IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
25 Oct 2024
Dutch critical infrastructure at risk despite high leadership confidence
Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise Continue Reading
-
News
11 Jul 2024
Dutch research firm TNO pictures the SOC of the future
In only a few years, security operations centres will have a different design and layout, and far fewer will remain Continue Reading
-
Opinion
21 Dec 2018
Security Think Tank: Put collaboration on 2019 security agenda
At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not Continue Reading
-
News
20 Dec 2018
Marriott data breach losses could be over half a billion dollars
Direct losses related to a huge data breach at US hotel group could reach $600m Continue Reading
-
News
19 Dec 2018
Lauri Love battles police for return of computers as NCA confirms live investigation
The National Crime Agency (NCA) confirms there is a live investigation into Lauri Love in the UK, as Love brings legal action against UK police for the return of seized computer equipment Continue Reading
-
Opinion
19 Dec 2018
Security Think Tank: Align security strategy to business objectives
At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted and did happen and one thing that should happen in 2019, but probably will not Continue Reading
-
News
18 Dec 2018
APAC cyber security landscape to be more tumultuous in 2019
Amid growing cyber threats, the Asia-Pacific cyber security landscape will not get any rosier in 2019 unless organisations start shoring up their cyber hygiene Continue Reading
-
Opinion
18 Dec 2018
Security Think Tank: Let’s get back to basics in 2019
At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not Continue Reading
-
News
17 Dec 2018
Top 10 ASEAN stories of 2018
Organisations across Southeast Asia have been doubling down on efforts to take the lead in digital transformation initiatives Continue Reading
-
Opinion
17 Dec 2018
Security Think Tank: Prioritise multifactor authentication in 2019
At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not Continue Reading
-
News
14 Dec 2018
Iranian cyber espionage highlights human element
State-backed hackers in Iran have reportedly upped efforts to compromise US officials’ email accounts using phishing scams Continue Reading
-
News
14 Dec 2018
Australia passes controversial encryption law
Arguments continue over law that requires companies to work with government agencies to ensure that encrypted communications can be read if a crime is suspected Continue Reading
-
Opinion
14 Dec 2018
Security Think Tank: Smart botnets resist attempts to cut comms
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including "sleepers" designed to be activated at a future date Continue Reading
-
Opinion
14 Dec 2018
Security Think Tank: Strategies for blocking malware comms
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date? Continue Reading
-
News
13 Dec 2018
Machine identity protection development gets funding boost
Cyber security firm Venafi has launched a development fund aimed at accelerating the delivery of protection for machine identities Continue Reading
-
News
13 Dec 2018
Social engineering at the heart of critical infrastructure attack
Social engineering is the core technique used in a series of cyber attacks targeting government, defence, nuclear, energy and financial organisations around the world, which means people are key to defence Continue Reading
-
E-Zine
13 Dec 2018
CW Europe: Russia banks on electronic payments
A recent study by Sberbank, Russia’s largest state-run lender, shows the country has experienced a cashless payment boom over the past decade. Also read about the attempt by four Russians to break into the networks of the Organisation for the Prohibition of Chemical Weapons in The Hague, and why the Estonian government is directly targeting IT professionals in the UK. Continue Reading
-
News
13 Dec 2018
Most UK retailers plan to up cyber security
The majority of UK retailers are planning to increase cyber security measures during the Christmas season, a survey reveals Continue Reading
-
Opinion
12 Dec 2018
Security Think Tank: Prevention and detection key to disrupting malware comms
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date? Continue Reading
-
Opinion
11 Dec 2018
Security Think Tank: Severing C&C comms is key, but complex
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date? Continue Reading
-
News
11 Dec 2018
Mac malware makes debut in top 10 list
Mac malware appears in the WatchGuard top 10 malware list for first time, and 6.8% of major websites still use an insecure SSL protocol, according to the firm’s latest internet security report Continue Reading
-
News
11 Dec 2018
Large disparity in NHS cyber skills and training spend
Despite government pledges to up cyber security spending across the NHS, there are still huge disparities in cyber security skills and spending on cyber security training, FoI requests reveal Continue Reading
