IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
25 Oct 2024
Dutch critical infrastructure at risk despite high leadership confidence
Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise Continue Reading
-
News
11 Jul 2024
Dutch research firm TNO pictures the SOC of the future
In only a few years, security operations centres will have a different design and layout, and far fewer will remain Continue Reading
-
Opinion
14 Aug 2018
Security Think Tank: Outsource security operations, not control
What critical security controls can be outsourced and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately? Continue Reading
-
E-Zine
14 Aug 2018
Cyber attackers target infrastructure
In this week’s Computer Weekly, we find out about the growing sophistication of cyber attackers who specialise in industrial control systems. They are fast, efficient and able to move between IT and OT environments. We also discover how few businesses in general are reporting cyber crime, as they should. The issue also tracks Google’s playing court to the C-suite, with respect to cloud computing. Read the issue now. Continue Reading
-
News
14 Aug 2018
FBI warns of global ATM cyber crime spree
The FBI has issued a warning to banks that cyber criminals are planning to steal millions in a coordinated worldwide attack on cash machines Continue Reading
-
News
13 Aug 2018
Banks lead in digital era fraud detection
All e-commerce businesses should follow the banks’ lead in how to detect fraud in the digital era, says RSA fraud and risk expert Continue Reading
-
News
13 Aug 2018
Most security pros concerned about election infrastructure
A majority of information security professionals believe that election infrastructure is vulnerable to cyber attack, a survey shows Continue Reading
-
News
13 Aug 2018
UK firms concerned about cyber arms race
Continuous investment and activity are key in the cyber arms race, according to Databarracks, as research shows UK firms are worried about keeping up with security challenges Continue Reading
-
News
13 Aug 2018
Millions of businesses vulnerable to fax-based cyber attack
Hackers could exploit security vulnerabilities in fax machines to launch cyber attacks in millions of organisations around the world, researchers warn, underlining the need for cyber resilience Continue Reading
-
News
12 Aug 2018
Over 146 billion records to be stolen over next five years
The US will bear the brunt of data exfiltration efforts by cyber criminals, though Asia-Pacific nations such as Singapore will not be spared Continue Reading
-
News
10 Aug 2018
Mimecast extends core email security to enable cyber resilience
Mimecast continues to widen its cyber security capability through in-house development and strategic acquisition, as well as extend its core email security technologies to all other areas it applies Continue Reading
-
News
10 Aug 2018
NCR patches ATM vulnerabilities
NCR has patched ATM vulnerabilities discovered by Positive Technologies Continue Reading
-
News
09 Aug 2018
Under half of firms use vulnerability assessments
Less than half of organisations base their cyber defences on strategic vulnerability assessments, and a third of these do the bare minimum to meet compliance requirements, a study shows Continue Reading
-
News
09 Aug 2018
Smart cities a tempting target for cyber attackers
Smart cities are an attractive target for cyber attackers because of the growing number of connected systems embedded throughout their infrastructure Continue Reading
-
News
09 Aug 2018
Brace for more Triton-like attacks, researchers warn
The world has not seen the last of industrial control system (ICS) attacks like Triton, researchers have warned Continue Reading
-
News
09 Aug 2018
Incomplete visibility a top security failing
Incomplete visibility of IT environments is among the most common basic enterprise security failings, as most organisations are still failing to achieve basic cyber security hygiene, a survey reveals Continue Reading
-
News
08 Aug 2018
Financial services firms lack the culture to innovate fast
Finance firms appear to be struggling to release new software quickly, a study from Contino has found Continue Reading
-
News
08 Aug 2018
Check Point warns of WhatsApp vulnerabilities
Researchers are warning of vulnerabilities in WhatsApp that allow threat actors to intercept and manipulate messages sent in a group chat Continue Reading
-
News
08 Aug 2018
Cyber security double agents most common in the UK
Cyber security professionals who alternate between criminal and legitimate activities or move full-time into cyber criminal activity are more common in the UK than other countries, a report reveals Continue Reading
-
News
08 Aug 2018
Australia calls for interventionist approach in new cyber agenda
The Australian government is forming a cyber defence network comprising security agencies and private sector partners to support a more interventionist approach towards cyber security Continue Reading
-
News
07 Aug 2018
AI security hype putting businesses at risk
The hype around artificial intelligence may be putting businesses at risk, according to a study that found most IT decision-makers believe AI is the answer to all cyber security challenges Continue Reading
