Regulatory compliance and standard requirements

Top 10 investigative stories of 2019

Here are Computer Weekly’s top 10 investigative stories of 2019 Continue Reading

By

• Bill Goodwin, Computer Weekly

Top 10 enterprise IT in the Middle East stories of 2019

Here are Computer Weekly’s top 10 enterprise IT in the Middle East stories of 2019 Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Top 10 cyber crime stories of 2019

Here are Computer Weekly’s top 10 cyber crime stories of 2019 Continue Reading

By

• Alex Scroxton, Security Editor

Top 10 cyber security stories of 2019

Here are Computer Weekly’s top 10 cyber security stories of 2019 Continue Reading

By

• Alex Scroxton, Security Editor

Finnish government supports local authorities in cyber security initiative

The Finnish government has committed resources to a cyber security project aimed at local authorities Continue Reading

By

• Gerard O'Dwyer

EU court opinion finds EU-US data transfers lawful but raises questions over Privacy Shield

The Advocate General of the European Court says standard contractual clauses are lawful, but raises questions over the impact of US surveillance on the legality of Privacy Shield Continue Reading

By

• Bill Goodwin, Computer Weekly

Facebook: Legality of EU-US data sharing to be decided by Court of Justice

The Advocate General of the European Court of Justice will give an opinion on the legality of EU-US data transfers that could have major implications for big tech companies and US government mass surveillance practices Continue Reading

By

• Bill Goodwin, Computer Weekly

Top 10 Australia IT stories of 2019

Here are Computer Weekly’s top 10 Australia IT stories of 2019 Continue Reading

By

• Aaron Tan, TechTarget

Group-IB CEO talks up global threat landscape

Public attribution of cyber attacks could backfire while a global cyber norms framework won’t emerge until a catastrophic incident occurs, says the head of Singapore-based Group-IB Continue Reading

By

• Aaron Tan, TechTarget

Can Europe legally share data with the US? A court far away is about to decide

The European Court of Justice will deliver an opinion on whether Europe can legally continue to send private data about European citizens to the US Continue Reading

By

• Kevin Cahill

Security Think Tank: Data-centric security requires a holistic approach

The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading

By

• James Walsh, Fieldfisher

We can’t allow fake news and disinformation to upend our democracy

Fake news, misinformation and cyber attacks are part of our political process – now is the time to act Continue Reading

By

• Andrew Roughan, Plexal

Best practices to help CISOs prepare for CCPA

With the CCPA taking effect in 2020, check out security chiefs' best practices to get ahead and stay ahead of impending data privacy and protection compliance regulations. Continue Reading

By

• Sandra Gittlen

The art of surveillance: the Stasi archives and the Investigatory Powers Act

A photographic exhibition captures the chilling impact of surveillance in the UK and the former German Democratic Republic Continue Reading

By

• Rose Butler, Sheffield Hallam University

Scottish Justice Committee wants extra powers for biometrics commissioner

Members of Scottish Parliament in the Justice Committee have welcomed the creation of a biometrics commissioner for Scotland, but want ensure that they have the ‘necessary teeth’ for the job Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

China bans foreign computing kit from government contracts

All government offices and public institutions must eliminate foreign hardware and software within three years, according to a leaked directive dubbed 3-5-2 Continue Reading

By

• Alex Scroxton, Security Editor

Dutch government must facilitate and coordinate a broad eID system

The Dutch government should push for an electronic ID system for its citizens that works across the public and private sectors, according to a report Continue Reading

By

• Kim Loohuis

Security Think Tank: Time for a devolution of responsibility

The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading

By

• Mike Gillespie

Black Hat Europe: Mental health websites are leaking user data

At Black Hat Europe in London, researchers reveal the extent to which confidential data is being leaked to third parties by online mental health websites Continue Reading

By

• Alex Scroxton, Security Editor

Black Hat Europe: Red teams and blue teams must evolve in the 2020s

The red team versus blue team dichotomy is somewhat arbitrary and risks pigeonholing skilled security professionals into certain roles, says Facebook’s Amanda Rousseau Continue Reading

By

• Alex Scroxton, Security Editor

Security Think Tank: Optimise data-centric strategies with AI

The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading

By

• Stuart Lyons, PA Consulting

Cyber security: How to avoid a disastrous PICNIC

Fieldfisher’s David Lorimer examines how individual employees often facilitate cyber attacks, and what can be done to reduce the risk Continue Reading

By

• David Lorimer, Fieldfisher

Survey finds most firms don’t respond to GDPR requests in time

Most organisations do not respond to requests for GDPR data in the one month allowed, while many return incorrect data. The education sector does best, but the public sector lags behind Continue Reading

