IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
25 Oct 2024
Dutch critical infrastructure at risk despite high leadership confidence
Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise Continue Reading
-
News
11 Jul 2024
Dutch research firm TNO pictures the SOC of the future
In only a few years, security operations centres will have a different design and layout, and far fewer will remain Continue Reading
-
News
23 Jan 2019
Time to deploy strong authentication, says Fido
The time has come for organisations to deploy cryptographically backed strong authentication, according to the Fido Alliance, which seeks to eliminate the world’s dependence on password-based security Continue Reading
-
News
23 Jan 2019
US issues emergency directive to halt DNS hijacking
US government agencies have been given 10 days to complete a four-step action plan to stop DNS hijacking attacks Continue Reading
-
News
22 Jan 2019
IBM mobile cyber range starts European tour in London
IBM’s mobile cyber range is kicking of a tour in London to raise awareness around the need for tried and tested cyber attack responses among organisations in Europe Continue Reading
-
News
22 Jan 2019
Young Dutch cyber criminals get re-education rather than jail time
Young hackers in the Netherlands are being rehabilitated through punishments that educate rather than incarcerate Continue Reading
-
News
22 Jan 2019
Facebook: US government does not engage in mass and indiscriminate surveillance
Social media giant challenges a ruling by Dublin’s High Court over a judgment that it says made ‘extraordinary and incorrect’ findings about the US legal system Continue Reading
-
News
21 Jan 2019
Name and shame firms with poor cyber security, government told
The government should name and shame companies whose cyber security measures fail to protect consumers’ data and firms should implement Active Cyber Defence, an academic report urges Continue Reading
-
News
21 Jan 2019
Public procurement key to cyber security
Using public procurement as a means of boosting cyber security is the top recommendation for 2019, according to a report based on expert views Continue Reading
-
News
21 Jan 2019
Home Office vetoes privacy campaigner from senior post in surveillance watchdog
The Home Office refuses academic and privacy campaigner, Eric King, security clearance for a senior role at the intelligence services watchdog, despite high-level backing from officials Continue Reading
-
News
17 Jan 2019
Breach of nearly 2.7 billion records underlines password flaws
Potentially the biggest personal data breach to date from thousands of sources, some possibly breached as far back as 2008, illustrates the deeply flawed nature of password-based authentication, say industry commentators Continue Reading
-
News
17 Jan 2019
CenturyLink opens Singapore SOC amid security services boom
US telco’s second Asia-Pacific security operations centre in Singapore is one of eight globally as it bids to carve a slice of the security services market Continue Reading
-
News
16 Jan 2019
New Zealand faces more state-sponsored attacks
Nearly four in 10 cyber security incidents recorded by the National Cyber Security Centre were the work of state-sponsored threat actors Continue Reading
-
Opinion
16 Jan 2019
Facebook’s high-stakes privacy gamble goes to Dublin court
A high-wire gamble with billions in compensation at stake for European internet users – part of a complex case between Facebook and the Irish information commissioner – hides challenge to the unlawfulness of US state internet surveillance Continue Reading
-
Opinion
16 Jan 2019
Security Think Tank: Walk before you run
How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network? Continue Reading
-
News
15 Jan 2019
Millions of industrial remote controllers open to attack
Millions of industrial remote controllers are open to cyber attack because of vulnerabilities in the radio frequency technology used, a study has revealed Continue Reading
-
Feature
15 Jan 2019
The rise of DevSecOps
The increasing complexity of security threats facing enterprises is leading to DevSecOps approaches, which combine operations and development with security, so that all business units are involved in security operations Continue Reading
-
News
15 Jan 2019
Businesses fail to apply encryption technology effectively
Most businesses are not applying common encryption tools effectively to contain the fallout and costs of data breaches, research shows Continue Reading
-
Opinion
15 Jan 2019
Security Think Tank: Apply different techniques to safeguard against rogue code
How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network? Continue Reading
-
News
15 Jan 2019
Less than half of firms able to detect IoT breaches, study shows
UK firms have one of the lowest internet-of-things device breach detection capabilities in Europe, a study reveals Continue Reading
-
News
15 Jan 2019
SingHealth and IT supplier fined S$1m for data breach
Singapore’s data protection commission considered the fact that both SingHealth and its IT supplier fell prey to sophisticated threat actors, among other factors, when meting out the fine Continue Reading
