IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
25 Oct 2024
Dutch critical infrastructure at risk despite high leadership confidence
Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise Continue Reading
-
News
11 Jul 2024
Dutch research firm TNO pictures the SOC of the future
In only a few years, security operations centres will have a different design and layout, and far fewer will remain Continue Reading
-
News
18 Oct 2021
How Samlesbury, Lancashire became the home of the National Cyber Force
The National Cyber Force, a new branch of the military, is gearing up to fight battles in cyber space from the fields of Lancashire. Its presence is expected to bring a high-tech renaissance to the region Continue Reading
-
Opinion
18 Oct 2021
No easy fix for vulnerability exploitation, so be prepared
Vulnerability management and disclosure is a tricky business with ethical and business ramifications for software vendors, CISOs and ethical hackers alike – and CISOs sit right in the middle of this Continue Reading
-
Opinion
15 Oct 2021
Doing the right thing: How CISOs should approach responsible disclosure
Owen Wright, responsible for penetration testing and adversary simulation at Context, part of Accenture Security, advises how CISOs should approach responsible disclosure Continue Reading
-
News
14 Oct 2021
Apple scheme to detect child abuse creates serious privacy and security risks, say scientists
Apple’s plan to automatically scan photos to detect child abuse would unduly risk the privacy and security of law-abiding citizens and could open up the way to surveillance, say the world’s top cryptographic experts Continue Reading
-
E-Zine
14 Oct 2021
CW APAC, October 2021: Tech Career Guide
Despite marked improvements, tech still faces a diversity problem. In this handbook, focused on cyber security’s gender gap in the Asia-Pacific region, Computer Weekly looks at the mentoring programmes aiming to combat the issue, the career path of IAG’s Elaine Muir, how hacking won Claudean Zheng a job and what else needs to be done to tackle the ongoing gender imbalance Continue Reading
-
News
14 Oct 2021
NHS Digital enhances in-house cyber awareness drive
Keep IT Confidential campaign aims to help NHS staff understand more about security threats and learn how to reduce risk Continue Reading
-
Opinion
14 Oct 2021
Encryption protects the marginalised – and it’s under threat
Encryption keeps marginalised groups connected and safe, but new regulatory attempts to break it put them at risk Continue Reading
-
News
13 Oct 2021
Google Cybersecurity Action Team springs into life
Google has announced a new Cybersecurity Action Team, with a mission to support security and digital transformation in governments, critical infrastructure, enterprises and small businesses Continue Reading
-
News
13 Oct 2021
FCA warns over future hybrid working security risks
Earlier this week, the Financial Conduct Authority issued fresh guidance to regulated organisations on keeping hybrid workers safe and secure Continue Reading
-
News
13 Oct 2021
Microsoft warns of MysterySnail on October Patch Tuesday
Microsoft has fixed a zero-day that is being actively exploited to deliver a new remote access trojan dubbed MysterySnail to targets Continue Reading
-
News
13 Oct 2021
Australia unveils ransomware action plan
The Australian government has established a task force to address the ransomware menace and is proposing legislation to mandate reporting of ransomware incidents by businesses Continue Reading
-
News
12 Oct 2021
BCS calls on government to retain protections against AI
BCS, the Chartered Institute for IT, wants the government to retain protections that allow people to have decisions about them made by an AI reviewed by humans if needed Continue Reading
-
News
11 Oct 2021
Covid-19 will loom over cyber strategy for years to come
In remarks delivered to a Chatham House conference, NCSC head Lindy Cameron reflects on the security challenges facing the UK, and sets out some plans for the future Continue Reading
-
News
11 Oct 2021
Sensitive documents to stay with whistleblower after deadline for agreement for their return passes
A deadllne to agree the safe return of the sensitive banking details of former and current NatWest Group customers has passed without agreement Continue Reading
