive cover?
We run the rule over the European Union’s updated NIS2 security directive Continue Reading
-
Opinion
31 May 2022
The importance of making information security more accessible
Robin Smith, CSO of Aston Martin Lagonda, talks about how an accessible approach to cyber is helping him to keep the organisation secure Continue Reading
-
Feature
31 May 2022
Attack of the clones: the rise of identity theft on social media
The proliferation of social media has resulted in the rise of identity theft on these platforms, with accounts copied for fraudulent or malicious purposes. What can be done to mitigate it? Continue Reading
-
Opinion
31 May 2022
How cryptocurrency is bringing humanitarian value to Ukraine
Web3 technology has great significance as a form of charitable giving, and in providing permanent records for the government Continue Reading
-
Opinion
30 May 2022
Log4Shell: How friendly hackers rose to the challenge
HackerOne CISO Chris Evans looks back at how the security community successfully rose to the challenge of Log4Shell, and saved end-user organisations millions Continue Reading
-
Opinion
30 May 2022
Strong internal foundations are key to withstanding external threats
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
Opinion
27 May 2022
Consistency is key to mitigate outsourcing risk
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
26 May 2022
Consultation launched on datacentre, cloud security
The government is seeking views on how to boost the security and resilience of the UK’s datacentres and online cloud platforms Continue Reading
-
Opinion
26 May 2022
Security Think Tank: Core security processes must adapt in a complex landscape
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
26 May 2022
Two-thirds of UK organisations defrauded since start of pandemic
Nearly two out of three UK companies say they have experienced some form of fraud or economic crime in the past two years, according to a report Continue Reading
-
News
26 May 2022
Most CFOs being left out of ransomware conversations
Barely a tenth of CFOs are actively involved in planning for cyber attacks, according to a report Continue Reading
-
News
24 May 2022
ICO orders facial recognition firm Clearview AI to delete all data about UK residents
UK data watchdog fines facial recognition company Clearview AI £7.5m for multiple privacy breaches. The firm, which offers services to law enforcement, faces growing pressure from regulators and legal action around the world Continue Reading
-
News
24 May 2022
Ransomware volumes grew faster than ever in 2021
Verizon’s annual DBIR assessment of the security landscape highlights an unprecedented boom in ransomware volumes, to the surprise of nobody Continue Reading
-
News
23 May 2022
Did the Conti ransomware crew orchestrate its own demise?
Analysts examining the shutdown of the Conti ransomware syndicate suggest the cyber crime collective orchestrated its own demise Continue Reading
-
Opinion
23 May 2022
Security Think Tank: Understanding attack paths is a question of training
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
20 May 2022
Applying international law to cyber will be a tall order
Many in the security community have voiced their support for the UK government’s ambitions to work towards agreement with other countries on the application of international law to cyber space, but not without some reservations Continue Reading
-
News
20 May 2022
Third of organisations to outsource more IT amid talent shortage
Cutting costs is not the main reason for outsourcing IT in the UK, according to a major study Continue Reading
-
News
20 May 2022
Microsoft drops emergency patch after Patch Tuesday screw up
Microsoft fixed a certificate mapping issue that caused server authentication failures on domain controllers for users that had installed the most recent Patch Tuesday updates Continue Reading
-
News
19 May 2022
Defensive cyber attacks may be justified, says attorney general
Speaking ahead of a speech at the Chatham House think tank, the UK’s attorney general has suggested defensive cyber attacks against hostile countries may be legally justifiable Continue Reading
-
News
19 May 2022
Deliveroo accused of ‘soft union busting’ with GMB deal
Smaller grassroots unions have criticised Deliveroo and GMB for making a “hollow” deal that will ultimately undermine workers’ self-organising efforts Continue Reading
-
News
19 May 2022
Red teaming will be standard in Dutch governmental organisations by 2025
The Dutch government wants to include the testing of the digital security of systems, processes and people – also known as red teaming – in all of its governmental organisations’ test planning and budgeting by 2025 at the latest Continue Reading
-
Opinion
19 May 2022
Security Think Tank: Yes, zero trust can help you understand attack paths
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
Opinion
18 May 2022
Security Think Tank: To follow a path, you need a good map
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
