IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
25 Oct 2024
Dutch critical infrastructure at risk despite high leadership confidence
Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise Continue Reading
-
News
11 Jul 2024
Dutch research firm TNO pictures the SOC of the future
In only a few years, security operations centres will have a different design and layout, and far fewer will remain Continue Reading
-
News
13 Nov 2018
User behaviour analytics adding new insight
User behaviour analytics is helping to add new insights by providing the missing element in security event information management approaches, says Martin Kuppinger Continue Reading
-
News
12 Nov 2018
Home Office to use smartphone ID for EU Exit scheme
The Home Office will use smartphone digital identity verification to support applications for the government’s EU Exit Settlement Scheme Continue Reading
-
News
12 Nov 2018
Firms lack responsible exec for cyber security
Narrow gap between CEO, CIO and CISO roles means no single executive function is stepping up to take responsibility for cyber security, a study shows Continue Reading
-
Opinion
12 Nov 2018
GCHQ offers help to embryonic Irish cyber security organisation
Ciaran Martin head of the UK's National Cyber Security Centre, part of GCHQ, builds bridges with the Republic of Ireland's intelligence community during an official visit to Dublin Continue Reading
-
News
09 Nov 2018
Post-quantum cryptography a major challenge, says expert
The crypto wars are just beginning and open systems are key to improved security in future, says cryptography expert Continue Reading
-
News
07 Nov 2018
Decentralised ID key to identity security
Enterprises need to step up protections around identity-related compromises and look to decentralised identity in the longer term to improve security, says computer scientist Continue Reading
-
Opinion
07 Nov 2018
Security Think Tank: Top considerations to reduce application layer attacks
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
News
06 Nov 2018
Start preparing for post-quantum data protection
Organisations that need to retain sensitive information for long periods of time need to start preparing for the post-quantum era, according to an IBM security architect Continue Reading
-
Opinion
06 Nov 2018
Security Think Tank: Gap, risk and business impact analysis key to application security
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
Opinion
05 Nov 2018
Security Think Tank: Three ways to safeguard against application layer vulnerabilities
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
News
02 Nov 2018
DevSecOps not limited to coding, says analyst
DevSecOps is seen as a way of ensuring application security, but security leaders must understand that embedding a security culture and taking the inter-dependencies of new development frameworks into account is key, says KuppingerCole Continue Reading
-
Opinion
02 Nov 2018
Security Think Tank: Deploy multiple defence layers to protect data-rich applications
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
News
02 Nov 2018
Facebook to appeal EU-US data transfer ruling in Irish Supreme Court
Facebook will appeal a decision by the Irish High Court to refer questions over the legality of EU-US data transfers to the European Court of Justice in January, as the Dublin court rejects attempt by a UK IT expert to join the case Continue Reading
-
Opinion
01 Nov 2018
Security Think Tank: A three-pronged approach to application security
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
Opinion
31 Oct 2018
Think Tank: Application layer attack mitigation needs to start with risk analysis
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
News
30 Oct 2018
Australia’s data breaches are a ‘sign of naiveté’
McAfee executive attributes Australia’s poor cloud security record to the lack of data protection measures amid “new and confusing” cloud configurations Continue Reading
-
Opinion
30 Oct 2018
Security Think Tank: Defend application layer with good security hygiene
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
Opinion
29 Oct 2018
Security Think Tank: Counter application layer attacks with automation
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
News
26 Oct 2018
DNS attacks cost finance firms millions of pounds a year
Average cost of recovering from a single DNS attack is $924,390 for a large financial services company, survey shows Continue Reading
-
Opinion
26 Oct 2018
Security Think Tank: Focus on security before app deployment
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
News
26 Oct 2018
IoT ecosystem needs to be investigated, say experts
A conference of IoT experts convened by Enisa and Europol has made key recommendations to ensure security vulnerabilities do not overshadow benefits Continue Reading
-
Feature
25 Oct 2018
Trusted nodes: The next generation in quantum key distribution
