IT governance
IT governance provides the core workflows and processes that help IT managers to oversee the successful functioning of the IT department, and to prove the value of IT to the business. Regulations and compliance are just as important as technological and management skills, and we highlight the best practice in IT governance and the example of successful IT leaders.
-
News
20 Nov 2024
ORG urges ICO to revise public sector enforcement approach
The Open Rights Group is urging the Information Commissioner’s Office to revise its light touch approach to public sector data protection issues, arguing that its experimental policy of limiting its enforcement actions to reprimands and notices, rather issuing fines, is allowing bad practices to continue largely unabated Continue Reading
-
News
20 Nov 2024
Apple addresses two iPhone, Mac zero-days
Two zero-day vulnerabilities uncovered in Apple’s operating systems could have allowed for arbitrary code execution and cross-site scripting attacks Continue Reading
-
News
26 Oct 2020
Highly unusual hacking attack directly threatens therapy patients
A hacker has directly contacted therapy patients to say their highly personal therapy notes will be put on the internet unless they pay the ransom Continue Reading
-
News
23 Oct 2020
Digital public services fail UK citizens on multiple fronts
Commission for Smart Government publishes paper on obstacles facing the UK’s digital government, setting out principles for digital government initiatives to follow Continue Reading
-
News
22 Oct 2020
Protecting remote workers an opportunity to do security better
Securing the fully remote workforce has been a challenge for IT teams, but it presents an opportunity to commit to a higher standard of cyber security, according to a Cisco report Continue Reading
-
News
21 Oct 2020
NSA’s top CVE list a timely reminder to patch
Many of the CVEs detailed on the NSA’s top 25 chart are golden oldies Continue Reading
-
News
21 Oct 2020
Charities warned over ‘Robin Hood’ cyber criminals
Accepting donations from cyber criminal groups could be deemed as profiting from crime, money laundering or handling stolen goods – so don’t do it Continue Reading
-
Opinion
21 Oct 2020
Security Think Tank: Essential tools to mitigate double extortion attacks
The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading
-
News
20 Oct 2020
Resilient Trickbot down but not yet knocked out
Global, Microsoft-led effort to disrupt the Trickbot botnet has seen some success, but new command and control servers continue to pop up Continue Reading
-
News
20 Oct 2020
Police given access to self-isolation data
NHS Test and Trace self-isolation data will be made available to police after new guidance changes data-sharing rules Continue Reading
-
News
20 Oct 2020
BA breach penalty sets new GDPR precedents
The 90% reduction in the fine levied on BA over a 2018 data breach has legal experts talking about the ramifications for the future of data protection Continue Reading
-
News
20 Oct 2020
Six Russians charged over NotPetya and other attacks
Six members of the APT group known as Sandworm have been charged in the US over a series of attacks including the destructive NotPetya incident Continue Reading
-
Opinion
16 Oct 2020
Security Think Tank: Safeguarding PII in the current threat landscape
The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading
-
News
16 Oct 2020
BA argues ICO data breach fine down to £20m
Information Commissioner’s Office levies fine of £20m on British Airways for failing to protect the personal data of hundreds of thousands of passengers – a vast reduction on the initial £183m penalty Continue Reading
-
News
15 Oct 2020
Cloud data protection keeps the Crick’s medical research Covid-secure
Cloud data management services from Rubrik gave the Francis Crick Institute a data protection edge and have helped keep its vital work going through the pandemic Continue Reading
-
News
15 Oct 2020
UK regulators lack the skills and expertise to cope with increasing use of algorithms
MPs told that multiple regulators will be needed to govern the ever-growing use of algorithmic systems in all areas of the economy and public sector Continue Reading
-
News
15 Oct 2020
Hackney services still offline in ongoing cyber attack
Services remain disrupted two days after council was hit by a serious incident, as residents are warned to be on their guard Continue Reading
-
News
15 Oct 2020
How Tokopedia is streamlining incident management
Indonesian e-commerce giant Tokopedia has improved incident management and developer productivity using a cloud-based incident management tool Continue Reading
-
News
14 Oct 2020
Public sector security failings leave UK at risk, says think tank
Reform report urges adoption of new policies in the next version of the UK’s National Cyber Security Strategy Continue Reading
-
News
14 Oct 2020
US Elections: Malicious internet domains spike as campaigns heat up
