IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
25 Oct 2024
Dutch critical infrastructure at risk despite high leadership confidence
Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise Continue Reading
-
News
11 Jul 2024
Dutch research firm TNO pictures the SOC of the future
In only a few years, security operations centres will have a different design and layout, and far fewer will remain Continue Reading
-
Opinion
11 Sep 2018
Security Think Tank: Four steps to managing software vulnerabilities
What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
News
11 Sep 2018
British Airways data breach: Security researchers name suspects and query attack timeline
Security researchers claim to have pinpointed the cause and perpetrators of the British Airways data breach, and also claim the attackers may have had access to its customer data for far longer than previously thought Continue Reading
-
News
11 Sep 2018
UK security vetting IT system failing, says NAO
The National Audit Office is critical of the government’s project to centralise its security vetting process, as the IT system has been plagued by failures from the start and has led to serious delays Continue Reading
-
News
10 Sep 2018
Cyber criminals outspend businesses in cyber security battle
Cybercriminals are flexing their financial might and UK organisations are facing more attacks as a result Continue Reading
-
Opinion
10 Sep 2018
Security Think Tank: Balancing cost and risk in software vulnerability management
What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
Opinion
07 Sep 2018
Security Think Tank: No shortcuts to addressing software vulnerabilities
What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
News
07 Sep 2018
North Korean programmer charged for WannaCry attacks
The US has charged a member of a group of North Korean hackers linked to the WannaCry, Sony Pictures and other cyber attacks around the world Continue Reading
-
News
07 Sep 2018
Ransomware down, but not out, report reveals
Cryptojacking has taken over from ransomware as the top money spinner for cyber criminals, but the threat is not over and spam is also seeing a resurgence as an attack method, a report reveals Continue Reading
-
News
06 Sep 2018
Chrome 69 security improvements welcomed
The cyber security community has welcomed the improvements in the latest version of the Chrome browser, especially when it comes to generating strong, unique passwords Continue Reading
-
Opinion
06 Sep 2018
Security Think Tank: How to manage software vulnerabilities
What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
News
05 Sep 2018
Half a million UK firms hit by CEO fraud, Lloyds Bank estimates
Nearly 500,000 UK businesses are being hit by impersonation fraud, according to estimations by Lloyds Bank, with the legal sector most at risk Continue Reading
-
News
05 Sep 2018
People top target for cyber attackers, report confirms
As security controls have improved, cyber attackers are increasingly focusing their efforts on people within organisations as a way into corporate IT systems, a report confirms Continue Reading
-
Opinion
05 Sep 2018
Security Think Tank: How to achieve software hygiene
What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
Opinion
04 Sep 2018
Security Think Tank: Eight controls to manage software vulnerabilities
What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
News
04 Sep 2018
UK and allies call for backdoors in encryption products
The Five Eyes intelligence alliance is calling on tech firms to include backdoors in their encrypted products to give access to law enforcement authorities or face various measures Continue Reading
-
Opinion
03 Sep 2018
Security Think Tank: Follow good practice to reduce risk of software vulnerabilities
What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
News
03 Sep 2018
Majority of UK firms not insured for data breaches
Many UK firms are not insured against information security breaches and data loss, and would have to spend £1m on average to recover from a breach, a report reveals Continue Reading
-
News
31 Aug 2018
Security Serious Week to feature flash mob event
“Flash mob” event will create a human collage, highlighting cyber security advice Continue Reading
-
News
31 Aug 2018
Fraudulent money transfers are top aim of business email compromise
Business email compromise is increasingly popular with cyber criminals to steal money and information as well as spread malware, security researchers find Continue Reading
-
News
30 Aug 2018
Cobalt cyber heist group mounts new campaign
Security researchers discover new campaign using two malicious links to double the chances of infection, which is believed to be linked to a notorious cyber crime group Continue Reading
-
News
30 Aug 2018
Machine identity management crisis looming
Managing machine identities is looming as the next big security challenge, a study reveals, with few organisations capable of protecting them as they increasingly form the basis of online communications Continue Reading