QKD is a form of protection against interception by quantum computers, but cost and technical limitations have made the technology impractical. Could trusted nodes make all the difference? Continue Reading
-
Opinion
25 Oct 2018
Mitigating third-party cyber risks in a new regulatory environment
GDPR and the NIS Directive increase the focus on managing cyber security throughout the supply chain. Organisations need to check their suppliers are compliant Continue Reading
-
News
25 Oct 2018
Belgian startup makes a game of creating secure software code
A global tech startup has placed its research and development centre in Belgium, taking advantage of regional financial support as well as cooperations with local educational organisations Continue Reading
-
News
25 Oct 2018
GandCrab decryption tool released by No More Ransom
Another decryption tool has been made available free of charge in the battle against ransomware to help victims avoid paying to release their data Continue Reading
-
News
25 Oct 2018
Cathay Pacific under fire over breach affecting 9.4 million passengers
Hong Kong-based airline reveals massive data breach of the most sensitive personal data of passengers five months after loss was confirmed Continue Reading
-
News
25 Oct 2018
Becrypt security platform helps ease cloud adoption
Becrypt’s secure operating system is driving a new service aimed at helping organisations reduce cost and increase agility in using cloud-based services and online applications Continue Reading
-
News
24 Oct 2018
Choose security tools wisely to gain upper hand
The cyber threat landscape is continually changing, but staying abreast of attacker and defender innovation can help business leaders gain the upper hand, says KuppingerCole Continue Reading
-
News
24 Oct 2018
Government can’t guarantee no-deal Brexit data-sharing agreement
Digital minister Margot James says there is no clear timetable on when the UK will secure a data adequacy decision from the EU, and cannot guarantee an agreement will be in place in the event of a no-deal Brexit Continue Reading
-
News
24 Oct 2018
Sibos 2018: ‘Black swan’ cyber event is inevitable
With security experts and bankers expecting a 9/11-style cyber event, deeper collaboration between companies and governments is necessary to identify emerging threats before they occur Continue Reading
-
News
23 Oct 2018
Interview: Steve Grobman, McAfee CTO shares his views on some burning security questions
Cyber security technology innovator and veteran Steve Grobman shares his views on adversarial artificial intelligence, post-quantum cryptography and security for next-gen tech Continue Reading
-
News
23 Oct 2018
Morrisons loses appeal against data breach liability ruling
Supermarket chain has lost its appeal against a High Court ruling that found it liable for a data leak by a former employee, underlining the importance of managing insider threats Continue Reading
-
News
22 Oct 2018
McAfee CTO raises concerns about election cyber security
The security industry needs to look at the security of election processes around the world as well as the security of voting and counting machines, says McAfee CTO Continue Reading
-
News
19 Oct 2018
McAfee combining threat intel with AI
Simulations show that threat intelligence and artificial intelligence is a powerful combination, according to McAfee’s technology head Continue Reading
-
News
19 Oct 2018
Learn lessons from attacks, says McAfee investigations chief
Organisations should use every cyber attack as an opportunity to learn, identify weaknesses and improve security posture, according to McAfee’s head of cyber investigations Continue Reading
-
News
18 Oct 2018
McAfee researchers uncover ‘significant’ espionage campaign
Researchers discover campaign targeting South Korea, the US and Canada with links to eight-year-old source code from a threat group that has been dormant for five years Continue Reading
-
News
18 Oct 2018
'Sealed cloud' promises better data security
TÜV SÜD’s Singapore Sealed Cloud does not grant administrators access to data, reducing the possibility of hackers breaking into databases using compromised administrator credentials Continue Reading
-
News
16 Oct 2018
APAC security spending tipped to reach new highs
Security services will be the largest and fastest-growing slice of the overall security pie in the Asia-Pacific region Continue Reading
-
News
16 Oct 2018
Zero-trust security model gaining traction
The zero-trust model of security is finally gaining traction as security professionals tap into new tools and executive buy-in to support this approach in an effort to improve security posture and practices Continue Reading
-
News
16 Oct 2018
UK faces 10 cyber attacks a week as hostile states step up hacking, says NCSC
The UK’s National Cyber Security Centre has thwarted more than 1,600 attacks over the past two years – many by hostile nation states Continue Reading
-
News
15 Oct 2018
Cost of WannaCry attack to NHS set at £92m