-
News
10 Dec 2018
O2 expected to pursue Ericsson for compensation over 24-hour stoppage
Mobile network operator could seek up to £100m in damages from its supplier, which failed to update expired software certificates, causing a day-long outage Continue Reading
-
Opinion
10 Dec 2018
Security Think Tank: Firms neglect DNS security at their peril
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date? Continue Reading
-
News
10 Dec 2018
UK businesses feel let down by government on cyber security
Government needs to provide more support around cyber security issues in 2019, according to the majority of UK IT leaders polled Continue Reading
-
News
07 Dec 2018
Half of business leaders unaware of BPC cyber attacks
Half of management teams polled in 12 countries, including the UK, are unaware of business process compromise (BPC) attacks Continue Reading
-
Opinion
07 Dec 2018
Security Think Tank: Three steps to detect malware comms
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date? Continue Reading
-
Opinion
06 Dec 2018
Security Think Tank: How to tool up to catch evasive malware comms
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date? Continue Reading
-
News
06 Dec 2018
Fileless malware surge, warns Malwarebytes report
Data from millions of consumers reveals an uptick in fileless malware and other new-generation malware that calls for a new cyber security approach, report reveals Continue Reading
-
News
06 Dec 2018
Adobe releases Flash patch for zero-day exploit
Emergency security update released for zero-day vulnerability that is being exploited in the wild via a Microsoft Office document, according to researchers Continue Reading
-
Opinion
05 Dec 2018
Drawing the line for cyber warfare
With alleged Russian meddling in elections and the state-backed attack on Iran’s nuclear programme, it is becoming difficult to define the boundaries of cyber warfare Continue Reading
-
News
05 Dec 2018
BT moves to strip Huawei kit from EE’s network
Telco will remove Huawei’s networking equipment from the core of EE’s 4G mobile network Continue Reading
-
Opinion
05 Dec 2018
Security Think Tank: Situational awareness underpins effective security
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure they detect such methods and that all C&C systems are removed, including ‘sleepers’ designed to be activated at a future date? Continue Reading
-
News
05 Dec 2018
Nominet brings security expertise and tech to market
The .uk domain registry is to bring its DNS expertise and technology developed for the NCSC to market to address cyber security ‘blindspot’ Continue Reading
-
News
04 Dec 2018
‘Open-minded’ DVSA cuts cost of MOT testing
Government agency harnesses customised open source platform to ensure data security while cutting costs and plans to extend its MOT testing capability to do the same for drivers’ theory tests Continue Reading
-
News
04 Dec 2018
Financial institutions’ data at risk despite security spending
Despite increased spending on cyber security, digital transformation and advanced attacks mean financial institutions’ data is still at risk, a report reveals Continue Reading
-
Opinion
04 Dec 2018
Security Think Tank: Basic steps to countering malware comms
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure they detect such methods and that all C&C systems are removed, including "sleepers" designed to be activated at a future date Continue Reading
-
News
04 Dec 2018
100 million Quora.com user details exposed
Question-and-answer site is the latest organisation to admit a breach of users’ personal data, with industry commentators calling out credential theft as a top cause of such breaches Continue Reading
-
News
03 Dec 2018
Liberty heads for judicial review over Investigatory Powers Act
The UK's powers to conduct supsicionless bulk surveillance on individuals and organisations face a legal challenge in the high court next year Continue Reading
-
Opinion
03 Dec 2018
Security Think Tank: Combine tech, process and people to block malware comms
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including "sleepers" designed to be activated at a future date. Continue Reading
-
News
03 Dec 2018
BT announces new head of security business
BT has appointed a former law enforcement officer and BT investigator as the new head of its security business Continue Reading
-
News
30 Nov 2018
WannaCry borderline national cyber emergency
The May 2017 WannaCry attack, which disrupted services at one-third of NHS trusts and more than 600 primary care organisations is the closest the UK has come to a national cyber emergency, says the NCSC Continue Reading
-
News
30 Nov 2018
E-commerce sites warned of heightened DDoS threat
E-commerce sites are being urged to ensure that they have adequate DDoS protection ahead of the vital holiday trading season after attacks ramped up on Black Friday and Cyber Monday Continue Reading