-
News
11 Oct 2021
Singapore refreshes cyber security strategy
The city-state updates its national cyber security strategy to shore up the security of critical infrastructure and enterprises while growing its cyber security industry, among other goals Continue Reading
-
News
08 Oct 2021
Fast-moving Ryuk campaign targets healthcare organisations
Newly designated FIN12 gang leverages the work of the cyber criminal ecosystem to conduct lightning-fast ransomware attacks Continue Reading
-
News
08 Oct 2021
NatWest admits to weaknesses in anti-money laundering systems
Bank pleads guilty to failures concerning the laundering of hundreds of millions of pounds, but says it has since improved its anti-money laundering systems Continue Reading
-
News
07 Oct 2021
ICO expresses concerns over its future independence
In its response to the government’s data protection consultation, the Information Commissioner’s Office has raised worries over its future ability to function independently of government interference Continue Reading
-
News
06 Oct 2021
US lawmakers propose ransomware reporting rules
Former presidential candidate Elizabeth Warren lends her support to a bill that would require corporate ransomware victims to disclose more information about their attacks to the authorities Continue Reading
-
Opinion
06 Oct 2021
Security Think Tank: Responsible vulnerability disclosure is a joint effort
By working hand-in-hand, developers and security researchers can both play a vital role in ensuring newly-discovered vulnerabilities are addressed appropriately, writes Paddy Francis of Airbus CyberSecurity Continue Reading
-
News
06 Oct 2021
Gaming service Twitch hacked, data leaked
Users of livestreaming platform Twitch may be at risk after a 125GB torrent of data was leaked Continue Reading
-
News
06 Oct 2021
Auto-enrolment begins for Google multi-factor authentication
Google has started to turn on multi-factor authentication on consumer accounts by default, and aims to auto-enrol 150 million users by the end of 2021 Continue Reading
-
News
05 Oct 2021
New Python-based ransomware attacks unfold in record time
Sophos researchers detail a new variety of Python-based ransomware attack targeting VMware ESXi-hosted VMs Continue Reading
-
Opinion
05 Oct 2021
Invest in cyber security with confidence using a structured approach
Cyber security has never been more challenging or important in rapidly changing business, regulatory, IT and threat environments. There is a need for a more structured approach to investment Continue Reading
-
News
05 Oct 2021
Australian organisations lack maturity in responsible AI
Most Australian organisations are still in the early stages of their responsible artificial intelligence efforts despite growing use of AI by businesses and consumers, study finds Continue Reading
-
News
04 Oct 2021
One Identity buys OneLogin for access management expertise
Acquisition of OneLogin adds access management solutions to One Identity’s Unified Identity Security platform Continue Reading
-
News
04 Oct 2021
Two arrests made in European ransomware investigation
Unnamed ransomware operation was disrupted last week in Kiev, Ukraine, following a coordinated investigation Continue Reading
-
Opinion
04 Oct 2021
Security Think Tank: Embracing vulnerability management for the greater good
When it comes to vulnerability management, CISOs should define a responsible disclosure policy so that they can receive and manage identified vulnerabilities transparently, practically and collaboratively, says Paul Watts of the ISF Continue Reading
-
News
01 Oct 2021
Amnesty International exploited in malware campaign
According to new intelligence from Cisco Talos, Amnesty International’s branding and profile is being used as part of a new malware campaign that exploits people’s fears of the notorious Pegasus spyware app Continue Reading
-
News
29 Sep 2021
FoggyWeb malware latest tool of dangerous Nobelium APT
Microsoft’s threat intelligence team warns of a new strain of malware being used by the Russia-linked Nobelium APT Continue Reading
-
News
29 Sep 2021
Dedicated number for victims of fraud launched amid national security threat
Consumers that suspect they are being targeted by fraudsters can call 159 to be directly linked to their bank, as part of a 12-month pilot Continue Reading