By

• Antony Adshead, Storage Editor

Chinese web users take more risks than Brits or Americans

A research paper published by the University of Birmingham seems to show that differences in cultural values have an impact both on risky behaviour online and legal regulation Continue Reading

By

• Alex Scroxton, Security Editor

Hack Friday: This Christmas, fight back against cyber criminals

It’s nearly Christmas, and cyber attacks and fraud attempts in the retail sector are ramping up. Is it time to panic? And is there anything we can do beyond hammering home the message around basic cyber security hygiene? Continue Reading

By

• Alex Scroxton, Security Editor

Get ready for CCPA: Implications for UK businesses

The California Consumer Privacy Act, a wide-ranging data privacy and consumer protection law, comes into effect on 1 January 2020. How does CCPA differ from the EU GDPR regulations and what are the responsibilities for UK businesses operating in the US? Continue Reading

By

• Peter Ray Allison

Top APAC security predictions for 2020

More attacks on critical infrastructure, supply chain vulnerabilities and file-less attacks are some of the security threats that enterprises should keep an eye on next year Continue Reading

By

• Aaron Tan, TechTarget

Enterprises muddled over cloud security responsibilities

A McAfee study suggests that 2020 will be a big year for cloud adoption, but confusion still persists over who is responsible for securing it Continue Reading

By

• Alex Scroxton, Security Editor

Facebook undermined rivals in bid to dominate global messaging

Facebook used buyouts and bullying tactics towards competitors to grow its business empire, documents leaked to Computer Weekly reveal Continue Reading

By

• Bill Goodwin, Computer Weekly
• Crina Boros

Uber app exploit posed safety risk to passengers

A flaw in Uber’s system meant thousands of trips in London were taken with unauthorised drivers at the wheel Continue Reading

By

• Alex Scroxton, Security Editor

IT chiefs recognise the risks of artificial intelligence bias

Artificial intelligence promises to change the way businesses operate. IT leaders are now taking bias in AI algorithms seriously Continue Reading

By

• Cliff Saran, Managing Editor

Druva eyes data protection for IoT workloads

Cloud data protection software supplier Druva is looking at a comprehensive platform that will protect data generated by IoT workloads Continue Reading

By

• Aaron Tan, TechTarget

British Airways cancels flights due to technical issue

British Airways customers are suffering delays and cancellations as a result as a technical issue Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Security Think Tank: Stopping data leaks in the cloud

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

By

• Cath Goulding, Nominet

How Nicigas is disrupting Japan’s gas market with IoT

Japanese energy retailer Nicigas is deploying 850,000 IoT devices to convert traditional gas meters into smart meters to unlock consumption data amid efforts to shake up the utilities industry Continue Reading

By

• Aaron Tan, TechTarget

Public sector risks downplayed by senior IT leaders

Sophos reveals a significant cyber security perception gap between senior IT and security leaders in the public sector and their front-line teams Continue Reading

By

• Alex Scroxton, Security Editor

ICO says UK police must ‘slow down’ use of facial recognition

The Information Commissioner’s Office is calling for a statutory code of practice to govern how police in the UK deploy live facial recognition technology while controversy surrounding its use continues. Continue Reading

Cyber criminals tool up for Christmas fraud season

Organised criminals are trying to cash in on the festive retail boom with both brand new and tried-and-tested techniques Continue Reading

By

• Alex Scroxton, Security Editor

What the EU’s decision on Facebook means for social media

Recent ruling by the Court of Justice of the European Union will have global implications for social media companies and any organisations that host online content Continue Reading

By

• Peter Ray Allison

Business must engage with consumers to boost AI

Artificial intelligence is set to become a core part of business, but to get the most from it, enterprises need to engage with consumers to focus personalisation Continue Reading

By

• Cliff Saran, Managing Editor

Taking responsibility for security in the cloud

From accidental leaks to full-on data breaches, maintaining security across cloud services is becoming a headache for enterprises. What questions should organisations be asking of their cloud service provider and, ultimately, whose responsibility is cloud security anyway? Continue Reading

By

• Peter Ray Allison

Cyber risk insurance is more than just insurance

Insurance companies such as Chubb are offering incident response services and security tools to help companies improve their cyber security posture and better cope with cyber attacks Continue Reading

By

• Aaron Tan, TechTarget

Nordic SMEs lack the money needed for cyber security

Businesses and governments in Denmark and Norway are working together to address a cyber security shortfall for SMEs in each country Continue Reading