-
News
07 Aug 2018
Lack of Dmarc email validation puts brands and customers at risk
There is a worldwide lack of Dmarc email validation to defend against fraud and phishing attacks, putting organisations and customers at risk, a study shows Continue Reading
-
News
07 Aug 2018
Industrial control systems a specialised cyber target
Cyber attackers specialising in industrial control systems are fast, efficient and able to move between IT and OT environments, a study has revealed Continue Reading
-
Opinion
06 Aug 2018
Security Think Tank: Outsource responsibility, not accountability
What critical security controls can be outsourced and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately? Continue Reading
-
News
06 Aug 2018
Mobile banking Trojans reach all-time high
Mobile banking Trojans topped the list of cyber threats in the second quarter of the year, according to research by Kaspersky Lab Continue Reading
-
News
06 Aug 2018
Virus outbreak at iPhone chip plant could delay shipments
A computer virus at an iPhone chip manufacturing plant could delay shipments of Apple’s latest smartphones, but the impact will be limited, say analysts Continue Reading
-
Opinion
03 Aug 2018
Security Think Tank: Almost all security can be outsourced, but not the risk
What critical security controls can be outsourced and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately? Continue Reading
-
News
03 Aug 2018
UK security centre to launch IoT security standard
The London-based Centre for Strategic Cyber Space and Security Science is working on an internet of things security standard and has roped in participants from eight markets Continue Reading
-
Opinion
02 Aug 2018
Security Think Tank: Risk tolerance key to security outsourcing policy
What critical security controls can be outsourced, and how do organisations – SMEs in particular – maintain confidence that they are being managed effectively and appropriately? Continue Reading
-
News
02 Aug 2018
Gorgon Group shows simple cyber attacks remain effective
A highly effective cyber attack group that appears to be based in Pakistan is carrying out targeted attacks against nation states at the same time as criminal operations, researchers have found Continue Reading
-
News
02 Aug 2018
Reddit breach exposes 2FA flaws
Reddit has reported a password breach despite using 2FA, exposing the weaknesses of two-factor authentication based on mobile text messages Continue Reading
-
News
02 Aug 2018
Three Carbanak cyber heist gang members arrested
Three alleged members of the Carbanak gang believed to be responsible for more than 100 cyber heists worldwide have been arrested, US authorities have announced Continue Reading
-
Opinion
01 Aug 2018
Security Think Tank: Top things to consider in security outsourcing
What critical security controls can be outsourced, and how do organisations – SMEs in particular – maintain confidence that they are being managed effectively and appropriately? Continue Reading
-
News
01 Aug 2018
Bromium evolves virtualisation-based security
Virtualisation-based security firm Bromium has evolved its technology to offer bidirectional protection for applications and underlying operating systems Continue Reading
-
News
01 Aug 2018
Top dark web indicators of compromise
There are 10 common activities on the dark web that indicate a data breach or some other security compromise has taken place, according to a specialist monitoring firm Continue Reading
-
Opinion
31 Jul 2018
Security Think Tank: A risk-based approach to security outsourcing
What critical security controls can be outsourced and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately? Continue Reading
-
News
31 Jul 2018
SamSam ransomware reaps $5.9m and counting
In just two and a half years, SamSam campaigns are believed to have netted nearly $6m for cyber criminals, an analysis of this adaptive and evasive strain of active ransomware reveals Continue Reading
-
News
31 Jul 2018
Australia’s health sector reports most data breaches again
In the first full quarter since Australia’s mandatory breach disclosure scheme came into effect, healthcare providers reported the most data breaches amid controversy over the national health record system Continue Reading
-
News
31 Jul 2018
Briton ran pro-Kremlin disinformation campaign that helped Trump deny Russian links
A British IT manager and former hacker from Darlington ran a disinformation campaign that duped former US intelligence agents and provided Donald Trump with manufactured “evidence” to deny that Russia interfered with the US election Continue Reading
-
News
30 Jul 2018
Pentagon flags risky software suppliers
The Pentagon has drawn up a list of software suppliers that it wants the US military and defence contractors to avoid due to fears of risks to national security Continue Reading
-
News
29 Jul 2018
Burden of data protection rests on firms and governments
A senior executive at Singapore’s Cyber Security Agency stressed the role of corporate data governance and government regulations in raising the bar on cyber security Continue Reading
-
News
27 Jul 2018
Fileless malware a growing trend, warns McAfee