-
News
29 Sep 2021
The Security Interviews: How SolarWinds came through its darkest hour
In his first major UK press interview, SolarWinds CEO Sudhakar Ramakrishna tells Computer Weekly how a relentless focus on transparency saw the company safely through a nightmare cyber breach scenario Continue Reading
-
News
28 Sep 2021
How one red team exercise averted a new SolarWinds-style attack
Palo Alto Networks shares details of how its red teamers found and sealed a customer vulnerability that could have led to another SolarWinds-style supply chain attack Continue Reading
-
News
27 Sep 2021
Women and BAME people bear brunt of cyber crime impact
Cyber crime has a disproportionate impact on women and BAME people, according to a new report Continue Reading
-
Video
24 Sep 2021
Empowering APAC women on the frontlines of cyber security
In this webinar, we discuss the issues facing women in cyber security, the challenges of breaking into the field and why it’s important to close the gender gap Continue Reading
-
Opinion
24 Sep 2021
Facial recognition cannot be a standalone authentication method
As more organisations look to facial recognition to improve their digital identity practices, they must remember that it cannot stand in isolation Continue Reading
-
News
24 Sep 2021
How Australia punches above its weight in cyber security
Australia is playing to its strengths in niche areas such as governance and deep tech to punch above its weight in the cyber security industry Continue Reading
-
News
23 Sep 2021
Fresh alert over Conti ransomware surge
Conti ransomware crew appears increasingly active, prompting fresh warnings from the US authorities Continue Reading
-
News
23 Sep 2021
MoD in second leak of Afghan citizens’ data
A second breach of data relating to Afghan citizens at risk of Taliban reprisals has been reported by the Ministry of Defence Continue Reading
-
News
23 Sep 2021
Threat actors target VMware vCenter Server users
Users of VMware vCenter Server are advised to patch a series of vulnerabilities post haste Continue Reading
-
News
23 Sep 2021
Authorised push payment fraud sees huge increase as criminals switch tactics
Criminals tricking people into making payments through channels such as fake emails and websites have stolen more money than payment card fraudsters Continue Reading
-
Opinion
21 Sep 2021
Managing cyber risk through integrated supply chains
High-profile supply chain cyber attacks have caused huge disruption this year. PA Consulting’s Carl Nightingale considers key questions business leaders should be asking of their organisations Continue Reading
-
News
21 Sep 2021
US sanctions Suex crypto exchange over ransomware links
US Treasury cracks down on cryptocurrency exchange that supposedly facilitated proceeds from multiple ransomware gangs Continue Reading
-
News
21 Sep 2021
Investigation launched after MoD email blunder
Exposure of PII on Afghan interpreters who worked with the UK may put hundreds at risk of Taliban reprisals Continue Reading
-
News
16 Sep 2021
Dutch education administrators underestimate threat of cyber crime
Research shows educational establishments in the Netherlands are becoming favoured targets of cyber criminals and administrators are underestimating the risks Continue Reading
-
News
16 Sep 2021
Travel-themed phishing lures spiked this summer
As people begin to take holidays again after more than a year of restrictions and lockdowns, opportunist cyber criminals have taken note, according to new data from Palo Alto’s Unit 42 Continue Reading
-
News
15 Sep 2021
Microsoft patches 66 vulnerabilities in September update
Another lighter-than-usual Patch Tuesday update includes important fixes for recently disclosed vulnerabilities, including a dangerous zero-day, and an update in the PrintNightmare saga Continue Reading
-
News
14 Sep 2021
Mass health tracker data breach has UK impact
The leak of a database of 61 million users of health-tracking devices includes records on individuals located in the UK Continue Reading
-
News
14 Sep 2021
Cost of ransomware attack in financial sector exceeds $2m
Mid-sized financial services organisations worldwide spend an average of over $2m recovering from ransomware attacks Continue Reading