Internet domains related to the US presidential election are 56% more likely to be malicious than regular ones Continue Reading
-
News
14 Oct 2020
Public data should not be held by US tech giants
One-off evidence sessions to follow up on the recommendations of the House of Lords AI Committee revisit the data and ethics debate Continue Reading
-
News
14 Oct 2020
Fintech ‘unicorn’ Klarna probed over data misuse
Online bank blames misuse of user data on human error as Information Commissioner’s Office weighs in Continue Reading
-
News
14 Oct 2020
Microsoft fixes 87 bugs in October 2020 Patch Tuesday
Smaller October Patch Tuesday update includes fixes for critical bugs in Windows 10 and Windows Server 2019 Continue Reading
-
Opinion
14 Oct 2020
Security Think Tank: Adapting defences to evolving ransomware and cyber crime
The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading
-
Opinion
13 Oct 2020
Security Think Tank: What you need to know about addressing the doxing threat
The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading
-
News
12 Oct 2020
Trickbot forced offline in major cyber security victory
Coalition led by Microsoft obtained a court order enabling them to take down the infamous Trickbot botnet’s back-end server infrastructure Continue Reading
-
News
12 Oct 2020
Five Eyes spy group again demands access to private messages
Spooks are once again calling for the tech industry to break end-to-end encryption in messaging platforms Continue Reading
-
News
12 Oct 2020
Software AG caught in double extortion ransomware hit
Data stolen from prominent German software company by Clop ransomware gang appears on the dark web Continue Reading
-
Opinion
12 Oct 2020
Security Think Tank: Tighten data and access controls to stop identity theft
The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading
-
News
09 Oct 2020
Facebook critics’ webpage removed over false phishing allegations
Real Facebook Oversight Board alleges Facebook is trying to censor it for speaking out against the social media company’s behaviour Continue Reading
-
News
09 Oct 2020
Major tech companies respond to lawsuit over mining deaths
Multinational technology companies accused of knowingly benefiting from human rights abuses in the Democratic Republic of Congo have responded to a lawsuit seeking to hold them accountable for the deaths of Congolese children in their cobalt supply chains Continue Reading
-
News
09 Oct 2020
Magecart strikes website of school payments service Wisepay
Magecart credit card skimmer harvested financial data of users of Wisepay’s platform over a two-day period Continue Reading
-
Opinion
09 Oct 2020
Lapsing ISO certifications: Myth versus risk
Allowing ISO certifications to lapse presents businesses with serious risks when workarounds are possible Continue Reading
-
News
08 Oct 2020
NCSC relaunches SME security guide with home working focus
The NCSC is issuing an updated version of its guide to security for SMEs, reflecting the long-lasting changes to the world of work seen in 2020 Continue Reading
-
Opinion
08 Oct 2020
Excel is the hammer for too many businesses’ nails
Excel is a fine piece of software, but as Public Health England found out, its ubiquity and ease of use does not make it the ideal tool for every job that involves data Continue Reading
-
News
08 Oct 2020
Crown Prosecution Service suffers 1,600 data breaches in 12 months
CPS sees a spike in data security incidents, many of them serious enough to be reported to the Information Commissioner’s Office Continue Reading
-
News
08 Oct 2020
Threat of GDPR fines increasingly driving security buying decisions
Scaring the people who hold the purse strings may be the best option for CISOs who need a little extra budget Continue Reading
-
News
07 Oct 2020
US lawmakers release big tech antitrust report
House Democrats have published a report on the monopoly power wielded by big tech companies and how to restore competition in digital markets Continue Reading
-
News
07 Oct 2020
Department for Education failed to protect data on millions of children, says ICO
The Department for Education’s National Pupil Database, which contains millions of items of data on the UK’s schoolchildren, was found to be non-compliant with data protection regulations across the board Continue Reading
-
News
07 Oct 2020
UK accounts for 45% of Europe’s card fraud as criminals target online transactions
Payment card fraudsters steal €1.5bn, with card-not-present attacks accounting for three-quarters of this sum Continue Reading
-
News
07 Oct 2020
ICO wraps up Cambridge Analytica investigation
Information Commissioner’s Office concludes its investigation into Cambridge Analytica, saying no additional evidence has come to light that would change its previous assessments Continue Reading
-
News
06 Oct 2020
EU’s top court questions legality of UK phone and internet data surveillance
European Court of Justice rules that the UK and EU member states must comply with EU privacy laws when harvesting people’s sensitive communications data from telecoms and internet companies Continue Reading