-
News
29 Aug 2018
Improving security is top driver for ISO 27001
Organisations are implementing the ISO 27001 standard in recognition of the fact that cyber attacks are increasingly inevitable and that it is best to be well-prepared to fend off attacks and mitigate their effect Continue Reading
-
News
29 Aug 2018
Security teams and C-suite exec views not aligned
There are key differences and potential challenges when it comes to security teams and C-suite executives communicating and aligning about cyber threats, a study shows Continue Reading
-
News
29 Aug 2018
IT leaders at a crossroads as they grapple with digital technology
CIOs have the opportunity to influence their company strategy as digital technology reshapes business. A survey of CIOs across 70 countries charts a path for IT leaders through emerging technologies Continue Reading
-
News
28 Aug 2018
Cyber attackers switching to covert tactics
Cyber criminals are moving away from mass, high-profile attacks to ones that are stealthy and more subtle – as well as attacks targeting systems typically used in critical infrastructure, researchers say Continue Reading
-
Opinion
28 Aug 2018
Information security risk – keeping it simple
Organisations should start with risk management to understand information security risks and communicate them better internally Continue Reading
-
News
28 Aug 2018
Sharp rise in business email compromise
Cyber attackers are expanding their attack methods to steal money and to gain access to corporate and employee data, a report reveals Continue Reading
-
News
24 Aug 2018
UK universities targeted by Iranian hackers
UK universities are among those targeted by a cyber threat group associated with the Iranian government Continue Reading
-
News
24 Aug 2018
North Koreans add Mac OS to cryptocurrency-stealing malware attacks
A North Korean hacking group is targeting cryptocurrency exchanges using Trojanised cryptocurrency trading software designed for both Microsoft’s Windows and Apple’s Mac OS, say researchers Continue Reading
-
News
23 Aug 2018
Apache Struts users urged to update due to new security flaw
Another security flaw has been discovered in the Apache Struts, which was at the heart of the massive Equifax data breach in 2017 Continue Reading
-
News
23 Aug 2018
Councils at risk from unsupported Windows Server and SQL Server
Some local authorities are using unsupported server software, while others are not paying for extended support Continue Reading
-
News
22 Aug 2018
European cloud adopters still lack basic security
Despite outpacing the rest of the world, the majority of organisations adopting cloud in Europe, the Middle East and Africa lack basic security, a report reveals Continue Reading
-
News
22 Aug 2018
Superdrug denies data breach
Superdrug has warned online customers it believes may have had personal details exposed, but claims its systems were not compromised, in what could be the first GDPR-related extortion attempt Continue Reading
-
News
21 Aug 2018
New Zealand to run national cyber security exercise
The island-nation will test the resilience of its critical infrastructure in November 2018, bringing together multiple agencies to protect assets of national significance Continue Reading
-
News
21 Aug 2018
Online crime costs more than $1m a minute
More than $1m is lost to cyber crime every minute, a report reveals, underlining the increasing and significant threats businesses face online Continue Reading
-
News
21 Aug 2018
Retail and finance top cyber targets
Retail and finance remain the top cyber attack targets, but the second quarter also saw a spike in attacks against the manufacturing industry and an increase in remote desktop attacks, a report reveals Continue Reading
-
News
21 Aug 2018
Malaysia’s financial sector warms up to cloud, but lacks security leadership
Almost two-thirds of Malaysia’s financial services firms are developing a cloud strategy, but not all have a security plan in place Continue Reading
-
Opinion
20 Aug 2018
AI: Black boxes and the boardroom
Computers can and do make mistakes and AI is only as good its training so relying purely on machine intelligence to make critical decisions is risky Continue Reading
-
News
17 Aug 2018
ASEAN firms need to overcome DevOps hurdles
Southeast Asia has had pockets of success with DevOps, but most organisations across the region will need to overcome cultural and legacy challenges to succeed Continue Reading
-
News
16 Aug 2018
Global infosec spending to top $114bn in 2018, says Gartner
The need for improved detection, response and privacy is driving the demand for security products and services in response to security risks, business needs and industry changes, Gartner reveals Continue Reading
-
Feature
16 Aug 2018
Inside DevOps, containers and enterprise security