-
News
13 Sep 2021
Smishing attacks up sevenfold in six months
Scam text messages are reaching pandemic proportions, thanks in part to the pandemic Continue Reading
-
News
09 Sep 2021
UK GDPR faces changes under planned reforms
DCMS is launching a major consultation on proposed changes to the UK’s data protection regime, under which several key elements of the GDPR are likely to change Continue Reading
-
News
09 Sep 2021
Latest Microsoft zero-day being actively exploited
New Microsoft zero-day CVE-2021-40444 affects multiple versions of Windows and is probably being exploited through convincing phishing attacks Continue Reading
-
E-Zine
09 Sep 2021
CW Europe: Dutch researchers build security software to mimic human immune system
In this issue of CW Europe, find out how researchers in the Netherlands are attempting to help IT systems fight certain cyber attacks in a similar way to the human immune system works. One of the team at Dutch research institute TNO was originally an immunologist, and saw parallels with the human immune system in the field of cyber security. Also in this issue, find out about the so-called “Klarna academy” in Stockholm, which has created the next set of Nordic fintech entrepreneurs. Continue Reading
-
News
08 Sep 2021
REvil reappearance may herald new ransom campaigns
The re-emergence of the infamous REvil ransomware gang is a likely sign that more high-profile attacks will unfold over the coming weeks Continue Reading
-
News
08 Sep 2021
Covid positive for security market, but still a source of stress
CIISec’s latest “State of the profession report” highlights both positives and challenges for cyber pros arising from the past two years Continue Reading
-
News
08 Sep 2021
Stolen credit card data worth about £13 on dark web, PayPal worth more
The average price of a stolen credit card on a dark web marketplace comes in at around $17.40, or £12.60, according to new data – but the real money for cyber criminals is in hacked PayPal accounts Continue Reading
-
Opinion
08 Sep 2021
Security Think Tank: Optimising privacy, post-GDPR
Airbus CyberSecurity CTO Paddy Francis explores the impact of regulation on data protection, and how it has changed how one goes about optimising data privacy in the enterprise Continue Reading
-
Feature
08 Sep 2021
Bridging the gender gap in cyber security
Some professional groups and companies in Asia are working hard to improve awareness of the cyber security profession and mentoring talented women in a bid to bridge the gender gap Continue Reading
-
News
07 Sep 2021
OT security in APAC remains work in progress
Two operational technology security experts shed light on the state of OT security in the region, and what’s being done to address skills, competency and organisational challenges Continue Reading
-
Opinion
07 Sep 2021
Security Think Tank: A response to planned data protection changes
The ISF’s Emma Bickerstaffe assesses how organisations might respond to proposed changes to the UK’s data protection regime Continue Reading
-
Opinion
06 Sep 2021
The rise of the chief risk officer
The impact of the Covid-19 pandemic has seen chief risk officers take their rightful place in the boardroom Continue Reading
-
Opinion
06 Sep 2021
UK’s new data protection strategy risks costing business more than it gains
The apparent business benefits of pursuing data adequacy agreements around the world may not be as enticing as they at first appear Continue Reading
-
Feature
06 Sep 2021
How do SOAR and SIEM services fare in a rapidly changing cyber threat landscape?
Given that cyber risks are rapidly growing in sophistication and number, we look at whether SIEM and SOAR security tools are still effective Continue Reading
-
News
03 Sep 2021
Mandiant, Sophos detail dangerous ProxyShell attacks
Threat researchers and incident responders continue to track threat activity around the dangerous ProxyShell Microsoft Exchange vulnerabilities, including impactful ransomware hits Continue Reading
-
News
03 Sep 2021
China accused of cyber attacks on Norwegian IT systems
China-based cyber attackers have been blamed for multiple assaults on IT systems in Norway Continue Reading
-
News
02 Sep 2021
How high can the contactless card limit go without two-factor authentication?