-
News
06 Oct 2020
Government deaf to loud calls for statutory public inquiry into Post Office scandal
MPs are demanding the government holds a full statutory public inquiry into the Post Office IT scandal Continue Reading
-
News
06 Oct 2020
Coronavirus raises the software audit stakes
IT asset managers say they are receiving more requests from software publishers to check for licence discrepancies Continue Reading
-
Opinion
06 Oct 2020
The privacy and compliance challenges organisations face in 2021
Privacy and compliance teams have a lot on their plate as 2021 approaches. What are the key issues to consider? Continue Reading
-
News
06 Oct 2020
Ransomware attacks go through the roof
The volume of ransomware attacks has jumped 50% in the past three months, according to data produced at Check Point Continue Reading
-
News
06 Oct 2020
CISOs struggle to keep up with MITRE ATT&CK framework
Despite its proven benefits for security, the MITRE ATT&CK framework is proving difficult for many, according to a joint study from McAfee and UC Berkeley Continue Reading
-
News
06 Oct 2020
John McAfee arrested over cryptocurrency fraud
Erratic tech baron allegedly promoted initial coin offerings without disclosing he was being paid to do so Continue Reading
-
News
05 Oct 2020
Employees overwhelmingly hostile to workplace monitoring tech
The use of workplace surveillance technologies to monitor and track staff working from home has increased hugely since the start of the pandemic, but most workers say it makes them feel uncomfortable Continue Reading
-
News
05 Oct 2020
FBI seized ‘legally privileged’ material from Ecuador Embassy, claims Julian Assange’s lawyer
The US struck a secret deal with Ecuador to seize WikiLeaks founder Julian Assange’s property from the Ecuadorian Embassy in London days before his arrest. The haul included legally privileged documents, says his solicitor Continue Reading
-
News
02 Oct 2020
Honesty is the best policy: Forging a security culture in the NHS
Clinician and technologist Sam Shah helped set up NHSX in 2019. Now he’s helping advance digital transformation in healthcare from the outside, and a big part of that is addressing security in the sector Continue Reading
-
News
02 Oct 2020
Future UK-EU data sharing put at risk by Brexit legislation
When the Brexit transition period ends, UK ministers will have the power to forge new data-sharing arrangements that risk undermining the viability of future data transfers with the European Union Continue Reading
-
News
02 Oct 2020
Security pros face sanctions if they help ransomware victims pay
New advisory from the US government warns cyber insurance and incident response specialists that they could be skating on thin ice if they help ransomware victims pay their attackers off Continue Reading
-
News
02 Oct 2020
Justice for subpostmasters as wrongful criminal convictions are set to be quashed
The Post Office has chosen not to contest 44 out of 47 appeals, meaning most are likely to have their names cleared, but others still face a Court of Appeal battle for justice Continue Reading
-
News
01 Oct 2020
Trust in government technology is key to adoption
Panellists at GovTech Summit 2020 speak about the need to build trust in government digital services, as the pandemic has created room for increased use of technology in the public sector Continue Reading
-
News
01 Oct 2020
Blackbaud admits hackers stole banking details, passwords
Software firm paid off a ransomware gang, believed its hackers when they said they had destroyed the data, and has now discovered the cyber criminals accessed even more sensitive information than it thought Continue Reading
-
News
29 Sep 2020
Threat actors becoming vastly more sophisticated
Malicious actors have been busily honing their craft and cyber security incidents are up across the board as a result, according to a Microsoft report Continue Reading
-
News
29 Sep 2020
NatWest offers online banking customers free security services
Bank responds to a surge in cyber crime targeting users of online banking services Continue Reading
-
News
28 Sep 2020
UK and US marked down on responsible AI
The UK and US have been rated as leaders in government use of artificial intelligence, but the Nordics and Baltics attained the highest scores for responsible AI Continue Reading
-
News
28 Sep 2020
Sustrans opens door to NCSC cyber certification via the cloud
Sustainable transport charity turned to Qualys to help it attain needed certifications to bid for government work Continue Reading
-
News
28 Sep 2020
Government updates data ethics framework
The new data ethics framework was created to better reflect how projects are run in practice after finding there was “little awareness” of the previous framework across the public sector Continue Reading
-
News
28 Sep 2020
TikTok ban stayed after last-minute court case