Cyber attackers are increasingly moving away from traditional malware to using trusted Windows executables to invade systems and breach corporate networks, say security researchers Continue Reading
-
News
27 Jul 2018
Hackers targeting software supply chains, US report warns
A US government report on cyber espionage by China, Russia and Iran says software supply chains are increasingly under attack Continue Reading
-
News
26 Jul 2018
Brace for PowerGhost cryptominer, warns Kaspersky Lab
Corporate networks are the target of a new illicit cryptocurrency mining malware that is difficult to detect and eradicate, security researchers warn Continue Reading
-
News
26 Jul 2018
Crest report highlights need for bug bounty best practice
A lack of best practice guidelines for bug bounties is leaving researchers, organisations and bounty platforms confused and at risk, a report reveals Continue Reading
-
News
26 Jul 2018
Software development remains insecure
The prevalence of common and well-known web-based vulnerabilities underlines the need for better education around secure software development Continue Reading
-
News
26 Jul 2018
Cyber security vulnerability concerns skyrocket
Security professionals are more worried about data breaches and cyber attacks than they were a year ago, with most fearing that Meltdown-Spectre attacks are becoming the norm Continue Reading
-
News
25 Jul 2018
Dark web cyber crime markets thriving
The market for cyber criminals’ services is thriving on the dark web, research reveals Continue Reading
-
News
25 Jul 2018
ERP applications are under cyber attack, research confirms
ERP applications are increasingly being targeted by cyber criminals, hacktivists and nation-state actors, a report reveals Continue Reading
-
News
25 Jul 2018
Apache OpenWhisk users urged to patch
IBM has patched vulnerabilities in its Cloud Functions service that is based on Apache OpenWhisk in response to vulnerability disclosures, and all other users are urged to do the same Continue Reading
-
News
25 Jul 2018
Application attacks demand new security approach
Applying security software updates is an ineffective way to deal with application layer cyber attacks and businesses should change their approach, security experts advise Continue Reading
-
News
25 Jul 2018
Ransomware concern drops despite being top cost
Fewer organisations are worried about ransomware even though it remains one of the most costly cyber attacks Continue Reading
-
News
25 Jul 2018
Australian energy sector caught in security catch-22
With regulators unwilling to accept security investments that would lead to higher tariffs, there is a chance that Australia’s National Energy Market could face increased cyber risks Continue Reading
-
News
24 Jul 2018
Ramp up security to mitigate Office 365 attacks
Public clouds tend to be more secure, but Office 365 has become a major target for attacks, which means internal IT security needs tightening Continue Reading
-
News
24 Jul 2018
Top execs cyber security hypocrites, report shows
There is a critical disconnect between the cyber security behaviour that top executives recommend and the way they behave themselves, while many firms do not know where their data lives and moves, a report reveals Continue Reading
-
News
24 Jul 2018
Singapore public healthcare sector limits internet use
Healthcare workers who require internet access will have to use separate internet workstations following an unprecedented attack on Singapore’s public healthcare system Continue Reading
-
News
23 Jul 2018
Zero trust security model boosts business confidence
Organisations that combine the zero trust security model with next-gen access are more confident about meeting access control challenges, a study shows Continue Reading
-
News
20 Jul 2018
NCSC report underlines cyber threat for legal firms
Legal firms are a top target for cyber attackers, the latest report from the National Cyber Security Centre shows, emphasising the need for comprehensive cyber defence capabilities Continue Reading
-
News
20 Jul 2018
UK alerted to potential cyber risks of Huawei equipment
A report has raised concerns about the shortcomings of Huawei engineering processes, which it says could put UK telecommunications networks at risk Continue Reading
-
News
19 Jul 2018
Cyber criminals use fake domains to scam businesses
UK police are warning businesses that cyber criminals are using fake domains to scam businesses out of hundreds of thousands of pounds Continue Reading
-
News
19 Jul 2018
CNI sector lacks cyber security skills, government warned
The UK’s critical national infrastructure sector is being negatively impacted by the lack of cyber security skills, a report warns Continue Reading
-
News
19 Jul 2018
How Splunk is ‘splunking’ data for APAC enterprises
Splunk’s regional vice-president talks up the company’s business strategy and how its customers are using big data analytics in security and IT operations Continue Reading
-
News
18 Jul 2018
Retail cyber security spending ineffective as breaches rise
Cyber attacks on the retail sector are increasing, and although most retailers plan to increase cyber security spending, planned investments are unlikely to be effective, a report reveals Continue Reading
-