-
Opinion
14 Jan 2019
Security Think Tank: Combine SDN, containerisation and encryption to halt rogue code
How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network? Continue Reading
-
News
11 Jan 2019
AI application overlooked in cyber security research
Despite the proliferation of cyber security products and services claiming to be driven by artificial intelligence, the application of the technology is being overlooked by research, a study shows Continue Reading
-
Opinion
11 Jan 2019
Security Think Tank: How to use SDN, containers and encryption – and some warnings
How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network? Continue Reading
-
Opinion
10 Jan 2019
Security Think Tank: Creative thinking key to meeting emerging security challenges
How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network? Continue Reading
-
News
10 Jan 2019
UK firms say £6.6bn annual security testing cost too high
Avord launches platform to reduce the multibillion-pound annual cyber security testing cost that most UK firms say is too high Continue Reading
-
Podcast
10 Jan 2019
Podcast: Storage and compliance priorities in 2019
Mathieu Gorge, CEO of Vigitrust, looks ahead to key areas in compliance in 2019, including mushrooming data volumes, GDPR fines and the California Consumer Privacy Act Continue Reading
-
E-Zine
10 Jan 2019
CW Middle East: Bahrain aims to be fintech hub
Bahrain’s government wants to make the country the go-to place in the Middle East for financial technology companies. It hopes to capitalise on its banking know-how to establish an ambitious fintech “ecosystem”. Also read about Dubai’s plans for the Smart Data platform and the UAE Pass, a digital ID and signature, and how Shell is using AI to amplify the human impact of its workforce. Continue Reading
-
News
09 Jan 2019
FireEye gears up email security for emerging threats
Email continues to be a top means of initiating cyber attacks with new detection bypass techniques and executive impersonation capabilities continually emerging, research shows Continue Reading
-
Opinion
09 Jan 2019
Security Think Tank: The security role of SDN, containers, encryption and SDP
How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network? Continue Reading
-
Opinion
08 Jan 2019
eIDAS and the EU’s mission to create a truly portable identity
It is important for businesses to work more actively with technology partners, regulators and governments to create more robust identity verification processes Continue Reading
-
News
08 Jan 2019
Protego Labs launches serverless app security tool
Security professionals and developers now have a way to assess the security of their serverless applications with a new open source testing tool donated to Owasp Continue Reading
-
Opinion
08 Jan 2019
Security Think Tank: Meeting the security challenge of multiple IT environments
How can organisations combine software defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network? Continue Reading
-
News
07 Jan 2019
Boards need to be active partners in cyber defence
Board members must be active governance partners in collaborative cyber defence, says US regional information sharing and analysis organisation Continue Reading
-
News
07 Jan 2019
BlackBerry licenses security tech to IoT device makers
BlackBerry is to license its secure software development technology to the makers of internet-connected devices to boost IoT security Continue Reading
-
Opinion
07 Jan 2019
Security Think Tank: Use SDN, containerisation and encryption tools to boost security
How can organisations combine software defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network? Continue Reading
-
News
07 Jan 2019
Almost half of containers in production have vulnerabilities, study finds
More containers are being deployed in production, but many businesses are unaware if they are secure Continue Reading
-
News
06 Jan 2019
Singapore Airlines’ software glitch exposed customer data
More than 280 members of the Krisflyer frequent flyer programme had their personal information compromised by a one-off software bug Continue Reading
-
News
04 Jan 2019
Modern IT underlines need for zero-trust security
The increasing complexity of supply chains and interconnectivity of IT systems means the attack surface is widening and security has to evolve accordingly, warns British computer scientist Continue Reading
-
News
04 Jan 2019
Data breaches affected more than a billion people in 2018
The personal information of more than a billion people was compromised in 2018 as companies holding the data failed to keep it safe Continue Reading
-
News
04 Jan 2019
German politicians’ data leak shows need for global action
Hacked data includes contacts’ email addresses, private chats, mobile numbers, photographs and credit card details, which were published on Twitter Continue Reading
-
News
04 Jan 2019
Phishing attacks hidden by custom fonts
Security researchers have uncovered a new way in which phishing attacks are evading detection. Continue Reading
-
Opinion
31 Dec 2018
Can we live without passwords?
