IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
25 Oct 2024
Dutch critical infrastructure at risk despite high leadership confidence
Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise Continue Reading
-
News
11 Jul 2024
Dutch research firm TNO pictures the SOC of the future
In only a few years, security operations centres will have a different design and layout, and far fewer will remain Continue Reading
-
News
03 Mar 2023
White House unveils National Cybersecurity Strategy
The strategy will focus on ensuring closer collaboration on cyber security between government and industry, while giving software and other tech companies a bigger role in combatting threats due to their resources and expertise Continue Reading
-
News
02 Mar 2023
AI interview: Michael Osborne, professor of machine learning
Artificial intelligence researcher speaks with Computer Weekly about the implications of a market-driven AI arms race and the overwhelming dominance of the private sector over the technology Continue Reading
-
News
02 Mar 2023
Uber introduces dynamic pricing algorithm in London
The dynamic pricing algorithm will allow Uber to set variable pay and pricing levels, but drivers are concerned about how their personal data will be used and the impact the algorithm will have on their livelihoods Continue Reading
-
News
02 Mar 2023
WH Smith staff data accessed in cyber attack
The retailer has said that customer data has not been affected by the incident as it is held in different systems, and that investigations into the attack are ongoing Continue Reading
-
News
02 Mar 2023
Salt Labs identifies OAuth security flaw within Booking.com
Security flaw in Booking.com OAuth implementation could be used to launch account takeovers, but researchers discovered and flagged the issue before it could be exploited in the wild Continue Reading
-
News
01 Mar 2023
Data breaches in Australia on the rise, says OAIC
Cyber security incidents were the cause of most data breaches, which rose by 26% in the second half of 2022, according to the Office of the Australian Information Commissioner Continue Reading
-
Opinion
28 Feb 2023
Security Think Tank: Training can no longer be a compliance exercise
Historically, security training has tended to take a compliance-based focus, a ‘tick-box’ exercise using generic, off-the-shelf courses. This needs to change, says Hayley Watson of Turnkey Consulting. Continue Reading
-
Opinion
27 Feb 2023
Cyber training in 2023 needs to drive measurable change
2023 will see more focus on security training programmes that not only provide employees with an understanding of the risks they face but more importantly drive measurable behavioural change, says PA Consulting’s Richard Allen Continue Reading
-
News
24 Feb 2023
UK police have ‘culture of retention’ around biometric data
A culture of retention around biometric data in UK policing is damaging public trust, says UK biometrics commissioner, who is calling for clear regulation to govern police use of biometric technologies Continue Reading
-
News
23 Feb 2023
WithSecure proposes ‘undo’ button for ransomware
WithSecure’s Activity Monitor technology supposedly overcomes the shortcomings of sandbox test environments, and may be able to stop ransomware attacks from ever happening Continue Reading
-
News
23 Feb 2023
How APAC organisations can harness the power of IoT
In a panel discussion moderated by Computer Weekly, industry experts from across Asia-Pacific discussed the use cases, challenges and future developments in the internet of things Continue Reading
-
News
22 Feb 2023
UK forces lead live-fire cyber war exercise
The seven-day Defence Cyber Marvel 2 exercise put cyber responders from 11 countries through their paces Continue Reading
-
News
22 Feb 2023
Researchers find new bug ‘class’ in Apple devices
A group of vulnerabilities in Apple products that stem from the ForcedEntry exploit used by spyware firm NSO constitutes a whole new class of bug, say researchers at Trellix Continue Reading
-
News
22 Feb 2023
Dutch cyber security professionals experience stress akin to soldiers in war zone, claims expert
Cyber attacks are taking a heavy toll on Dutch IT professionals, with over a third reporting that their mental health suffers as a result Continue Reading
-
News
22 Feb 2023
Half of cyber leaders to switch jobs by 2025, citing stress
A substantial number of cyber security leaders are plotting their great escape, saying the industry is leaving them too stressed to go on, according to a study Continue Reading
-