Global corporates are waking up to containers and orchestrated containerisation for software development that is fast and safe. Computer Weekly looks at the best approach to ensure security is not compromised along the way Continue Reading
-
News
16 Aug 2018
Google Chrome flaw puts privacy at risk
Imperva security researcher urges Google Chrome users to update to the latest version after discovering a vulnerability that could be exploited to uncover private data Continue Reading
-
News
15 Aug 2018
The National Archives deploys Egress to support FoI requests
Egress Secure Workspace is being used by the Advisory Council for The National Archives, who require a collaboration environment to assess FoI requests Continue Reading
-
News
15 Aug 2018
ICS security at risk in key verticals, report shows
The security of industrial control systems (ICS) is at risk in key verticals due to under staffing, under investment and human error, a report reveals Continue Reading
-
News
15 Aug 2018
Intel releases fix for latest chip security flaws
Businesses and consumers are advised to download security updates from Intel for new security flaws that could allow attackers to access protected data, but some cloud providers could see a performance impact Continue Reading
-
News
14 Aug 2018
Businesses urged to patch Microsoft flaw allowing MFA bypass
Security researchers are urging enterprises to update their software after the discovery of a vulnerability that could undermine the security provided by multifactor authentication Continue Reading
-
Opinion
14 Aug 2018
Security Think Tank: Outsource security operations, not control
What critical security controls can be outsourced and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately? Continue Reading
-
E-Zine
14 Aug 2018
Cyber attackers target infrastructure
In this week’s Computer Weekly, we find out about the growing sophistication of cyber attackers who specialise in industrial control systems. They are fast, efficient and able to move between IT and OT environments. We also discover how few businesses in general are reporting cyber crime, as they should. The issue also tracks Google’s playing court to the C-suite, with respect to cloud computing. Read the issue now. Continue Reading
-
News
14 Aug 2018
FBI warns of global ATM cyber crime spree
The FBI has issued a warning to banks that cyber criminals are planning to steal millions in a coordinated worldwide attack on cash machines Continue Reading
-
News
13 Aug 2018
Banks lead in digital era fraud detection
All e-commerce businesses should follow the banks’ lead in how to detect fraud in the digital era, says RSA fraud and risk expert Continue Reading
-
News
13 Aug 2018
Most security pros concerned about election infrastructure
A majority of information security professionals believe that election infrastructure is vulnerable to cyber attack, a survey shows Continue Reading
-
News
13 Aug 2018
UK firms concerned about cyber arms race
Continuous investment and activity are key in the cyber arms race, according to Databarracks, as research shows UK firms are worried about keeping up with security challenges Continue Reading
-
News
13 Aug 2018
Millions of businesses vulnerable to fax-based cyber attack
Hackers could exploit security vulnerabilities in fax machines to launch cyber attacks in millions of organisations around the world, researchers warn, underlining the need for cyber resilience Continue Reading
-
News
12 Aug 2018
Over 146 billion records to be stolen over next five years
The US will bear the brunt of data exfiltration efforts by cyber criminals, though Asia-Pacific nations such as Singapore will not be spared Continue Reading
-
News
10 Aug 2018
Mimecast extends core email security to enable cyber resilience
Mimecast continues to widen its cyber security capability through in-house development and strategic acquisition, as well as extend its core email security technologies to all other areas it applies Continue Reading
-
News
10 Aug 2018
NCR patches ATM vulnerabilities
NCR has patched ATM vulnerabilities discovered by Positive Technologies Continue Reading
-
News
09 Aug 2018
Under half of firms use vulnerability assessments
Less than half of organisations base their cyber defences on strategic vulnerability assessments, and a third of these do the bare minimum to meet compliance requirements, a study shows Continue Reading
-
News
09 Aug 2018
Smart cities a tempting target for cyber attackers
Smart cities are an attractive target for cyber attackers because of the growing number of connected systems embedded throughout their infrastructure Continue Reading
-
News
09 Aug 2018
Brace for more Triton-like attacks, researchers warn
The world has not seen the last of industrial control system (ICS) attacks like Triton, researchers have warned Continue Reading
-
News
09 Aug 2018
Incomplete visibility a top security failing
Incomplete visibility of IT environments is among the most common basic enterprise security failings, as most organisations are still failing to achieve basic cyber security hygiene, a survey reveals Continue Reading