Can you imagine a future in which we can be secure online without having to remember an unwieldly list of passwords? Solutions are emerging that could make passwords redundant, but there will be other security problems to resolve Continue Reading
-
Opinion
31 Dec 2018
Security Think Tank: Pay attention to attribute-based system access permissions
At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted and did happen and one thing that should happen in 2019, but probably will not Continue Reading
-
Opinion
28 Dec 2018
Security Think Tank: Focus on malicious use of AI in 2019
At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not Continue Reading
-
Opinion
27 Dec 2018
Security Think Tank: Strong 2FA should be a goal in 2019
At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not Continue Reading
-
News
24 Dec 2018
Top 10 IT security stories of 2018
Here are Computer Weekly’s top 10 IT security stories of 2018 Continue Reading
-
Opinion
24 Dec 2018
Security Think Tank: Let’s hope for treaty on online norms
At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not Continue Reading
-
Opinion
21 Dec 2018
Security Think Tank: Put collaboration on 2019 security agenda
At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not Continue Reading
-
News
20 Dec 2018
Marriott data breach losses could be over half a billion dollars
Direct losses related to a huge data breach at US hotel group could reach $600m Continue Reading
-
News
19 Dec 2018
Lauri Love battles police for return of computers as NCA confirms live investigation
The National Crime Agency (NCA) confirms there is a live investigation into Lauri Love in the UK, as Love brings legal action against UK police for the return of seized computer equipment Continue Reading
-
Opinion
19 Dec 2018
Security Think Tank: Align security strategy to business objectives
At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted and did happen and one thing that should happen in 2019, but probably will not Continue Reading
-
News
18 Dec 2018
APAC cyber security landscape to be more tumultuous in 2019
Amid growing cyber threats, the Asia-Pacific cyber security landscape will not get any rosier in 2019 unless organisations start shoring up their cyber hygiene Continue Reading
-
Opinion
18 Dec 2018
Security Think Tank: Let’s get back to basics in 2019
At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not Continue Reading
-
News
17 Dec 2018
Top 10 ASEAN stories of 2018
Organisations across Southeast Asia have been doubling down on efforts to take the lead in digital transformation initiatives Continue Reading
-
Opinion
17 Dec 2018
Security Think Tank: Prioritise multifactor authentication in 2019
At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not Continue Reading
-
News
14 Dec 2018
Iranian cyber espionage highlights human element
State-backed hackers in Iran have reportedly upped efforts to compromise US officials’ email accounts using phishing scams Continue Reading
-
News
14 Dec 2018
Australia passes controversial encryption law
Arguments continue over law that requires companies to work with government agencies to ensure that encrypted communications can be read if a crime is suspected Continue Reading
-
Opinion
14 Dec 2018
Security Think Tank: Smart botnets resist attempts to cut comms
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including "sleepers" designed to be activated at a future date Continue Reading
-
Opinion
14 Dec 2018
Security Think Tank: Strategies for blocking malware comms
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date? Continue Reading
-
News
13 Dec 2018
Machine identity protection development gets funding boost
Cyber security firm Venafi has launched a development fund aimed at accelerating the delivery of protection for machine identities Continue Reading
-
News
13 Dec 2018
Social engineering at the heart of critical infrastructure attack
Social engineering is the core technique used in a series of cyber attacks targeting government, defence, nuclear, energy and financial organisations around the world, which means people are key to defence Continue Reading
-
E-Zine
13 Dec 2018
CW Europe: Russia banks on electronic payments
A recent study by Sberbank, Russia’s largest state-run lender, shows the country has experienced a cashless payment boom over the past decade. Also read about the attempt by four Russians to break into the networks of the Organisation for the Prohibition of Chemical Weapons in The Hague, and why the Estonian government is directly targeting IT professionals in the UK. Continue Reading
-
News
13 Dec 2018
Most UK retailers plan to up cyber security
The majority of UK retailers are planning to increase cyber security measures during the Christmas season, a survey reveals Continue Reading