Opinion
21 Feb 2023
Cyber security training: Insights for future professionals
Future cyber security professionals need soft skills as well as technical ones, says security educator Sudeep Subramanian Continue Reading
-
News
21 Feb 2023
US government Strike Force aims to prevent adversaries from accessing disruptive tech
The US Strike Force law enforcement initiative will target rogue nation-states that pose a national security threat Continue Reading
-
News
20 Feb 2023
Singapore organisations struggle to operationalise threat intelligence
Organisations in the city-state were satisfied with the quality of their threat intelligence, but they struggled to operationalise the information due to talent shortages and other challenges Continue Reading
-
Feature
20 Feb 2023
Accreditation key to enterprise security
We look at how industry-recognised certification enables security chiefs to improve the strength of their security team Continue Reading
-
Opinion
16 Feb 2023
Security Think Tank: New trends and drivers in cyber security training
Self-paced, interactive, bite-sized learning is becoming the optimum path for cyber security training in the workplace, says John Tolbert of KuppingerCole Continue Reading
-
News
16 Feb 2023
How to tame the identity sprawl
Organisations should find a comprehensive way to gain full visibility into their digital identities and leverage automation to tame the identify sprawl Continue Reading
-
News
15 Feb 2023
Multi-purpose malwares can use more than 20 MITRE ATT&CK TTPs
Report warns of the development of increasingly sophisticated, multi-purpose malwares, and calls on defenders to play close attention to the MITRE ATT&CK framework to ward them off Continue Reading
-
Opinion
15 Feb 2023
What charities should know about ransomware and reputational threats
The NCSC recently called for charities to elevate their cyber security practice. Find out why charities are a soft target for cyber criminals, and what they can do to fight back Continue Reading
-
News
15 Feb 2023
Microsoft fixes three zero-days in February update
February’s Patch Tuesday update contains fixes for three previously unpublicised zero-days in Microsoft Office, Windows Graphics Component and Windows Common Log File System Driver Continue Reading
-
News
14 Feb 2023
Vidar, nJRAT re-emerge as prominent malware threats in January
Trojans and infostealers once again dominate the list of most commonly observed threats, according to Check Point’s latest telemetry Continue Reading
-
News
14 Feb 2023
UK authorities clamp down on illegal crypto ATMs
The Financial Conduct Authority and West Yorkshire Police have disrupted a number of illegal crypto ATMs Continue Reading
-
News
14 Feb 2023
OSC&R framework to stop supply chain attacks in the wild
The backers of a new MITRE ATT&CK style framework called OSC&R hope to help organisations get to grips with threats to their software supply chains Continue Reading
-
News
14 Feb 2023
Researcher exposes crypto scam network exploiting YouTube
A massive network of fake YouTube videos promoted by automated sock puppet accounts is reeling in hundreds of cryptocurrency enthusiasts and persuading them to hand over their money, WithSecure researchers found Continue Reading
-
Opinion
14 Feb 2023
How to protect your business from fraud during a recession
This winter, the chilly winds of a global recession have fraudsters turning up the heat. PJ Rohall of SEON Fraud Fighters shares some guidance on how to bundle up against fraud Continue Reading
-
News
13 Feb 2023
Russian spear phishing campaign escalates efforts toward critical UK, US and European targets
Russian hacking group Seaborgium refines its tactics in a continuation of attacks against targets including not-for-profit organisations with geopolitical affiliations Continue Reading
-
News
13 Feb 2023
Investigatory Powers Act: Home Office proposes rethink of safeguards on bulk data collection
David Anderson KC will review the safeguards on intelligence service and police use of bulk datasets following a Home Office assessment that they are 'disproportionate'. Continue Reading
-
News
13 Feb 2023
Security buyers lack insight into threats, attackers, report finds
The majority of cyber security purchasing decisions are made without proper insight into the attackers organisations are facing, according to a Mandiant report Continue Reading
-
News
13 Feb 2023
Killnet DDoS attacks disrupt Nato websites
A series of distributed denial of service attacks on various public websites belonging to the Nato alliance were largely repelled but some resources remain unavailable Continue Reading