The spending limit for contactless cards has reached an eyebrow-raising triple-digit figure – £100 – raising questions about the need for user authentication Continue Reading
-
News
02 Sep 2021
WhatsApp fined €225m over GDPR breaches
Irish data protection watchdog has issued one of the largest GDPR fines to date against Facebook-owned WhatsApp Continue Reading
-
News
02 Sep 2021
Finance firms faced up to £760,000 costs per DNS attack during pandemic
Financial services firms have been the focus of attacks by cyber criminals during the Covid-19 crisis Continue Reading
-
Opinion
02 Sep 2021
Security Think Tank: Managing data securely throughout its lifecycle
Managing data in a secure manner is key to ensuring its integrity and therefore its value to the organisation, as well as reducing risk from breaches and misinformation Continue Reading
-
News
01 Sep 2021
Experts warn on Office 365 phishing attacks
Newly observed campaign is particularly dangerous because it appears to neutralise one of the most widely known anti-phishing techniques Continue Reading
-
News
01 Sep 2021
Remote workers routinely bypassed security tools during pandemic
New data from Palo Alto Networks reveals that over 25% of UK security leaders saw their employees circumventing or switching off security measures at the height of the pandemic Continue Reading
-
Feature
01 Sep 2021
Making a mark in cyber security
Claudean Zheng’s knack for hacking landed her a career in cyber security, one that has been dotted by stints in both public and private sectors Continue Reading
-
News
31 Aug 2021
GovTech launches vulnerability rewards programme
Vulnerability rewards programme will offer rewards ranging from $250 to $5,000 to white hat hackers who find vulnerabilities in critical government systems Continue Reading
-
Opinion
27 Aug 2021
Supply chain cyber security is only as strong as the weakest link
A spate of high-profile cyber attacks has highlighted the criticality of supply chain security and put new pressures on security leaders. How can we ensure that cyber security remains robust down the full length of supply chains? Continue Reading
-
Opinion
27 Aug 2021
How the cyber security market is evolving
The cyber security market has gained even greater importance in the post-Covid era and continues to grow and evolve. But what factors are driving trends in that market and what should your organisation consider when making cyber security investments? Continue Reading
-
News
27 Aug 2021
Are proposed data protection changes a threat to UK citizens’ privacy?
Though changes are as-yet undefined pending an upcoming consultation, concerns are already being expressed over the government’s plan to liberalise data protection laws in the service of innovation and growth Continue Reading
-
News
26 Aug 2021
Government unveils post-Brexit data flow proposals
The government will pursue data partnerships with countries including Australia, South Korea and the US as part of a post-Brexit data regime that may also see substantial changes to the UK’s data protection law Continue Reading
-
Opinion
26 Aug 2021
Security Think Tank: Steps to a solid data privacy practice
Petra Wenham of the BCS shares her expertise on building, or rebuilding, a solid business data privacy practice in a post-Covid-19 world Continue Reading
-
News
26 Aug 2021
NZ privacy lead John Edwards named new information commissioner
DCMS has named John Edwards, currently New Zealand privacy commissioner, to succeed Elizabeth Denham as UK information commissioner Continue Reading
-
News
25 Aug 2021
Calling the cops for ransomware attacks doesn’t help, say cyber pros
A new study for the #Ransomaware campaign reveals some insight into why so few victims report ransomware attacks Continue Reading
-
News
25 Aug 2021
UK loses £1.3bn to fraud and cyber crime so far this year
New figures from the National Fraud Intelligence Bureau show a threefold spike in reported financial losses to fraud and cyber crime in the first six months of 2021 Continue Reading
-
News
24 Aug 2021
Half of MS Exchange servers at risk in ProxyShell debacle
Up to 50% of MS Exchange users in the UK are exposed to three vulnerabilities that are now being actively exploited Continue Reading
-
Opinion
24 Aug 2021
The ransomware debate – to pay or not to pay?