16 May 2022
Gartner Data & Analytics Summit: Unleash innovation on emergence from pandemic
Analysts at the Gartner Data & Analytics Summit in London urged D&A leaders to unleash innovation as their organisations emerge from the shadow of the pandemic Continue Reading
-
News
13 May 2022
Pro-competition data sharing will not include users’ personal info, says minister
UK government proposals to improve competition in digital markets by making tech giants share data with smaller firms will not include consumers’ personal information, says digital minister Continue Reading
-
News
12 May 2022
GPDPR data scrape a ‘mistake’, says leading scientist
Giving evidence to the Science and Technology Committee, academic, physician and science writer Ben Goldacre has expressed serious misgivings about the on-hold GPDPR NHS data scrape Continue Reading
-
Feature
12 May 2022
The limits and risks of backup as ransomware protection
Backups can provide a sound means of recovery from ransomware infection, but they are not 100% certain to foil attackers. We look at the limits and risks of depending on backups Continue Reading
-
Opinion
12 May 2022
Security Think Tank: Your path to understanding attack paths
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
11 May 2022
CyberUK 22: Five Eyes focuses on MSP security
The western intelligence community has set out practical steps IT service providers and their customers can take to protect themselves Continue Reading
-
News
11 May 2022
Data Reform Bill announced in Queen’s Speech
Government claims proposals to reform the UK’s data protection regime will create a framework ‘focused on privacy outcomes rather than box-ticking’ Continue Reading
-
News
11 May 2022
Analysts confirm return of REvil ransomware gang
Secureworks CTU analysis has found that the REvil ransomware is undergoing active development, possibly heralding a new campaign of cyber attacks Continue Reading
-
News
11 May 2022
Microsoft fixes three zero-days on May Patch Tuesday
It’s the second-to-last Patch Tuesday as we know it, and Microsoft has fixed a total of 75 bugs, including three zero-days Continue Reading
-
News
10 May 2022
CyberUK 22: Cyber leaders affirm UK’s whole-of-society strategy
On the opening day of CyberUK 2022, GCHQ director Jeremy Fleming and NCSC CEO Lindy Cameron have spoken of their commitment to the government’s ambition for a whole-of-society cyber strategy Continue Reading
-
News
10 May 2022
Post Office scandal inquiry chair brings forward urgent compensation hearings
The chair of the Post Office Horizon scandal inquiry has brought forward hearings about compensation as victims warn that at this rate “people will die” before they get anything Continue Reading
-
News
10 May 2022
CyberUK 22: NCSC refreshes cloud security guidance
The National Cyber Security Centre is revising its cloud guidance as increasing uptake of potentially vulnerable cloud services puts more organisations at risk of compromise Continue Reading
-
News
06 May 2022
UK digital markets regulator to be given statutory powers
Digital Markets Unit will be put on statutory footing by UK government to ensure technology giants do not abuse market power, but announcement comes with no clear indication of when legislation will be introduced Continue Reading
-
Feature
05 May 2022
Disaster recovery is an essential service for EDF with Phenix-IT
EDF has built disaster recovery tracking, planning and testing software on a six-month upgrade cycle based on governance, risk and compliance functionality in Mega’s Hopex platform Continue Reading
-
Opinion
05 May 2022
Security Think Tank: Identify, assess and monitor to understand attack paths
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
Opinion
04 May 2022
Security Think Tank: Defenders must get out ahead of complexity
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to better understand these attack pathways to fight back Continue Reading
-
Opinion
03 May 2022
Security Think Tank: Solving for complexity in the network
The modern-day abundance of IT platforms, apps and tools gives the bad guys ample opportunity to move rapidly through the network to hit critical assets. Security teams must understand these attack pathways better in order to fight back Continue Reading
-
News
03 May 2022
Post Office scandal CEO could be stripped of CBE
Honours Forfeiture Committee to review Paula Vennells’ CBE in the light of Post Office scandal Continue Reading
-
Podcast
29 Apr 2022
Podcast: War, geo-political risk, data storage and compliance
We talk to Mathieu Gorge, CEO of Vigitrust, about impacts on compliance and data storage from instability in geo-political events, such as the Russian invasion of Ukraine Continue Reading
-
News
28 Apr 2022
Ransomware recovery costs dwarf actual ransoms
The cost of recovering from a ransomware attack far outweighs the ransoms now being demanded by cyber criminals, according to recent data Continue Reading
-
News
28 Apr 2022
UK regulators seek input on algorithmic processing and auditing