-
News
13 Feb 2023
Whistleblower in limbo as sensitive NatWest customer files remain under her bed
Whistleblower and NatWest at stalemate as regulators leave it up to them to come to an agreement on return of sensitive customer data Continue Reading
-
News
09 Feb 2023
How Check Point is keeping pace with the cyber security landscape
Check Point Software CEO Gil Shwed talks up the company’s growth areas, its approach to cloud security and the impact of generative AI on cyber security Continue Reading
-
Opinion
08 Feb 2023
Security Think Tank: Poor training is worse than no training at all
Bad security training is a betrayal of users, a security risk, and ultimately a waste of money, but there are some reasons to be optimistic about the future, say Mike Gillespie and Ellie Hurst of Advent IM Continue Reading
-
News
08 Feb 2023
Russian hacking group Seaborgium targets SNP MP Stewart McDonald
Scottish National Party MP Stewart McDonald says his personal emails have been hacked by a group linked to the Russian state in a targeted phishing attack Continue Reading
-
News
08 Feb 2023
Campaigners lament lack of movement on Computer Misuse Act reform
Westminster has opened a new consultation on proposed reforms to the Computer Misuse Act of 1990, but campaigners who want the law changed to protect cyber professionals have been left disappointed Continue Reading
-
Feature
07 Feb 2023
The one problem with AI content moderation? It doesn’t work
The use of artificial intelligence for content moderation is likely to become more pronounced with the passage of the Online Safety Bill, but practitioners and experts question the efficacy of this approach Continue Reading
-
Feature
07 Feb 2023
APAC buyer’s guide to SASE
In this buyer’s guide on secure access service edge services, we look at the benefits of the technology, key considerations and the market landscape Continue Reading
-
News
06 Feb 2023
Online banks still riddled with cyber security flaws, report says
Online bank Virgin Money was found to have the weakest online and application security measures in a Which? study but Nationwide, TSB and The Co-Operative Bank all failed on multiple points, too. Continue Reading
-
E-Zine
06 Feb 2023
Making IT security training stick
In this week’s Computer Weekly, our latest buyer’s guide looks at IT security training, and asks whether gamification could be the secret to making it stick. We examine how the metaverse might change the way we work in real life. And we find out how job cuts across the tech sector affect employment opportunities for IT contractors in 2023. Read the issue now. Continue Reading
-
News
06 Feb 2023
Executive interview, Eric Muntz, Mailchimp
We speak to Intuit Mailchimp’s former CTO about how the company manages IT engineering and supports different ways of working Continue Reading
-
News
06 Feb 2023
The Security Interviews: How to overcome data protection compliance challenges
Complying with the vast swathe of data protection legislation around the world is complex, especially for smaller organisations without the necessary expertise. Could the compliance process be simplified, and if so, how? Continue Reading
-
News
06 Feb 2023
Ransomware operator turns their fire on two-year-old VMware bug
A vulnerability in VMware ESXi servers that users should have patched in 2021 is now being exploited to spread ransomware Continue Reading
-
News
05 Feb 2023
Australian organisations underinvesting in cyber security
Over half of Australian organisations failed to invest enough in cyber security over past three years, though awareness is improving in aftermath of high-profile data breaches Continue Reading
-
News
03 Feb 2023
LockBit gang confirms Ion cyber attack as disruption continues
The LockBit ransomware cartel has taken responsibility for this week’s attack on financial software firm Ion, and is threatening to leak stolen data on Saturday 4 February Continue Reading
-
News
03 Feb 2023
FCA cracks down on misleading promos by social media influencers
Social media is becoming a major part of the FCA’s work in clamping down on misleading financial advertising and promotions, with multiple influencers rapped for their behaviour Continue Reading
-
Opinion
03 Feb 2023
Security Think Tank: In 2023, we need a new way to cultivate better habits
Regular, small adjustments to behaviour offer a better way to keep employees on track and cultivate a corporate culture of cyber awareness, writes Elastic’s Mandy Andress Continue Reading