Department for Health and Social Care estimates the immediate cost of the May 2017 WannaCry attack on the NHS was £92m, and says it will have spent about £275m on improvements to its cyber security infrastructure by the end of 2021 Continue Reading
-
News
15 Oct 2018
IoT firms sign up to UK security code of practice
Internet of things technology firms have begun signing up to a UK code of practice to strengthen the security of internet-connected devices. The code is expected to form the basis of an international standard Continue Reading
-
News
12 Oct 2018
Some 10% of user-reported emails malicious
On average, 1 in 10 user-reported emails is identified as malicious, and more than half can be tied to credential phishing, a Cofense report reveals Continue Reading
-
News
12 Oct 2018
AI is no silver bullet for cyber security
A security expert has called for businesses to manage the risks of adopting new technologies and improve their cyber hygiene, rather than see artificial intelligence as a panacea for their security woes Continue Reading
-
News
11 Oct 2018
Crypto-mining malware poses as Flash updates
Cryptocurrency mining malware is posing as Flash updates that appear to be legitimate, Palo Alto Networks security researchers warn Continue Reading
-
News
11 Oct 2018
RATs and Mimikatz among top publicly available hacking tools
Remote access Trojans (RATs), web shells and Mimikatz among the top publicly available tools that are used in cyber attacks around the world, a five-nation cyber intelligence report reveals Continue Reading
-
E-Zine
11 Oct 2018
CW Middle East: Middle East warms to humanoid robots
Countries in the Middle East are warming to humanoid robotics, robotic process automation and artificial intelligence as these technologies become widely accepted globally. Also in this issue, read why Saudi Arabia has called on London’s fintechs to set up in the country with the promise of government support, and find out how the Gulf Warehousing Company has introduced cloud-based technology to replace paper processes used by its HR department. Continue Reading
-
News
11 Oct 2018
Optus to acquire Hivint in cyber security deal
The deal is expected to bolster the telco’s security pedigree in a market that is grappling with more data breaches and cyber incidents Continue Reading
-
News
10 Oct 2018
Detail of Dutch reaction to Russian cyber attack made public deliberately
Four Russian intelligence officials were expelled from the Netherlands after an attempted hack on the global chemical weapons watchdog. The Dutch government has been open about the detail Continue Reading
-
News
10 Oct 2018
Bug bounties not a silver bullet, Katie Moussouris warns
Targeted bug bounties have a role to play in cyber security, but they are not a "silver bullet", and run the risk of wiping out talent pipelines if poorly implemented, warns bug bounty pioneer Continue Reading
-
News
10 Oct 2018
NCSC head says attribution of GRU attacks important
The head of the UK’s National Cyber Security Centre has described the attribution of a wave of cyber attacks to Russia’s military intelligence service as “historically important” at a conference in Poland Continue Reading
-
Opinion
09 Oct 2018
Security Think Tank: Monitoring key to outcomes-based security
What is the first step towards moving from a tick-box approach to security to one that is outcomes-based, and how can an organisation test if its security defences are delivering the desired outcome? Continue Reading
-
News
09 Oct 2018
Cooperation vital in cyber security, says former Estonian minister
States acting alone cannot be efficient in cyber security and need to cooperate with others to build trust, says a former foreign minister of Estonia Continue Reading
-
News
08 Oct 2018
NCSC head calls for technocratic partnership to fix cyber risks
The UK’s National Cyber Security Centre is appealing for collaboration with the technology industry to remedy key vulnerabilities in current IT Continue Reading
-
Opinion
08 Oct 2018
Security Think Tank: Enable outcomes-based security in software development
What is the first step towards moving from a tick box approach to security to one that is outcomes based, and how can an organisation test if its security defences are delivering the desired outcome? Continue Reading
-
Opinion
05 Oct 2018
Security Think Tank: C-suite needs to drive outcomes-based security
What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome? Continue Reading
-
News
04 Oct 2018
Business email compromise made easy for cyber criminals
Poor security practices and access to hacking services are making it easy for cyber criminals to compromise business email, research reveals Continue Reading
-
News
04 Oct 2018
Apps are gateway to business data for cyber attackers
Application security is becoming increasingly important because apps are often the main way cyber attackers are getting into corporate networks, a threat researcher warns Continue Reading
-
News
04 Oct 2018
UK and allies accuse Russia of cyber attack campaign