Digital Regulation Cooperation Forum is inviting views on how the four UK watchdogs involved should approach regulating algorithms, following its publication of discussion papers and a 2022 workplan Continue Reading
-
News
28 Apr 2022
Russia plumbs new depths in cyber war on Ukraine
Microsoft details cyber attacks on Ukrainian civilian communications, nuclear safety authorities, and the exploitation of the destruction of Mariupol in a phishing campaign Continue Reading
-
News
27 Apr 2022
Russia-supporting cyber crime gang claims Coca-Cola as victim
Stormous cyber crime collective claims to have stolen 161GB of data from Coca-Cola, and says it plans to sell it off Continue Reading
-
News
27 Apr 2022
Ransomware victims paying out when they don’t need to
Sophos’s annual State of Ransomware report shows dramatic increases in the impact of ransomware attacks, but also finds many organisations are paying ransoms when they don’t need to Continue Reading
-
News
27 Apr 2022
Government digital ignorance puts Dutch economy at risk
In this interview, Michiel Steltman, managing director of Digital Infrastructure Netherlands, tells Computer Weekly why the Dutch digital economy is at risk due to a lack of knowledge and understanding at government level Continue Reading
-
News
27 Apr 2022
Police question former Fujitsu worker again in Post Office scandal perjury investigation
Police have interviewed a former Fujitsu employee for the third time in the investigation into potential perjury during trials of wrongfully convicted subpostmasters Continue Reading
-
News
26 Apr 2022
Odense Robotics helps develop key export for Denmark
Robotics seen as a future export sector for Denmark as investment startups build their skills in public sector projects Continue Reading
-
News
25 Apr 2022
Government appoints head of technology transfer unit
Government announces a CEO to lead its initiatives around commercialising its knowledge assets Continue Reading
-
News
22 Apr 2022
EU lawmakers propose limited ban on predictive policing systems
MEPs’ joint report on European Artificial Intelligence Act sets out limited ban on predictive policing systems alongside a raft of further amendments to improve redress mechanisms and extend the list of AI systems deemed high-risk Continue Reading
-
News
22 Apr 2022
What’s up with Conti and REvil, and should we be worrying?
New intelligence on some of the world’s most prolific ransomware gangs suggests recent disruption to their activities was like water off a duck’s back Continue Reading
-
News
22 Apr 2022
UAE bolsters cyber security
The United Arab Emirates has successfully improved its security posture amid mounting cyber threats Continue Reading
-
News
21 Apr 2022
Zoom adds new round of cyber security enhancements
Videoconferencing platform Zoom adds multiple third-party security certifications and service enhancements Continue Reading
-
News
21 Apr 2022
Five Eyes in new Russia cyber warning
Latest cross-body alert warns of Russian threat to utilities and other core elements of national infrastructure Continue Reading
-
News
21 Apr 2022
Impact of Lapsus$ attack on Okta less than feared
Okta’s investigation into Lapsus$ breach of its systems via a Sitel workstation has concluded that the impact was significantly less than the maximum potential Continue Reading
-
News
20 Apr 2022
Bots could help businesses polish up their green credentials
Metrics are a key aspect of a sound sustainability strategy and Oracle believes automation can help businesses achieve their environmental goals Continue Reading
-
News
20 Apr 2022
Home secretary Priti Patel to decide whether to extradite Assange
Home secretary will decide in four weeks whether to approve Julian Assange’s extradition to the US, where he faces espionage and hacking charges Continue Reading
-
News
19 Apr 2022
Softbank and UnaBiz team up on internet of robotic things
Japan’s Softbank Robotics and Singapore-based UnaBiz are bringing IoT and robotics technology together to improve facilities management, among other applications Continue Reading
-
Feature
14 Apr 2022
Refugee support group works with tech startup on reporting system
Computer Weekly speaks to a refugee support group about its ongoing collaboration with an academic tech startup to develop a digital human rights reporting system for refugees Continue Reading
-
Feature
14 Apr 2022
How algorithmic automation could manage workers ethically
Managing workers by algorithm and automated process has generated ethical problems aplenty. Can such means be pressed into the service for a more ethical mode of worker management? We find out Continue Reading
-
News
14 Apr 2022
Government agrees bulk surveillance powers fail to protect journalists and sources
Campaign group Liberty to launch legal appeal that will call for journalists to receive stronger legal protections from state surveillance Continue Reading
-
News
13 Apr 2022
WatchGuard firewall users urged to patch Cyclops Blink vulnerability