-
Opinion
02 Feb 2023
Security Think Tank: Getting the training and development mix right
Rob Dartnall, CEO at SecAlliance and chair of Crest’s UK Council, describes the need for formal, varied and continuous development in the cyber security sector Continue Reading
-
News
02 Feb 2023
Suspected LockBit ransomware attack causes havoc in City of London
A suspected LockBit ransomware attack on trading software firm Ion has caused chaos for City of London traders Continue Reading
-
News
01 Feb 2023
Cisco fixes two bugs that could have led to supply chain attacks on users
Two vulnerabilities uncovered in Cisco hardware could have opened the door to serious supply chain cyber attacks, according to the Trellix researchers who found them Continue Reading
-
News
01 Feb 2023
Cloud security top risk to enterprises in 2023, says study
A PwC study finds senior executives expect cyber attacks on cloud services to increase significantly this year Continue Reading
-
News
01 Feb 2023
CryptoRom scam abuses Apple and Google app stores to claim victims
Sophos researchers report on two fake apps used by romance scammers to lure victims into parting with their money, both of which were able to escape the attention of Apple and Google app store safeguards Continue Reading
-
News
01 Feb 2023
UK Cyber Council and ISACA launch audit, assurance programme
The UK Cyber Security Council has teamed up with ISACA to partner on a new audit and assurance programme for security pros Continue Reading
-
Opinion
01 Feb 2023
Tips on improving cyber training for home workers
How better security training can help firms tackle new cyber threats facing remote workers Continue Reading
-
News
31 Jan 2023
Cyber training firm launches £20k data protection scholarship
Training specialist Freevacy has launched a £20,000 scholarship fund to train data privacy and protection professionals Continue Reading
-
News
31 Jan 2023
Russian DDoS hacktivists seen targeting western hospitals
A swathe of attacks by the Putin-supporting DDoS operation known as Killnet has targeted hospitals and other infrastructure in several Nato countries, with the UK thought to be at risk Continue Reading
-
News
31 Jan 2023
GitHub warns Desktop, Atom users after code-signing certificates pinched
Threat actors stole encrypted code-signing certificates for GitHub’s Desktop and Atom applications in December 2022, prompting warnings for users Continue Reading
-
News
31 Jan 2023
ATO renews major Macquarie deal
The contract renewal will enable the Australian Tax Office to tap Macquarie’s security operations centre, among other services, to secure its IT environment and protect sensitive data Continue Reading
-
News
26 Jan 2023
Zero-trust implementations remain work in progress
Just one in 10 large enterprises are expected to have mature and measurable zero-trust programmes in place by 2026, study finds Continue Reading
-
News
25 Jan 2023
Boards struggle to resolve cyber risk in digital supply chains
Accelerated digitisation of supply chains is introducing more cyber risk for which many organisations seem unprepared, according to the BSI’s annual report on supply chain risk Continue Reading
-
News
24 Jan 2023
Chinese IoT suppliers expose UK businesses to espionage and data theft
Chinese companies supplying network components, known as IoT modules, post a greater long-term threat to UK security than the now banned 5G supplier Huawei, according to a study by a Chinese expert and former diplomat Continue Reading
-
News
24 Jan 2023
UK insurers need to up their game on cyber gaps, says PRA
Gaps and limitations in how insurers respond to cyber risk need to be addressed, according to the Bank of England regulator, the Prudential Regulation Authority Continue Reading
-
Feature
24 Jan 2023
IT’s shift to the cloud: Veeam’s data protection report in detail
With half of servers in the cloud, most backup and nearly all disaster recovery cloud-centric, the shift to the cloud is significant – but container backup is one area that is yet to settle down Continue Reading
-
News
24 Jan 2023
SSRF attacks hit 100,000 businesses globally since November
There has been a dramatic increase in attacks exploiting the ProxyNotShell/OWASSRF exploit chains to target Microsoft Exchange servers Continue Reading
-
News
23 Jan 2023
Trellix automates patching for 62,000 vulnerable open source projects
Since revealing startling statistics about the prevalence of a 15-year-old Python vulnerability, Trellix says it has helped fix almost 62,000 vulnerable projects in the past four months Continue Reading