TikTok’s lawyers have staved off an imminent ban for the time being, after successfully arguing that it infringed rights guaranteed under the Constitution of the United States Continue Reading
-
News
28 Sep 2020
Security now main driving force behind digital transformation
Organisations are urgently remodelling their core technology stack in the light of the Covid-19 pandemic, and this is pushing security to the top of the agenda Continue Reading
-
News
28 Sep 2020
Airbnb hosts’ account data exposed in internal leak
Data exposure within Airbnb’s system was the result of a technical issue but was swiftly fixed, says the firm Continue Reading
-
Opinion
25 Sep 2020
Covid-19 has changed how we think about cyber security forever
Six months into the global pandemic, the true impact on the future of cyber security is beginning to look clearer, says Microsoft’s Ann Johnson Continue Reading
-
Opinion
25 Sep 2020
Gartner: Balance safety, privacy and productivity when employees return to the workplace
Organisations may decide that data collection can help keep employees safe in a Covid-secure workplace – but employers must consider all the privacy and productivity implications Continue Reading
-
News
24 Sep 2020
NHS whistleblower privacy concerns passed on to regulator, but campaigners not holding their breath
NHS Improvement chair Dido Harding acknowledges receiving concerns raised about the anonymity of whistleblowers, but campaigners have little faith that anything will be done Continue Reading
-
News
24 Sep 2020
Coronavirus shows inadequacy of rear-view mirror planning
Looking at historical data has hampered businesses’ attempts to move forward effectively during the pandemic Continue Reading
-
News
24 Sep 2020
Can banks solve money laundering puzzle through technology?
Banks face a huge challenge in identifying and stopping money laundering without interfering with police investigations Continue Reading
-
News
24 Sep 2020
Government blasted over ‘reckless’ contact-tracing security
The Open Rights Group and Big Brother Watch accuse the government of endangering public health with a reckless attitude to contact-tracing data security Continue Reading
-
News
24 Sep 2020
Race to patch as Microsoft confirms Zerologon attacks in the wild
Don’t be the organisation that made the headlines because it failed to patch. Microsoft says it is seeing cyber attacks ramping up around the Zerologon CVE-2020-1472 bug Continue Reading
-
News
24 Sep 2020
Australians want more control over privacy
Nearly nine in 10 Australians want more control and choice over the collection and use of their personal information amid declining trust in how organisations handle personal data, survey finds Continue Reading
-
News
23 Sep 2020
Over half of firms intend to continue US data transfers despite Schrems II
Survey shows many organisations do not intend to significantly change their data-sharing practices, at least until there is more guidance from regulators or governments Continue Reading
-
News
23 Sep 2020
US agencies warn of election disinformation and cyber attacks
Federal agencies are warning of heightened disinformation as the crucial 2020 presidential election nears Continue Reading
-
News
22 Sep 2020
Twitter investigates image cropping algorithm for racial bias
The algorithm’s consistent favouring of white faces in image previews has forced the company to investigate it for racial bias Continue Reading
-
News
22 Sep 2020
GDS reviewing Cloud First policy post-Schrems II
Review seeks to determine the future of government engagement with cloud hosting services as they relate to cross-border data flows Continue Reading
-
News
22 Sep 2020
WikiLeaks published unredacted cables after password was disclosed in book
WikiLeaks published a cache of unredacted government cables after the publication of a book containing the password led to their publication on other parts of the internet, court told Continue Reading
-
Opinion
21 Sep 2020
Why business resilience management should be high on the agenda
Business resilience management is key to business survival in the face of rapidly changing IT, cyber threat and regulatory environments Continue Reading
-
News
21 Sep 2020
Big questions to be answered over TikTok and WeChat reprieve
TikTok and WeChat seem to have received a stay of execution, but big questions and contradictions remain Continue Reading
-
News
18 Sep 2020
Ex-NCSC boss Ciaran Martin joins cyber venture capital outfit
Outgoing NCSC CEO Ciaran Martin is to take up a new role guiding new investments in cyber security Continue Reading
-
News
18 Sep 2020
Outgoing NCSC CEO: Ransomware threat kept us up at night
Former NCSC CEO Ciaran Martin sheds some light on some of the biggest cyber threats currently facing the UK Continue Reading
-
News
18 Sep 2020
German authorities probe ransomware hospital death
Hackers failed to extort a ransom from University Hospital Düsseldorf, but indirectly caused the death of a patient Continue Reading
-
News
17 Sep 2020
What are the habits of highly effective CISOs?