The US authorities have seen fit to add the WatchGuard vulnerability used by Sandworm to build the Cyclops Blink botnet to its list of must-patch vulnerabilities Continue Reading
-
News
13 Apr 2022
Microsoft patches two zero-days, 10 critical bugs
Patch Tuesday is here once again. This month, security teams must fix two privilege escalation zero-days in the Windows Common Log File System Driver and the Windows User Profile Service Continue Reading
-
News
13 Apr 2022
Criminals researched hacking TTPs post-breach in ‘messy’ cyber attack
Sophos shares details of a cyber attack that saw attackers hang out in their victim environment for five months while they prepared to sow further mischief Continue Reading
-
News
12 Apr 2022
AI researcher says police tech suppliers are hostile to transparency
Expert witness in Lords police tech inquiry welcomes committee’s findings but questions whether its recommendations on how to end the ‘Wild West’ of police artificial intelligence and algorithmic technologies in the UK would be implemented Continue Reading
-
News
11 Apr 2022
Border IT system fixed after 10-day outage
Post-Brexit border IT system failure fixed after going down at the start of April, allowing traders to once again file customs documents electronically rather than by hand Continue Reading
-
News
08 Apr 2022
EncroChat: France says ‘defence secrecy’ in police surveillance operations is constitutional
Constitutional court finds that invoking ‘defence secrecy’ to withhold information about the state hacking of EncroChat cryptophones is constitutional. Defence lawyers now head for the supreme court Continue Reading
-
Feature
06 Apr 2022
Snapshots best practice: Five key things you need to know
We look at snapshots best practice, including the way they work, why they are not the same as backups, how to avoid heavy processing overheads and key user permissions tweaks Continue Reading
-
News
05 Apr 2022
Structured decentralisation is the key to unlocking Nordic-level innovation
Finnish tech entrepreneurs will be taking the stage at the World Economic Forum to tell the world about the role of trust in Finnish startup success Continue Reading
-
News
05 Apr 2022
Saudi Arabian ICT sector hits $32.1bn after strong pandemic response
The Saudi Arabian IT and communications sector is recovering strongly from the Covid-19 pandemic Continue Reading
-
News
01 Apr 2022
Four moves to ‘checkmate’ critical assets thanks to lax cloud security
Malicious actors can compromise 94% of critical assets within four steps of the initial breach point, according to a report Continue Reading
-
News
31 Mar 2022
EU Act ‘must empower those affected by AI systems to take action’
Ada Lovelace Institute publishes recommendations on how European institutions can improve the Artificial Intelligence Act by establishing a ‘comprehensive remedies framework’ around those affected by the deployment of AI systems Continue Reading
-
News
31 Mar 2022
Global upheaval shows cyber security isn’t good enough, says GCHQ director
Generational global upheaval has laid bare significant gaps in national cyber strategies, GCHQ chief Jeremy Fleming has said in a speech Continue Reading
-
News
31 Mar 2022
Bank fraud prevention scheme blocked £60m in fraud last year
Scheme to catch fraudsters, including online scammers, before they commit their crimes has reported a significant increase in crimes prevented Continue Reading
-
News
30 Mar 2022
One-third of UK firms suffer a cyber attack every week
New statistics from the annual DCMS Cyber security breaches survey reveal the extent and frequency with which UK organisations are being attacked by malicious actors Continue Reading
-
Feature
30 Mar 2022
Recruitment risks: Avoiding the dangers of fraudulent candidates
Tech companies are seeing an increase in fraudulent job applications, with associated impacts on risk and cyber security. So how can organisations protect themselves from fraudulent applicants while ensuring they recruit the best talent? Continue Reading
-
News
29 Mar 2022
Overhaul of UK police tech needed to prevent abuse
Lords inquiry finds UK police are deploying artificial intelligence and algorithmic technologies without a thorough examination of their efficacy or outcomes, and are essentially ‘making it up as they go along’ Continue Reading
-
News
29 Mar 2022
NCSC: Not necessarily wise to ditch Kaspersky
UK’s National Cyber Security Centre issues refreshed guidance on organisations’ usage of technology and services of Russian origin, but stops short of advising users to expunge all Russian products from their IT estates Continue Reading
-
News
29 Mar 2022
Wave of Log4j-linked attacks targeting VMware Horizon
Sophos issues a new warning to organisations that have so far failed to patch their VMware Horizon servers against Log4Shell Continue Reading
-
News
29 Mar 2022
FCA reports 52% jump in security incidents
The Financial Conduct Authority received 116 cyber incident reports in 2021, a fifth of them involving ransomware Continue Reading