News
18 Jul 2018
Cyber security top priority for aircraft makers, says Airbus
There is a high level of collaboration in the aircraft industry on cyber security, but not all other industries are at the same level, according to an industry veteran at multinational aerospace and defence firm Airbus Continue Reading
-
News
18 Jul 2018
Singapore to bolster threat intelligence sharing in financial sector
Singapore’s Cyber Security Agency has partnered the Financial Services Information Sharing and Analysis Centre to glean cyber threat intelligence for the country’s financial industry Continue Reading
-
E-Zine
17 Jul 2018
CW ANZ: Fix the weak links
Recent reports have suggested that cyber threats are increasingly aimed at critical information infrastructure such as power grids, water treatment plants and transportation networks. While the scale of the problem that Australian industry faces is hard to quantify, no one disputes the threat is real. In this edition of CW ANZ, we look at how Australia is securing its industrial control systems and how it is bridging the security gap between IT and OT teams. Read the issue now. Continue Reading
-
News
17 Jul 2018
Cryptominers plateau while backdoors shoot up
Illicit cryptocurrency mining appears to be slowing down, but backdoors increased rapidly in the second quarter of the year, a report warns Continue Reading
-
News
17 Jul 2018
A third of organisations do not have a security expert, survey shows
Around a third of organisations are vulnerable to cyber attacks due to a lack of dedicated in-house cyber security experts, finds Gartner survey Continue Reading
-
News
16 Jul 2018
Mobile devices lost in London underline security risk
The security risk of lost mobile devices is underlined by the fact that almost 26,000 mobile phones and computing devices were lost in London in the past year alone Continue Reading
-
Feature
16 Jul 2018
Disaster recovery as a service: what you need to know
Technological advances make disaster recovery as a service possible, but Computer Weekly investigates whether it is practical option for all businesses Continue Reading
-
News
16 Jul 2018
ITPS expands datacentre to support Azure Stack and HPC
Datacentre company ITPS expands its County Durham facility to meet client needs for high performance computing and security Continue Reading
-
News
16 Jul 2018
Russian cyber attacks show need for international rules
Russian cyber attacks aimed at influencing foreign elections highlight the need for the international community to agree on rules of conduct and punitive consequences Continue Reading
-
Feature
13 Jul 2018
Matching disaster recovery to cyber threats
While it is important to take steps to prevent cyber attacks, they can still happen. That is why disaster recovery practices are equally critical Continue Reading
-
News
13 Jul 2018
Hackers increasingly targeting cloud infrastructure
Cloud infrastructure is a growing target for cyber attackers because of available computing resources, as well as the repositories of valuable data, a report reveals Continue Reading
-
Opinion
12 Jul 2018
Security Think Tank: A good password policy alone is not enough
In light of the fact that complex passwords are not as strong as most people think and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading
-
News
12 Jul 2018
Cyber attackers cashing in on ‘hidden’ attack surface
Cyber attackers are cashing in on organisations’ lack of visibility into all online interactions that can involve multiple third parties, a report reveals Continue Reading
-
E-Zine
12 Jul 2018
CW Middle East: Can Saudi Arabia build the Silicon Valley of the Middle East?
In April this year, Saudi Arabia’s crown prince Mohammed Bin Salman visited Silicon Valley in the US to meet tech giants such as Apple and Amazon in its efforts to fast-forward the kingdom’s technology capabilities. Read about its lofty ambitions. Also in this issue, read how demand for skilled IT professionals is increasing rapidly in the Middle East, which is facing a talent crunch. Meanwhile, Gulf Cooperation Council smart city initiatives are gathering momentum. Continue Reading
-
News
11 Jul 2018
White-hat hackers find record number of vulnerabilities
White-hat hackers are finding more vulnerabilities than ever before, with crowdsourced security testing continuing to gain popularity, a report reveals Continue Reading
-
News
11 Jul 2018
UK firms too confident about cyber security
Three-quarters of UK companies say their cyber protection is above average, and nearly half think they are a “top performer” despite the growth in data breaches Continue Reading
-
News
10 Jul 2018
Hidden costs of data breaches difficult to manage, study finds
The full cost of “mega breaches” can be up to £264m, with the average UK data breach costing £2.69m, a study has revealed Continue Reading
-
News
10 Jul 2018
Corporate networks vulnerable to insider attacks, report finds
Researchers found that 100% of corporate networks tested in 2017 were vulnerable to insider attacks, with Wi-Fi networks and employees among the top areas of weakness Continue Reading
-
Opinion
10 Jul 2018
Security Think Tank: Some basic password guidelines