The UK National Cyber Security Centre has identified a campaign by the Russian military intelligence service of “indiscriminate and reckless” cyber attacks Continue Reading
-
News
03 Oct 2018
Companies failing to recognise the internal cyber threat
The focus at many companies is on external cyber threats, and internal threats are being overlooked as a consequence, a researcher warns Continue Reading
-
News
03 Oct 2018
Majority of businesses believe they are open to cyber attack
More than two-thirds of businesses believe their network is open to attack, a report on the state of web application security reveals Continue Reading
-
News
03 Oct 2018
Rise in data-stealing Betabot malware
Researchers are warning about an increase in Betabot malware after detecting multiple infections in recent weeks, underlining the importance of software patching Continue Reading
-
News
03 Oct 2018
AI full of possibilities with the right tools and understanding
Artificial intelligence has the potential to assist in the analysis of data in a range of topics, but businesses need to understand its limitations and have the right tools to get the most benefit, says a Swiss entrepreneur Continue Reading
-
Opinion
03 Oct 2018
Security Think Tank: Shift to outcomes-based security by focusing on business needs
What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome? Continue Reading
-
Opinion
02 Oct 2018
Everyone, everywhere is responsible for IIoT cyber security
Cyber security in the industrial internet of things is not limited to a single company, industry or region – it is an international threat to public safety, and can only be addressed through collaboration that extends beyond borders and competitive interests Continue Reading
-
Opinion
02 Oct 2018
Security Think Tank: Start outcomes-based security with asset identification
What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome? Continue Reading
-
News
01 Oct 2018
UK firms’ password security score ‘average’
While businesses are making strides in strengthening password security, there is more work to be done, with the UK password score lagging behind the frontrunners, a survey shows Continue Reading
-
News
01 Oct 2018
Tesco Bank gets first cyber-related FCA fine
UK’s financial watchdog issues its first cyber-related fine to Tesco Bank in connection with a multimillion-pound cyber fraud in 2016 Continue Reading
-
Opinion
01 Oct 2018
Security Think Tank: Security governance key to outcomes-based approach
What is the first step towards moving from a tick-box approach to security to one that is outcomes based, and how can an organisation test if its security defences are delivering the desired outcome? Continue Reading
-
News
28 Sep 2018
Cyber attackers are increasingly exploiting RDP, warns FBI
Businesses should to act to reduce the likelihood of compromise from cyber attackers exploiting the remote desktop protocol, warns the FBI Continue Reading
-
News
27 Sep 2018
Blockchain is no ‘magic wand’ for cyber security
The decentralised nature of blockchain networks may deter some cyber crooks, but ASEAN organisations still need to pay heed to the security of their blockchain infrastructure Continue Reading
-
News
27 Sep 2018
Business is at inflection point for proactive cyber security
The time is ripe for proactive cyber security, but many organisations must first overcome four key obstacles to achieve effective protection, according to a research report Continue Reading
-
News
27 Sep 2018
Explosion in fake data-stealing shopping sites
Cyber attackers are ramping up efforts to steal personal data by setting up look-alike domains that pose a phishing risk to online shoppers, researchers warn Continue Reading
-
News
27 Sep 2018
Norwegian state discusses vulnerabilities with IT sector
Government is collaborating with the country’s IT industry to improve the availability of security expertise Continue Reading
-
News
27 Sep 2018
Replication won’t protect VMs against ransomware
Seamless replication is among the benefits of virtualisation, but many organisations fail to back up virtual machines properly Continue Reading
-
Feature
27 Sep 2018
Prepare now for quantum computers, QKD and post-quantum encryption
The predicted processing power of quantum computers is likely to make existing encryption algorithms obsolete. Quantum key distribution (QKD) is a possible solution - we investigate whether QKD is viable Continue Reading
-
News
26 Sep 2018
Financial services firms face potential security bombshell
UK financial services are facing a security crisis over outdated services and applications, a survey shows Continue Reading
-
Opinion
26 Sep 2018
Why the government should rethink the UK’s surveillance laws
The European Court of Human Rights has made clear that the Snoopers’ Charter is an unlawful violation of people’s rights and freedoms Continue Reading
-
News
25 Sep 2018
PCI DSS compliance falls despite security benefit