Data crunched by Gartner analysts reveals the behaviours that differentiate the top-performing chief information security officers from the pack Continue Reading
-
Opinion
17 Sep 2020
Security Think Tank: Edge security in the world of Covid-19
That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentre to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading
-
News
16 Sep 2020
Banks report surge in impersonation scams
Fraudsters are using the Covid-19 crisis to trick people into transferring money to them Continue Reading
-
News
15 Sep 2020
Gartner Security Summit: Covid-19 brings agile security to the fore
The evolving threat landscape is the top driver impacting cyber security during the next three to five years, and Covid-19 has accelerated the trend towards more agile security deployments Continue Reading
-
News
15 Sep 2020
Risky development practice leaves company access keys exposed
Database stores, cloud storage and myriad other services are being put at risk by the accidental exposure of company access keys during development Continue Reading
-
News
15 Sep 2020
Data of every Welsh Covid-19 patient leaked online
Data on all 18,105 people in Wales who have received positive tests for the coronavirus was uploaded to a public-facing web server in error Continue Reading
-
News
14 Sep 2020
Fintech Pledge launched to strengthen UK’s financial technology sector
The Fintech Pledge initiative is designed to foster closer collaboration between banks and fintechs so that the UK can continue building a globally competitive fintech ecosystem Continue Reading
-
News
11 Sep 2020
Facebook takes legal action against Irish privacy watchdog
Facebook’s legal action against the Data Protection Commission will attempt to preserve the company’s ability to transfer European citizens’ data to the US despite its lower privacy protections Continue Reading
-
News
11 Sep 2020
Travel industry websites are laughably insecure, claims Which?
The travel industry is failing to take the data security of its customers seriously, according to a Which? investigation Continue Reading
-
News
11 Sep 2020
Russian interference in US elections ramps up on schedule
With the critical US 2020 presidential election looming, Russian-state backed hackers are once again after organisations directly involved in political elections, launching thousands of targeted attacks Continue Reading
-
News
10 Sep 2020
Irish privacy watchdog orders Facebook to stop sending user data to the US
Irish privacy watchdog orders Facebook to suspend transfers of European citizens’ data to the US after Schrems II ruling that Europeans have no effective way to challenge American government surveillance Continue Reading
-
News
10 Sep 2020
Datacentre firm Equinix investigating ransomware attack
A number of internal systems at cloud and datacentre firm Equinix have been affected by a ransomware attack Continue Reading
-
News
08 Sep 2020
TechUK urges government to back emerging digital clean technology sector
To ensure the UK reaches its climate and decarbonisation goals, TechUK is calling on the government to support the emerging clean tech sector Continue Reading
-
News
07 Sep 2020
Government DPOs challenged by volume of GDPR work
Data protection officers working across the UK government are finding it tough to keep up with the increased workload generated by GDPR, according to a report Continue Reading
-
News
07 Sep 2020
AI Summit 2020: Regulating AI for the common good
Speakers and panellists at the virtual AI Summit 2020 spoke about the tensions between cooperation and competition in the development of artificial intelligence Continue Reading
-
News
04 Sep 2020
HotelBeds uses API management platform to reduce cost
HotelBeds has switched from its legacy suppler to a licensed service in an effort to reduce API management costs after traffic doubles Continue Reading
-
Opinion
04 Sep 2020
Security Think Tank: Beware security blind spots at the edge
That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading
-
News
03 Sep 2020
One actor behind Magecart skimmer kit
RiskIQ has identified that variations in software tools used for Magecart ecommerce site attacks are based on kits from the same group Continue Reading
-
Opinion
03 Sep 2020
Security Think Tank: Datacentre security is a business imperative
That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading
-
News
02 Sep 2020
Ethical and professional data science needed to avoid further algorithm controversies
BCS is calling for higher ethical and professional standards in algorithmic development to ensure public trust in future government information systems Continue Reading