-
Opinion
23 Jan 2023
The rise of fraud in pop culture is impacting consumers’ digital trust
Shows such as The Tinder Swindler and Inventing Anna were big money-earners for Netflix in 2022, but Onfido’s Mike Tuchen says their popularity risks damaging consumer trust Continue Reading
-
News
23 Jan 2023
Royal Society calls on public sector to pilot privacy tech
The Royal Society says public sector bodies should lead the way in piloting privacy-enhancing technologies to unlock the value of data without compromising privacy and data rights, but lack of standards and incentives mean adoption is slow Continue Reading
-
News
23 Jan 2023
NCSC warning over cyber risk to charity sector
Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC Continue Reading
-
News
22 Jan 2023
Royal Mail making limited progress on ransomware recovery
Royal Mail asks customers to hold back from sending post overseas as some services get back on track, while a report warns that disruptive attacks on critical infrastructure are set to become more common Continue Reading
-
Guest Post
20 Jan 2023
Effective business continuity requires evolution and a plan
Investment in business continuity is one of the best ways to get an organization back on its feet during and after an incident. Updated plans are critical to avoid a crisis. Continue Reading
-
News
20 Jan 2023
Veeam survey finds ransomware blocks digital transformation
Annual report shows secular trend to the cloud and increased use of containers, but prevalence of ransomware attacks means digital transformation is hindered Continue Reading
-
News
20 Jan 2023
WhatsApp’s £4.8m fine raises questions for organisations using behavioural advertising
The Irish Data Protection Commissioner has fined WhatsApp, owned by Meta, in a case that will raise questions for organisations that rely on contracts rather than consent to comply with GDPR when offering behavioural advertising Continue Reading
-
News
19 Jan 2023
Outdated IT infrastructure poses growing risk to UK Security Vetting
Delays to UKSV’s important work in safeguarding the country’s national security are in part down to a legacy IT estate in dire need of modernisation, says the NAO Continue Reading
-
News
18 Jan 2023
Ukraine CERT leaders touch down in London for talks
The UK’s NCSC has been hosting Ukrainian cyber security leaders for a round of bilateral talks on improving resilience Continue Reading
-
News
18 Jan 2023
Ukraine cyber teams responded to more than 2,000 attacks in 2022
The Ukrainian authorities responded to more than 2,000 major cyber incidents during 2022, and are blocking thousands more potential attacks every day Continue Reading
-
News
17 Jan 2023
Crest throws support behind CyberUp CMA reform campaign
Cyber accreditation association Crest International has lent its support to the CyberUp campaign for reform to the Computer Misuse Act of 1990 Continue Reading
-
E-Zine
16 Jan 2023
CW EMEA: Protecting the privacy of schoolchildren
In this month’s CW EMEA, we look at how schools in Germany have stopped using Microsoft Office 365 over lack of clarity over how data is collected, shared and used. We also delve into how former UK spy boss Richard Dearlove leaked names of MI6 secret agent recruiters in China to back an aggressive right-wing US campaign against tech company Huawei. Read the issue now. Continue Reading
-
News
14 Jan 2023
Experts concerned over silence around government obligation to review UK surveillance laws
The government is required to review the UK’s surveillance law, the Investigatory Powers Act, but experts say they are in the dark about its plans. The National Crime Agency’s operation Venetic has highlighted the need for urgent reforms Continue Reading
-
News
12 Jan 2023
Companies warned to step up cyber security to become ‘insurable’
Investing in better IT security to protect against cyber crime will make businesses more resilient against other risks Continue Reading
-
News
12 Jan 2023
Chrome vulnerability could have led to widespread data theft
A dangerous vulnerability in Google Chrome and Chromium-based browsers could have put billions of users’ files at risk of being stolen Continue Reading
-
Opinion
12 Jan 2023
Europe’s cyber security strategy must be clear about open source
Europe’s cyber security policy on open source is lagging behind the US, and despite growing government awareness of the issues, that poses a problem Continue Reading
-
News
11 Jan 2023
Should we be worried about malicious use of AI language models?