-
News
08 Aug 2018
Financial services firms lack the culture to innovate fast
Finance firms appear to be struggling to release new software quickly, a study from Contino has found Continue Reading
-
News
08 Aug 2018
Check Point warns of WhatsApp vulnerabilities
Researchers are warning of vulnerabilities in WhatsApp that allow threat actors to intercept and manipulate messages sent in a group chat Continue Reading
-
News
08 Aug 2018
Cyber security double agents most common in the UK
Cyber security professionals who alternate between criminal and legitimate activities or move full-time into cyber criminal activity are more common in the UK than other countries, a report reveals Continue Reading
-
News
08 Aug 2018
Australia calls for interventionist approach in new cyber agenda
The Australian government is forming a cyber defence network comprising security agencies and private sector partners to support a more interventionist approach towards cyber security Continue Reading
-
News
07 Aug 2018
AI security hype putting businesses at risk
The hype around artificial intelligence may be putting businesses at risk, according to a study that found most IT decision-makers believe AI is the answer to all cyber security challenges Continue Reading
-
News
07 Aug 2018
Lack of Dmarc email validation puts brands and customers at risk
There is a worldwide lack of Dmarc email validation to defend against fraud and phishing attacks, putting organisations and customers at risk, a study shows Continue Reading
-
News
07 Aug 2018
Industrial control systems a specialised cyber target
Cyber attackers specialising in industrial control systems are fast, efficient and able to move between IT and OT environments, a study has revealed Continue Reading
-
Opinion
06 Aug 2018
Security Think Tank: Outsource responsibility, not accountability
What critical security controls can be outsourced and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately? Continue Reading
-
News
06 Aug 2018
Mobile banking Trojans reach all-time high
Mobile banking Trojans topped the list of cyber threats in the second quarter of the year, according to research by Kaspersky Lab Continue Reading
-
News
06 Aug 2018
Virus outbreak at iPhone chip plant could delay shipments
A computer virus at an iPhone chip manufacturing plant could delay shipments of Apple’s latest smartphones, but the impact will be limited, say analysts Continue Reading
-
Opinion
03 Aug 2018
Security Think Tank: Almost all security can be outsourced, but not the risk
What critical security controls can be outsourced and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately? Continue Reading
-
News
03 Aug 2018
UK security centre to launch IoT security standard
The London-based Centre for Strategic Cyber Space and Security Science is working on an internet of things security standard and has roped in participants from eight markets Continue Reading
-
Opinion
02 Aug 2018
Security Think Tank: Risk tolerance key to security outsourcing policy
What critical security controls can be outsourced, and how do organisations – SMEs in particular – maintain confidence that they are being managed effectively and appropriately? Continue Reading
-
News
02 Aug 2018
Gorgon Group shows simple cyber attacks remain effective
A highly effective cyber attack group that appears to be based in Pakistan is carrying out targeted attacks against nation states at the same time as criminal operations, researchers have found Continue Reading
-
News
02 Aug 2018
Reddit breach exposes 2FA flaws
Reddit has reported a password breach despite using 2FA, exposing the weaknesses of two-factor authentication based on mobile text messages Continue Reading
-
News
02 Aug 2018
Three Carbanak cyber heist gang members arrested
Three alleged members of the Carbanak gang believed to be responsible for more than 100 cyber heists worldwide have been arrested, US authorities have announced Continue Reading
-
Opinion
01 Aug 2018
Security Think Tank: Top things to consider in security outsourcing
What critical security controls can be outsourced, and how do organisations – SMEs in particular – maintain confidence that they are being managed effectively and appropriately? Continue Reading
-
News
01 Aug 2018
Bromium evolves virtualisation-based security
Virtualisation-based security firm Bromium has evolved its technology to offer bidirectional protection for applications and underlying operating systems Continue Reading
-
News
01 Aug 2018
Top dark web indicators of compromise
There are 10 common activities on the dark web that indicate a data breach or some other security compromise has taken place, according to a specialist monitoring firm Continue Reading
-
Opinion
31 Jul 2018
Security Think Tank: A risk-based approach to security outsourcing
What critical security controls can be outsourced and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately? Continue Reading
-
News
31 Jul 2018