-
Opinion
12 Dec 2018
Security Think Tank: Prevention and detection key to disrupting malware comms
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date? Continue Reading
-
Opinion
11 Dec 2018
Security Think Tank: Severing C&C comms is key, but complex
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date? Continue Reading
-
News
11 Dec 2018
Mac malware makes debut in top 10 list
Mac malware appears in the WatchGuard top 10 malware list for first time, and 6.8% of major websites still use an insecure SSL protocol, according to the firm’s latest internet security report Continue Reading
-
News
11 Dec 2018
Large disparity in NHS cyber skills and training spend
Despite government pledges to up cyber security spending across the NHS, there are still huge disparities in cyber security skills and spending on cyber security training, FoI requests reveal Continue Reading
-
News
10 Dec 2018
O2 expected to pursue Ericsson for compensation over 24-hour stoppage
Mobile network operator could seek up to £100m in damages from its supplier, which failed to update expired software certificates, causing a day-long outage Continue Reading
-
Opinion
10 Dec 2018
Security Think Tank: Firms neglect DNS security at their peril
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date? Continue Reading
-
News
10 Dec 2018
UK businesses feel let down by government on cyber security
Government needs to provide more support around cyber security issues in 2019, according to the majority of UK IT leaders polled Continue Reading
-
News
07 Dec 2018
Half of business leaders unaware of BPC cyber attacks
Half of management teams polled in 12 countries, including the UK, are unaware of business process compromise (BPC) attacks Continue Reading
-
Opinion
07 Dec 2018
Security Think Tank: Three steps to detect malware comms
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date? Continue Reading
-
Opinion
06 Dec 2018
Security Think Tank: How to tool up to catch evasive malware comms
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date? Continue Reading
-
News
06 Dec 2018
Fileless malware surge, warns Malwarebytes report
Data from millions of consumers reveals an uptick in fileless malware and other new-generation malware that calls for a new cyber security approach, report reveals Continue Reading
-
News
06 Dec 2018
Adobe releases Flash patch for zero-day exploit
Emergency security update released for zero-day vulnerability that is being exploited in the wild via a Microsoft Office document, according to researchers Continue Reading
-
Opinion
05 Dec 2018
Drawing the line for cyber warfare
With alleged Russian meddling in elections and the state-backed attack on Iran’s nuclear programme, it is becoming difficult to define the boundaries of cyber warfare Continue Reading
-
News
05 Dec 2018
BT moves to strip Huawei kit from EE’s network
Telco will remove Huawei’s networking equipment from the core of EE’s 4G mobile network Continue Reading
-
Opinion
05 Dec 2018
Security Think Tank: Situational awareness underpins effective security
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure they detect such methods and that all C&C systems are removed, including ‘sleepers’ designed to be activated at a future date? Continue Reading
-
News
05 Dec 2018
Nominet brings security expertise and tech to market
The .uk domain registry is to bring its DNS expertise and technology developed for the NCSC to market to address cyber security ‘blindspot’ Continue Reading
-
News
04 Dec 2018
‘Open-minded’ DVSA cuts cost of MOT testing
Government agency harnesses customised open source platform to ensure data security while cutting costs and plans to extend its MOT testing capability to do the same for drivers’ theory tests Continue Reading
-
News
04 Dec 2018
Financial institutions’ data at risk despite security spending
Despite increased spending on cyber security, digital transformation and advanced attacks mean financial institutions’ data is still at risk, a report reveals Continue Reading
-
Opinion
04 Dec 2018
Security Think Tank: Basic steps to countering malware comms
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure they detect such methods and that all C&C systems are removed, including "sleepers" designed to be activated at a future date Continue Reading
-
News
04 Dec 2018
100 million Quora.com user details exposed
Question-and-answer site is the latest organisation to admit a breach of users’ personal data, with industry commentators calling out credential theft as a top cause of such breaches Continue Reading
-
News
03 Dec 2018
Liberty heads for judicial review over Investigatory Powers Act