-
News
29 Nov 2018
UK cyber security strategy making ‘good progress’
The National Cyber Security Strategy is making good progress, but there is much left to be done, according to a Cabinet Office official Continue Reading
-
News
28 Nov 2018
Cyber resilience lacking due to apathy of UK leaders
An unwillingness to accept that cyber is a real threat to critical national infrastructure by UK political and business leaders has resulted in a lack of resilience, says security industry veteran Continue Reading
-
News
28 Nov 2018
FCA deeply concerned as no end in sight for IT failures in banking
The FCA has reported a massive increase in the number of banking IT failures in the UK and admitted there is no end in sight Continue Reading
-
News
27 Nov 2018
GDPR is encouraging UK IT directors to pay cyber ransoms
As predicted ahead of the General Data Protection Regulation enforcement deadline, research shows that fear of fines under the new laws is making some firms more likely to pay cyber ransoms Continue Reading
-
News
26 Nov 2018
Unprecedented actions by Commons committee augur badly for Facebook
House of Commons’ serjeant-at-arms effectively arrested the CEO of a US software company and frogmarched him to Parliament, where he was told he would be imprisoned if he failed to hand over papers on Facebook Continue Reading
-
E-Zine
22 Nov 2018
CW Nordics: Swedish IT sector advises on election security
The security measures assembled and implemented around the 2018 election in Sweden were devised in consultation with leading actors within the country’s private IT sector. Also read about how Denmark’s ambition to become a leading ocation for hyperscale datacentres is gaining momentum, and why Estonia wants to recruit IT professionals from the UK. Continue Reading
-
News
17 Nov 2018
Credit card fraud in ANZ showing no signs of abating
The value of fraudulent transactions more than doubled that of legitimate purchases during the third quarter this year Continue Reading
-
News
16 Nov 2018
UK firms in the dark around the impact of cyber attacks
UK firms have a long way to go in building the business resilience required to withstand cyber threats and other major disruptions, a study shows Continue Reading
-
News
15 Nov 2018
Keep people at the centre of risk management, says consultant
In assessing the cyber risks to a business, security professionals should start with the people in an organisation and keep them at the centre in identifying and mitigating risk, says consultant Continue Reading
-
News
15 Nov 2018
Enterprises lack capability against persistent cyber attacks
A report urges organisations to strengthen their cyber defence capabilities to pre-empt, detect and respond to post-breach attacks Continue Reading
-
News
15 Nov 2018
DeepMind won’t share patient data with Google ‘at this stage’, says company’s health boss
Amid concerns and questions around Google’s takeover of the DeepMind’s Streams app, Dominic King, the company’s health lead, promises that ‘at this stage’, nothing will change, and it won’t share any patient data with the internet giant Continue Reading
-
News
14 Nov 2018
AI-enhanced security tools necessary for today’s threats
Machine learning-enhanced tools are necessary to keep up with current threats, but are not perfect and will not solve the security skills gap problem, says KuppingerCole Continue Reading
-
News
14 Nov 2018
Zero-trust security not an off-the-shelf product
The zero-trust security model is a business enabler that needs to be supported by a strategy and security architecture, analyst warns cyber security leaders Continue Reading
-
News
13 Nov 2018
User behaviour analytics adding new insight
User behaviour analytics is helping to add new insights by providing the missing element in security event information management approaches, says Martin Kuppinger Continue Reading
-
News
12 Nov 2018
Home Office to use smartphone ID for EU Exit scheme
The Home Office will use smartphone digital identity verification to support applications for the government’s EU Exit Settlement Scheme Continue Reading
-
News
12 Nov 2018
Firms lack responsible exec for cyber security
Narrow gap between CEO, CIO and CISO roles means no single executive function is stepping up to take responsibility for cyber security, a study shows Continue Reading
-
Opinion
12 Nov 2018
GCHQ offers help to embryonic Irish cyber security organisation
Ciaran Martin head of the UK's National Cyber Security Centre, part of GCHQ, builds bridges with the Republic of Ireland's intelligence community during an official visit to Dublin Continue Reading
-
News
09 Nov 2018
Post-quantum cryptography a major challenge, says expert
The crypto wars are just beginning and open systems are key to improved security in future, says cryptography expert Continue Reading
-
News
07 Nov 2018