The debate around banning ransomware payments is highly nuanced, and we must take care to avoid overt victim-blaming, in favour of an open and honest approach, says SASIG’s Martin Smith Continue Reading
-
News
24 Aug 2021
Over a million opt out of NHS data-sharing
Failure to communicate benefits of data-sharing proposals and privacy concerns are prompting large numbers of people to opt out of a proposed NHS Digital scheme Continue Reading
-
E-Zine
24 Aug 2021
How datacentre power growth is leaving Dublin in distress
In this week’s Computer Weekly, we look at the challenges faced by Dublin’s datacentre sector, as growth leaves the city’s electricity infrastructure creaking. We ask whether recent initiatives to close the UK’s digital skills gaps are working. And we examine the latest injustice to hit the Post Office Horizon scandal. Read the issue now. Continue Reading
-
Feature
23 Aug 2021
Considerations when deciding on a new SIEM or SOAR tool
A successful deployment of any security tool very much depends on the maturity of security processes in the organisation Continue Reading
-
News
23 Aug 2021
Flexxon and Lenovo tie up on AI-infused SSDs
Singapore-based Flexxon teams up with Lenovo to make its solid-state drive that uses artificial intelligence to fend off cyber threats available on ThinkPad-based laptops Continue Reading
-
Opinion
20 Aug 2021
Security Think Tank: Data privacy not in isolation, but on a spectrum
The gap between data privacy and data governance is narrowing, and security leaders need to be aware of the implications, says KuppingerCole’s Anne Bailey Continue Reading
-
News
19 Aug 2021
Pub apps harvesting swathes of customer data unnecessarily
Some pub and restaurant chain apps demand data such as gender and marital status, raising eyebrows among privacy campaigners Continue Reading
-
News
19 Aug 2021
IT leaders fear ‘trickle-down’ of nation-state cyber attacks
Three-quarters of IT decision-makers are concerned that the tactics, techniques and procedures used by nation-state attackers could be used against them Continue Reading
-
News
18 Aug 2021
MoD seeks security tech to harden military systems
The Defence and Security Accelerator has launched a programme to root out technology that will reduce the military’s exposure to cyber attacks Continue Reading
-
Opinion
18 Aug 2021
Security Think Tank: Data privacy and ethics in a post-Covid world
The radical change caused by the pandemic requires new approaches to data privacy practice, says PA Consulting’s Daniel Gordon Continue Reading
-
News
17 Aug 2021
Educational publisher Pearson fined for data breach cover-up
Securities and Exchange Commission says publisher misled its investors over the extent of a 2018 data breach Continue Reading
-
News
17 Aug 2021
Security Think Tank: Building privacy-preserving apps and platforms
ISACA’s Gaurav Deep Singh Johar explores how to embed privacy practices into digital platform architecture Continue Reading
-
16 Aug 2021
When is SIEM the right choice over SOAR?
Better instrumentation leads to better IT security but monitoring can quickly overload IT teams. Automation can help, but it may not always be needed Continue Reading
-
News
16 Aug 2021
Nearly half of retailers hit by ransomware in 2020
In the face of increasingly prevalent and sophisticated ransomware attacks, retail organisations need to develop alternative ways of restoring lost or encrypted data, as paying the ransom does not guarantee its return in almost a third of cases Continue Reading
-
Feature
16 Aug 2021
When is SIEM the right choice over SOAR?
Better instrumentation leads to better IT security but monitoring can quickly overload IT teams. Automation can help, but it may not always be needed Continue Reading
-
News
13 Aug 2021
Cyber Runway programme supports new security businesses
The Cyber Runway programme is a government-backed scheme to support entrepreneurs, startups and scaleups in launching and growing new security businesses Continue Reading
-
News
12 Aug 2021
ICO consults on new international data transfer agreement
Information Commissioner’s Office to consult on its draft international data transfer agreement and guidance, which will replace standard contractual clauses to protect personal data during overseas transfers Continue Reading
-
E-Zine
12 Aug 2021
CW Benelux: Netherlands sees increase in the number of women opting for an ICT career
The IT skills gap in the Netherlands could be about to narrow as more women take up jobs in the sector. Figures from last year revealed that the number of female ICT professionals grew by 6.5%, while the number of male ICT professionals increased by only 1.7%. Read more about it in this issue. Also find out why more openness about ransomware attacks in the Dutch business community could be the first step to defeating a growing problem. Continue Reading