The UK's powers to conduct supsicionless bulk surveillance on individuals and organisations face a legal challenge in the high court next year Continue Reading
-
Opinion
03 Dec 2018
Security Think Tank: Combine tech, process and people to block malware comms
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including "sleepers" designed to be activated at a future date. Continue Reading
-
News
03 Dec 2018
BT announces new head of security business
BT has appointed a former law enforcement officer and BT investigator as the new head of its security business Continue Reading
-
News
30 Nov 2018
WannaCry borderline national cyber emergency
The May 2017 WannaCry attack, which disrupted services at one-third of NHS trusts and more than 600 primary care organisations is the closest the UK has come to a national cyber emergency, says the NCSC Continue Reading
-
News
30 Nov 2018
E-commerce sites warned of heightened DDoS threat
E-commerce sites are being urged to ensure that they have adequate DDoS protection ahead of the vital holiday trading season after attacks ramped up on Black Friday and Cyber Monday Continue Reading
-
News
29 Nov 2018
UK cyber security strategy making ‘good progress’
The National Cyber Security Strategy is making good progress, but there is much left to be done, according to a Cabinet Office official Continue Reading
-
News
28 Nov 2018
Cyber resilience lacking due to apathy of UK leaders
An unwillingness to accept that cyber is a real threat to critical national infrastructure by UK political and business leaders has resulted in a lack of resilience, says security industry veteran Continue Reading
-
News
28 Nov 2018
FCA deeply concerned as no end in sight for IT failures in banking
The FCA has reported a massive increase in the number of banking IT failures in the UK and admitted there is no end in sight Continue Reading
-
News
27 Nov 2018
GDPR is encouraging UK IT directors to pay cyber ransoms
As predicted ahead of the General Data Protection Regulation enforcement deadline, research shows that fear of fines under the new laws is making some firms more likely to pay cyber ransoms Continue Reading
-
News
26 Nov 2018
Unprecedented actions by Commons committee augur badly for Facebook
House of Commons’ serjeant-at-arms effectively arrested the CEO of a US software company and frogmarched him to Parliament, where he was told he would be imprisoned if he failed to hand over papers on Facebook Continue Reading
-
E-Zine
22 Nov 2018
CW Nordics: Swedish IT sector advises on election security
The security measures assembled and implemented around the 2018 election in Sweden were devised in consultation with leading actors within the country’s private IT sector. Also read about how Denmark’s ambition to become a leading ocation for hyperscale datacentres is gaining momentum, and why Estonia wants to recruit IT professionals from the UK. Continue Reading
-
News
17 Nov 2018
Credit card fraud in ANZ showing no signs of abating
The value of fraudulent transactions more than doubled that of legitimate purchases during the third quarter this year Continue Reading
-
News
16 Nov 2018
UK firms in the dark around the impact of cyber attacks
UK firms have a long way to go in building the business resilience required to withstand cyber threats and other major disruptions, a study shows Continue Reading
-
News
15 Nov 2018
Keep people at the centre of risk management, says consultant
In assessing the cyber risks to a business, security professionals should start with the people in an organisation and keep them at the centre in identifying and mitigating risk, says consultant Continue Reading
-
News
15 Nov 2018
Enterprises lack capability against persistent cyber attacks
A report urges organisations to strengthen their cyber defence capabilities to pre-empt, detect and respond to post-breach attacks Continue Reading
-
News
15 Nov 2018
DeepMind won’t share patient data with Google ‘at this stage’, says company’s health boss
Amid concerns and questions around Google’s takeover of the DeepMind’s Streams app, Dominic King, the company’s health lead, promises that ‘at this stage’, nothing will change, and it won’t share any patient data with the internet giant Continue Reading
-
News
14 Nov 2018
AI-enhanced security tools necessary for today’s threats
Machine learning-enhanced tools are necessary to keep up with current threats, but are not perfect and will not solve the security skills gap problem, says KuppingerCole Continue Reading
-
News
14 Nov 2018
Zero-trust security not an off-the-shelf product
The zero-trust security model is a business enabler that needs to be supported by a strategy and security architecture, analyst warns cyber security leaders Continue Reading