Decentralised ID key to identity security
Enterprises need to step up protections around identity-related compromises and look to decentralised identity in the longer term to improve security, says computer scientist Continue Reading
-
Opinion
07 Nov 2018
Security Think Tank: Top considerations to reduce application layer attacks
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
News
06 Nov 2018
Start preparing for post-quantum data protection
Organisations that need to retain sensitive information for long periods of time need to start preparing for the post-quantum era, according to an IBM security architect Continue Reading
-
Opinion
06 Nov 2018
Security Think Tank: Gap, risk and business impact analysis key to application security
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
Opinion
05 Nov 2018
Security Think Tank: Three ways to safeguard against application layer vulnerabilities
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
News
02 Nov 2018
DevSecOps not limited to coding, says analyst
DevSecOps is seen as a way of ensuring application security, but security leaders must understand that embedding a security culture and taking the inter-dependencies of new development frameworks into account is key, says KuppingerCole Continue Reading
-
Opinion
02 Nov 2018
Security Think Tank: Deploy multiple defence layers to protect data-rich applications
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
News
02 Nov 2018
Facebook to appeal EU-US data transfer ruling in Irish Supreme Court
Facebook will appeal a decision by the Irish High Court to refer questions over the legality of EU-US data transfers to the European Court of Justice in January, as the Dublin court rejects attempt by a UK IT expert to join the case Continue Reading
-
Opinion
01 Nov 2018
Security Think Tank: A three-pronged approach to application security
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
Opinion
31 Oct 2018
Think Tank: Application layer attack mitigation needs to start with risk analysis
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
News
30 Oct 2018
Australia’s data breaches are a ‘sign of naiveté’
McAfee executive attributes Australia’s poor cloud security record to the lack of data protection measures amid “new and confusing” cloud configurations Continue Reading
-
Opinion
30 Oct 2018
Security Think Tank: Defend application layer with good security hygiene
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
Opinion
29 Oct 2018
Security Think Tank: Counter application layer attacks with automation
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
News
26 Oct 2018
DNS attacks cost finance firms millions of pounds a year
Average cost of recovering from a single DNS attack is $924,390 for a large financial services company, survey shows Continue Reading
-
Opinion
26 Oct 2018
Security Think Tank: Focus on security before app deployment
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
News
26 Oct 2018
IoT ecosystem needs to be investigated, say experts
A conference of IoT experts convened by Enisa and Europol has made key recommendations to ensure security vulnerabilities do not overshadow benefits Continue Reading
-
Feature
25 Oct 2018
Trusted nodes: The next generation in quantum key distribution
QKD is a form of protection against interception by quantum computers, but cost and technical limitations have made the technology impractical. Could trusted nodes make all the difference? Continue Reading
-
Opinion
25 Oct 2018
Mitigating third-party cyber risks in a new regulatory environment
GDPR and the NIS Directive increase the focus on managing cyber security throughout the supply chain. Organisations need to check their suppliers are compliant Continue Reading
-
News
25 Oct 2018
Belgian startup makes a game of creating secure software code
A global tech startup has placed its research and development centre in Belgium, taking advantage of regional financial support as well as cooperations with local educational organisations Continue Reading
-
News
25 Oct 2018
GandCrab decryption tool released by No More Ransom
Another decryption tool has been made available free of charge in the battle against ransomware to help victims avoid paying to release their data Continue Reading
-
News
25 Oct 2018
Cathay Pacific under fire over breach affecting 9.4 million passengers
Hong Kong-based airline reveals massive data breach of the most sensitive personal data of passengers five months after loss was confirmed Continue Reading
-
News
25 Oct 2018
Becrypt security platform helps ease cloud adoption
Becrypt’s secure operating system is driving a new service aimed at helping organisations reduce cost and increase agility in using cloud-based services and online applications Continue Reading
-
News
24 Oct 2018
Choose security tools wisely to gain upper hand