In light of the fact that complex passwords are not as strong as most people think and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading
-
News
09 Jul 2018
Collaborative taskforce launches security intelligence network
BAE Systems, Vodafone, cyber security incubator CyLon and other partners have joined forces in unveiling a manifesto for safeguarding society in the digital age Continue Reading
-
Opinion
09 Jul 2018
Security Think Tank: Passwords alone are not good enough
In the light of the fact that complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading
-
News
09 Jul 2018
Inside one of the world’s largest bug bounty programmes
Trend Micro’s Zero Day Initiative may be the top external supplier of software bug reporting for Microsoft and Adobe, but that does not mean it purchases every type of bug Continue Reading
-
News
06 Jul 2018
Infosec community welcomes bank sector focus on cyber resilience
The information security community has welcomed regulators’ call on the banking industry to demonstrate their capability to respond to cyber attacks because it highlights the importance of cyber resilience for all businesses Continue Reading
-
Opinion
05 Jul 2018
Security Think Tank: How to create good passwords and add security layers
In light of the fact complex passwords are not as strong as most people think and most password strategies inevitably lead to people following them blindly, what actually makes a good password - and when is a password alone not enough? Continue Reading
-
News
05 Jul 2018
Beware blockchain security blindspots, warns RSA
Companies need to ensure that rushed blockchain and other new technology projects are not introducing security vulnerabilities by gaining granular visibility of network activity, according to RSA Security Continue Reading
-
Opinion
04 Jul 2018
Security Think Tank: Complex passwords provide a false sense of security
In the light of the fact that complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading
-
News
04 Jul 2018
Israel accuses Hamas of using spy apps to target soldiers
Israel has accused Hamas of using apps to hijack soldiers’ phones to spy on them, and UK defence secretary demonstrates how effective that could be Continue Reading
-
Opinion
03 Jul 2018
Security Think Tank: Use pass phrases and 2FA to beef up access control
In light of the fact complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password – and when is a password alone not enough? Continue Reading
-
Opinion
02 Jul 2018
Security Think Tank: Put more layers around passwords to up security
In light of the fact that complex passwords are not as strong as most people think and most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading
-
News
02 Jul 2018
Linux targeted by illicit cryptocurrency miners
Cryptojacking is increasingly being used by cyber criminals to raise funds, Watchguard report reveals Continue Reading
-
News
02 Jul 2018
HMRC deactivates record number of fake websites
HM Revenue & Customs has removed more than 20,000 malicious websites in the past year, but warns people to stay alert to the threat from online fraudsters Continue Reading
-
News
01 Jul 2018
Australian government grappling with digital transformation woes
Digital transformation in Australia’s public sector has been beset by soaring rhetoric and vague aspirations by government, a new report reveals Continue Reading
-
Opinion
01 Jul 2018
Cyber security – why you’re doing it all wrong
Most organisations can list the IT security tools and controls they have, so why do most of them still get the security basics wrong? Continue Reading
-
Blog Post
29 Jun 2018
Millennial versus Mature – who's the real IT security risk?
Passwords have been the mainstay for securing applications, devices and the data they hold, pretty much ever since IT was invented. It’s an approach that has always had weaknesses though, mostly ... Continue Reading
-
News
29 Jun 2018
UK government cyber security standard welcomed
The information security community has welcomed the publication of the government’s minimum cyber security standard, which could be used by any organisation to improve its cyber defences Continue Reading
-
News
29 Jun 2018
GDPR exposes breach reporting flaws
In the month since the GDPR compliance deadline, it has become clear that many organisations are not well prepared for personal data breach notifications, says PwC’s data protection lead Continue Reading
-
News
29 Jun 2018
NHS Digital signs three-year cyber security partnership with IBM
Partnership with IBM aims to bolster cyber security responses and defences, including expanding NHS Digital’s Cyber Security and Operations Centre Continue Reading
-
News
28 Jun 2018
Ticketmaster warns of third-party data breach
Ticketmaster has warned of a potential data breach through malware found in a third-party customer support service, underlining the importance of supply chain security Continue Reading
-
News
27 Jun 2018
Cyber criminals 'infect and collect' in cryptojacking surge
Illicit cryptocurrency mining offers cyber criminals lower risk, higher efficacy and greater ease of making money, adding passive exploitation to ransomware extortion, data breach theft and fraud, a report reveals Continue Reading