SamSam ransomware reaps $5.9m and counting
In just two and a half years, SamSam campaigns are believed to have netted nearly $6m for cyber criminals, an analysis of this adaptive and evasive strain of active ransomware reveals Continue Reading
-
News
31 Jul 2018
Australia’s health sector reports most data breaches again
In the first full quarter since Australia’s mandatory breach disclosure scheme came into effect, healthcare providers reported the most data breaches amid controversy over the national health record system Continue Reading
-
News
31 Jul 2018
Briton ran pro-Kremlin disinformation campaign that helped Trump deny Russian links
A British IT manager and former hacker from Darlington ran a disinformation campaign that duped former US intelligence agents and provided Donald Trump with manufactured “evidence” to deny that Russia interfered with the US election Continue Reading
-
News
30 Jul 2018
Pentagon flags risky software suppliers
The Pentagon has drawn up a list of software suppliers that it wants the US military and defence contractors to avoid due to fears of risks to national security Continue Reading
-
News
29 Jul 2018
Burden of data protection rests on firms and governments
A senior executive at Singapore’s Cyber Security Agency stressed the role of corporate data governance and government regulations in raising the bar on cyber security Continue Reading
-
News
27 Jul 2018
Fileless malware a growing trend, warns McAfee
Cyber attackers are increasingly moving away from traditional malware to using trusted Windows executables to invade systems and breach corporate networks, say security researchers Continue Reading
-
News
27 Jul 2018
Hackers targeting software supply chains, US report warns
A US government report on cyber espionage by China, Russia and Iran says software supply chains are increasingly under attack Continue Reading
-
News
26 Jul 2018
Brace for PowerGhost cryptominer, warns Kaspersky Lab
Corporate networks are the target of a new illicit cryptocurrency mining malware that is difficult to detect and eradicate, security researchers warn Continue Reading
-
News
26 Jul 2018
Crest report highlights need for bug bounty best practice
A lack of best practice guidelines for bug bounties is leaving researchers, organisations and bounty platforms confused and at risk, a report reveals Continue Reading
-
News
26 Jul 2018
Software development remains insecure
The prevalence of common and well-known web-based vulnerabilities underlines the need for better education around secure software development Continue Reading
-
News
26 Jul 2018
Cyber security vulnerability concerns skyrocket
Security professionals are more worried about data breaches and cyber attacks than they were a year ago, with most fearing that Meltdown-Spectre attacks are becoming the norm Continue Reading
-
News
25 Jul 2018
Dark web cyber crime markets thriving
The market for cyber criminals’ services is thriving on the dark web, research reveals Continue Reading
-
News
25 Jul 2018
ERP applications are under cyber attack, research confirms
ERP applications are increasingly being targeted by cyber criminals, hacktivists and nation-state actors, a report reveals Continue Reading
-
News
25 Jul 2018
Apache OpenWhisk users urged to patch
IBM has patched vulnerabilities in its Cloud Functions service that is based on Apache OpenWhisk in response to vulnerability disclosures, and all other users are urged to do the same Continue Reading
-
News
25 Jul 2018
Application attacks demand new security approach
Applying security software updates is an ineffective way to deal with application layer cyber attacks and businesses should change their approach, security experts advise Continue Reading
-
News
25 Jul 2018
Ransomware concern drops despite being top cost
Fewer organisations are worried about ransomware even though it remains one of the most costly cyber attacks Continue Reading
-
News
25 Jul 2018
Australian energy sector caught in security catch-22
With regulators unwilling to accept security investments that would lead to higher tariffs, there is a chance that Australia’s National Energy Market could face increased cyber risks Continue Reading
-
News
24 Jul 2018
Ramp up security to mitigate Office 365 attacks
Public clouds tend to be more secure, but Office 365 has become a major target for attacks, which means internal IT security needs tightening Continue Reading
-
News
24 Jul 2018
Top execs cyber security hypocrites, report shows
There is a critical disconnect between the cyber security behaviour that top executives recommend and the way they behave themselves, while many firms do not know where their data lives and moves, a report reveals Continue Reading
-
News
24 Jul 2018
Singapore public healthcare sector limits internet use
Healthcare workers who require internet access will have to use separate internet workstations following an unprecedented attack on Singapore’s public healthcare system Continue Reading