WithSecure research into GPT-3 language models, used by the likes of ChatGPT, surfaces concerning findings about how easy it is to use large language models for malicious purposes. Should security teams be concerned? Continue Reading
-
News
11 Jan 2023
Internet shutdowns cost global economy $24bn in 2022
Deliberate disruption of people’s access to the internet by governments is having a substantial economic impact and contributing to a range of human rights abuses, primarily against protestors Continue Reading
-
News
11 Jan 2023
Davos 2023: Pervasive cyber crime and cyber security gaps pose severe risk to organisations
Governments and organisations face tough trade-offs as they balance immediate problems caused by economic recession, energy shortages and rising interest rates with longer-term risks, including the impact of global warming Continue Reading
-
News
11 Jan 2023
What’s happening with quantum-safe cryptography?
Chinese researchers claim quantum technology is reaching a point where a quantum device will soon be able to crack RSA 2048 public key encryption Continue Reading
-
News
10 Jan 2023
New APT group targets ASEAN governments and militaries
The Dark Pink advanced persistent threat group used custom malware to exfiltrate data from high-profile targets through spear-phishing emails last year, according to Group-IB Continue Reading
-
News
10 Jan 2023
Insurer Beazley introduces catastrophe bond to ease cyber risk
Insurance company Beazley says that its $45m cyber catastrophe bond will help to protect its balance sheet and enable it to offer more cyber insurance cover Continue Reading
-
News
08 Jan 2023
Vulnerable organisations to get free Cyber Essentials support
Charities and legal aid firms are among those to be offered free security checks and certifications from the National Cyber Security Centre Continue Reading
-
News
06 Jan 2023
Proposed digital fraud refund rules risk excluding many victims
Proposals to establish a fraud refund mechanism in the UK risk excluding many victims of digitally enabled fraud, a major bank has warned Continue Reading
-
News
06 Jan 2023
Russia’s Turla falls back on old malware C2 domains to avoid detection
Mandiant says it has observed the Russian APT UNC2410, also known as Turla, re-registering expired or sinkholed domains previously used by financially motivated cyber criminals Continue Reading
-
News
05 Jan 2023
Warning over ransomware attacks spreading via Fortinet kit
Following the disclosure of a critical vulnerability in October 2022, Fortinet VPN devices were exploited in two known ransomware attacks, with access likely sold on the dark web Continue Reading
-
News
05 Jan 2023
Cashless Denmark has no bank robberies in a year for first time
Denmark saw no bank robberies in a single year for the first time ever, but online fraud continues to increase Continue Reading
-
Feature
05 Jan 2023
Securing low Earth orbit represents the new space race
The barriers to launching satellites into low Earth orbit are falling fast, and that brings new cyber security challenges Continue Reading
-
News
02 Jan 2023
China and India governments among top targets for cyber attackers
Chinese and Indian governments targeted by hacktivists and ransomware groups out to make statement or expose flaws in their respective security postures Continue Reading
-
Feature
29 Dec 2022
Cyber security professionals share their biggest lessons of 2022
In the run-up to 2023, cyber security professionals are taking the time to reflect on the past few months and share their biggest lessons of 2022 Continue Reading
-
Opinion
29 Dec 2022
How does red teaming test the ultimate limits of cyber security?
An expert ethical hacker reveals how he goes about carrying out a red team exercise Continue Reading
-
Opinion
28 Dec 2022
Why the current fraud model is broken, and how to fix it
Scammers and fraudsters are catching up with the good guys; a new technological approach is needed to fight skyrocketing volumes of digital fraud, says Darwinium founder Alisdair Faulkner Continue Reading
-
News
28 Dec 2022
Complaints that NCA failed in duty of candour over EncroChat warrants ‘incredible’, court hears
NCA lawyers argue that a decision by an NCA intelligence officer to disclose notes of a key meeting after two-and-a-half years boosts her credibility as a witness Continue Reading