The cyber threat landscape is continually changing, but staying abreast of attacker and defender innovation can help business leaders gain the upper hand, says KuppingerCole Continue Reading
-
News
24 Oct 2018
Government can’t guarantee no-deal Brexit data-sharing agreement
Digital minister Margot James says there is no clear timetable on when the UK will secure a data adequacy decision from the EU, and cannot guarantee an agreement will be in place in the event of a no-deal Brexit Continue Reading
-
News
24 Oct 2018
Sibos 2018: ‘Black swan’ cyber event is inevitable
With security experts and bankers expecting a 9/11-style cyber event, deeper collaboration between companies and governments is necessary to identify emerging threats before they occur Continue Reading
-
News
23 Oct 2018
Interview: Steve Grobman, McAfee CTO shares his views on some burning security questions
Cyber security technology innovator and veteran Steve Grobman shares his views on adversarial artificial intelligence, post-quantum cryptography and security for next-gen tech Continue Reading
-
News
23 Oct 2018
Morrisons loses appeal against data breach liability ruling
Supermarket chain has lost its appeal against a High Court ruling that found it liable for a data leak by a former employee, underlining the importance of managing insider threats Continue Reading
-
News
22 Oct 2018
McAfee CTO raises concerns about election cyber security
The security industry needs to look at the security of election processes around the world as well as the security of voting and counting machines, says McAfee CTO Continue Reading
-
News
19 Oct 2018
McAfee combining threat intel with AI
Simulations show that threat intelligence and artificial intelligence is a powerful combination, according to McAfee’s technology head Continue Reading
-
News
19 Oct 2018
Learn lessons from attacks, says McAfee investigations chief
Organisations should use every cyber attack as an opportunity to learn, identify weaknesses and improve security posture, according to McAfee’s head of cyber investigations Continue Reading
-
News
18 Oct 2018
McAfee researchers uncover ‘significant’ espionage campaign
Researchers discover campaign targeting South Korea, the US and Canada with links to eight-year-old source code from a threat group that has been dormant for five years Continue Reading
-
News
18 Oct 2018
'Sealed cloud' promises better data security
TÜV SÜD’s Singapore Sealed Cloud does not grant administrators access to data, reducing the possibility of hackers breaking into databases using compromised administrator credentials Continue Reading
-
News
16 Oct 2018
APAC security spending tipped to reach new highs
Security services will be the largest and fastest-growing slice of the overall security pie in the Asia-Pacific region Continue Reading
-
News
16 Oct 2018
Zero-trust security model gaining traction
The zero-trust model of security is finally gaining traction as security professionals tap into new tools and executive buy-in to support this approach in an effort to improve security posture and practices Continue Reading
-
News
16 Oct 2018
UK faces 10 cyber attacks a week as hostile states step up hacking, says NCSC
The UK’s National Cyber Security Centre has thwarted more than 1,600 attacks over the past two years – many by hostile nation states Continue Reading
-
News
15 Oct 2018
Cost of WannaCry attack to NHS set at £92m
Department for Health and Social Care estimates the immediate cost of the May 2017 WannaCry attack on the NHS was £92m, and says it will have spent about £275m on improvements to its cyber security infrastructure by the end of 2021 Continue Reading
-
News
15 Oct 2018
IoT firms sign up to UK security code of practice
Internet of things technology firms have begun signing up to a UK code of practice to strengthen the security of internet-connected devices. The code is expected to form the basis of an international standard Continue Reading
-
News
12 Oct 2018
Some 10% of user-reported emails malicious
On average, 1 in 10 user-reported emails is identified as malicious, and more than half can be tied to credential phishing, a Cofense report reveals Continue Reading
-
News
12 Oct 2018
AI is no silver bullet for cyber security
A security expert has called for businesses to manage the risks of adopting new technologies and improve their cyber hygiene, rather than see artificial intelligence as a panacea for their security woes Continue Reading
-
News
11 Oct 2018
Crypto-mining malware poses as Flash updates
Cryptocurrency mining malware is posing as Flash updates that appear to be legitimate, Palo Alto Networks security researchers warn Continue Reading
-
News
11 Oct 2018
RATs and Mimikatz among top publicly available hacking tools
Remote access Trojans (RATs), web shells and Mimikatz among the top publicly available tools that are used in cyber attacks around the world, a five-nation cyber intelligence report reveals Continue Reading