By

• Gerard O'Dwyer

PCI DSS payment security compliance drops again

Worldwide, barely one-third of companies are maintaining full compliance with the PCI DSS security standard – and the numbers are falling Continue Reading

By

• Alex Scroxton, Security Editor

Security Think Tank: Base cloud security posture on your data footprint

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

By

• Rob Clyde, Isaca

Security Think Tank: Cloud security is a shared responsibility

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

By

• Paddy Francis

Security in the supply chain – a post-GDPR approach

A year and a half after the introduction of the EU’s General Data Protection Regulation, Fieldfisher's James Walsh reviews the fundamentals of supply chain security Continue Reading

By

• James Walsh, Fieldfisher

Navigate PII data protection and GDPR to meet privacy mandates

Know the commonalities surrounding personally identifiable information to better navigate and comply with the regulations and penalties IT managers must contend with today. Continue Reading

By

• Marc Staimer, Dragon Slayer Consulting

Lawmakers study leaked Facebook documents made public today

Computer Weekly publishes cache of leaked documents disclosed to Congress Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor
• Bill Goodwin, Computer Weekly

What changes are needed to create a cyber-savvy culture?

PA Consulting's Cate Pye considers the people and process changes that are necessary to build a security aware business culture Continue Reading

By

• Cate Pye, PA Consulting

Huawei: 5G growth will be maintained with or without US tech supply

Huawei dismisses US tech sabre-rattling and claims it will continue robust business growth in 5G with or without US suppliers Continue Reading

By

• Joe O’Halloran, Computer Weekly

Security Think Tank: Adapt security posture to your cloud model

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

By

• Maxine Holt, Omdia

Security Think Tank: The cloud needs security by design

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

By

• Simon Persin, Turnkey Consulting

The benefits of API-first software development

In this week’s Computer Weekly, we find out how organisations are using an API-based approach to software development to boost digital initiatives. We examine the potential pitfalls in using cloud storage. And we talk to the Department for Work and Pensions about its four-year project to move from outsourced IT to the cloud. Read the issue now. Continue Reading

Gartner: The time is right to make IT a boardroom issue

In many businesses, IT is regarded as an internal service provider and cost centre. Gartner says now is the best time for CIOs to make IT strategic Continue Reading

By

• Cliff Saran, Managing Editor

Security Think Tank: Secure the cloud when negotiating contracts

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

By

• Petra Wenham

Making the case for integrated risk management

Security experts discuss how an integrated approach to risk and governance can be effectively managed Continue Reading

By

• Cliff Saran, Managing Editor

General Election sees UK government defer ‘high-risk’ 5G tech supplier review

Decision on allowing so-called high-risk suppliers access to the UK’s market for 5G infrastructure delayed due to 12 December poll Continue Reading

By

• Joe O’Halloran, Computer Weekly

ICO says UK police must ‘slow down’ use of facial recognition

The Information Commissioner’s Office is calling for a statutory code of practice to govern how police in the UK deploy live facial recognition technology while controversy surrounding its use continues Continue Reading

By

• Sebastian Klovig Skelton , Senior reporter

Security Think Tank: In the cloud, the buck stops with you

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

By

• Mike Gillespie

Banks let customers down with mixed approaches to security

Treasury Committee report recommends new measures to tackle financial fraud Continue Reading

By

• Alex Scroxton, Security Editor

Facebook agrees to pay £500,000 fine over Cambridge Analytica data law breaches

Social media giant also promises to change the way its platform is used to protect people’s data Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Alibaba Cloud earns security credentials in automotive and healthcare sectors

Alibaba Cloud’s compliance with Tisax and GxP follows earlier efforts by major public cloud suppliers to win over enterprises with strict data protection and security rules Continue Reading

By

• Aaron Tan, TechTarget

What will succeed the National Cyber Security Strategy?

As the National Cyber Security Strategy nears the end of its working life, the government is considering what comes next, and is asking probing questions of its successes and failures Continue Reading

By

• Alex Scroxton, Security Editor

IR35 reforms – the difficult decisions facing IT contractors

In this week’s Computer Weekly, we examine the difficult choices facing UK IT contractors from the controversial IR35 tax reforms. Social engineering is a major source of cyber security attacks – we look at mitigation strategies. And the IT chief at Mercedes F1 explains what it takes to support a world championship team. Read the issue now. Continue Reading

Security Think Tank: Embedding security in governance

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

By

• Sandeep Godbole, ISACA

Take responsibility for cyber security basics, urges NCSC CEO

At the launch of its third annual review, NCSC head Ciaran Martin appealed for individuals and businesses to address the fundamentals of cyber security hygiene to help lighten the load Continue Reading