Despite the benefits of the payment card industry security standard, there is a concerning downward trend in compliance, a report reveals Continue Reading
-
News
25 Sep 2018
MI5 admits to ‘unlawful’ spying on Privacy International
The UK's intelligence agencies acted unlawfully by intercepting communications data on NGO, Privacy International, the UK's most secret court ruled. Continue Reading
-
News
25 Sep 2018
WannaCry and NotPetya inspiring new attacks
Designs and techniques used in 2017’s global cyber attacks have inspired a new breed of malware that exploits software vulnerabilities, according to a McAfee report Continue Reading
-
News
25 Sep 2018
Mac OS Mojave zero-day warning
The latest version of Apple’s Mac operating system contains a vulnerability that could be exploited by attackers to access protected files, a researcher warns Continue Reading
-
News
24 Sep 2018
NHS Digital hires chief information security officer
Robert Coles will lead the health and care sector’s response to cyber attacks and help local organisations meet the government’s cyber security standards Continue Reading
-
News
24 Sep 2018
Business leaders expect suppliers to ensure they are cyber secure
Most UK business leaders expect suppliers to be cyber secure and nearly a third of businesses would terminate contracts because of suppliers’ security failings, a survey has revealed Continue Reading
-
News
21 Sep 2018
Foreshadow mitigation obscures licensing impact
Performance of virtual machines could be severely affected by the workaround for Intel’s latest processor flaw. To compensate, more processors will be needed Continue Reading
-
News
19 Sep 2018
Equifax fined by ICO for security failings
The Information Commissioners Office has fined Equifax UK in relation to a data breach at its UK parent last year Continue Reading
-
News
19 Sep 2018
Europol cyber crime report highlights emerging threats to enterprise security
Research highlights increase in sophistication of ransomware attacks, while revealing details of new and emerging threats to enterprises Continue Reading
-
News
19 Sep 2018
IT sector advises Swedish government on elections and voting system
Swedish IT secure is helping the government make election systems more secure and reduce external influence Continue Reading
-
News
17 Sep 2018
Singapore government to start bug bounty programme
Singapore’s bug bounty programme will help the authorities identify cyber blind spots and benchmark its defences against skilled hackers Continue Reading
-
News
17 Sep 2018
Danske Bank invests in anti-money laundering systems following Estonian problems
Danske bank improves its anti money laundering software, utilising artificial intelligence and machine learning Continue Reading
-
Podcast
14 Sep 2018
Printing, document capture and compliance risk in the GDPR era
Printers, scanners and mobile devices that capture data from documents all store data in some way or other. How can you be sure to be compliant with GDPR with regard to that data? Continue Reading
-
Opinion
14 Sep 2018
Security Think Tank: Supplement security with an MSSP to raise the bar
What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
News
13 Sep 2018
GCHQ mass surveillance regime was in breach of human rights law, European court rules
The European Court of Human Rights in Strasbourg has ruled that the UK’s collection of bulk interception of communications data lacked adequate oversight and safeguards and was in breach of human rights law Continue Reading
-
Feature
13 Sep 2018
Outcomes-based security is the way forward
Every security technology is effective for a limited time, but understanding data assets and their value to attackers is key to effective cyber defence, according to an industry veteran of 20 years’ experience Continue Reading
-
Opinion
13 Sep 2018
Security Think Tank: Adopt a proactive approach to software vulnerabilities
What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
News
12 Sep 2018
NCSC issues core questions to help boards assess cyber risk
The National Cyber Security Centre has published its first in a series of guidance for board members which highlights what businesses should be asking security teams Continue Reading
-
News
12 Sep 2018
FCA warns it cannot manage financial crime risks without sharing data with EU
FCA admits it will be unable to manage financial crime effectively if it cannot share data with EU authorities. Continue Reading
-
News
12 Sep 2018
Two-thirds of emails not clean, says research
Two-thirds of emails don't make it to the inbox because security systems consider them unsafe, according to research Continue Reading
-
Opinion
12 Sep 2018
Security Think Tank: Four key steps to managing software vulnerabilities
What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
News
11 Sep 2018
Higher education sector's poor response to cyber threats laid bare in EfficientIP report
The 2018 EfficientIP Global DNS Report shines a light on how ill-prepared the higher education sector is for handling cyber threats Continue Reading