By

• Alex Scroxton, Security Editor

Brexit: Withdrawal agreement lists EU IT data link beyond transition

Document lists system-to-system IT and network connectivity that will be required after the UK leaves the European Union Continue Reading

By

• Cliff Saran, Managing Editor

Security threat landscape becomes more organised and business-like

Approaches to securing the enterprise need to change in the face of a rapidly maturing threat landscape Continue Reading

By

• Alex Scroxton, Security Editor

Security Think Tank: Focus on metrics to manage risk

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading

By

• Eoin Keary

Emerging markets’ mobile financial services transactions set to surpass $1tn in by 2024

Mobile financial services transaction value will grow by 70% from 2019 to 2014 to total more than $1tn, driven by markets such as Latin America and Cico transactions Continue Reading

By

• Joe O’Halloran, Computer Weekly

Security Think Tank: Embed security professionals in your risk strategy

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

By

• Deshini Newman, (ISC)²

Security Think Tank: Risk management must go beyond spreadsheets

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading

By

• Richard Hunt, Turnkey Consulting

Securing the internet of things

In this week’s Computer Weekly, as security concerns prevent many organisations from adopting the internet of things, we examine mitigation strategies. Many firms are still struggling with GDPR policies – we assess if full compliance is ever possible. And we look at the technologies for delivering on-premise object storage. Read the issue now. Continue Reading

PCI DSS: Credit card data and what to expect from version 4.0

We preview October’s PCI Europe Community Meeting where attendees will discuss credit card payment data, with topics covered likely to include the cloud and point-to-point encryption Continue Reading

By

• Antony Adshead, Storage Editor

GDPR compliance: Whose job is it and is it really possible?

Nobody seems to have a good handle on business GDPR compliance, how many businesses are compliant, or indeed what compliance really is, but according to security experts, it very much depends on who you talk to. Continue Reading

Security Think Tank: Consider risk holistically, not just from an IT angle

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading

By

• Paddy Francis

Zuckerberg’s mentor condemns Facebook’s business practices

Long-time Silicon Valley investor speaks out against surveillance capitalism and the lack of rules and regulations governing big tech’s behaviour Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Data management strategies are evolving – so must enterprises

A growing number of data-driven initiatives, alongside heightened demand for security in governance, data management and compliance, has led to the rise of a more holistic approach – integrated risk management Continue Reading

By

• Peter Ray Allison

Small business guide: How to keep your organisation secure from fraudsters and hackers

Doing a few things well can keep your organisation protected from common cyber attacks and fraudsters Continue Reading

By

• Jan Youngren

Security Think Tank: The operational approach to integrated risk management

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

By

• Simon Persin, Turnkey Consulting

Security Think Tank: Risk is unavoidable in digital transformation

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

By

• Maxine Holt, Omdia

UK and US call on Facebook to walk back encryption plans

The US, Australian and UK governments have asked Facebook to ditch plans to deploy end-to-end encryption across Facebook Messenger, Instagram and WhatsApp Continue Reading

By

• Alex Scroxton, Security Editor

IT contractor charged over cyber attack on property valuation firm

Australian police charge 49-year-old man with stealing and posting more than 170,000 data records belonging to ASX-listed Landmark White on the dark web Continue Reading

By

• Beverley Head

Singapore outlines initiatives to tackle OT and IoT security

The Cyber Security Agency of Singapore has developed a blueprint to secure operational technology systems in critical sectors, among other measures to secure cyber-physical systems and the internet of things Continue Reading

By

• Aaron Tan, TechTarget

ABN Amro investigation lends weight to anti-money laundering collaboration by Dutch banks

Dutch authorities are investigating ABN Amro for possible failures to monitor and report potential money laundering activity Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

GDPR compliance: Whose job is it and is it really possible?

Nobody seems to have a good handle on business GDPR compliance, how many businesses are compliant, or indeed what compliance really is, but according to security experts, it very much depends on who you talk to Continue Reading

By

• Alex Scroxton, Security Editor

Singapore payment card data compromised by JavaScript sniffers

Raw data of thousands of payment cards issued by Singapore banks stolen by the online equivalent of a traditional card sniffer Continue Reading

By

• Aaron Tan, TechTarget

European court to decide on legality of bulk phone and internet surveillance

The European Court of Justice will decide whether intelligence agencies across Europe can continue to lawfully collect the telephone and internet communications data of citizens, following a two-day hearing this week Continue Reading

By

• Bill Goodwin, Computer Weekly

Dutch banks to work together in fight against money laundering

Dutch banks are sharing expertise and resources to help reduce money laundering through their accounts Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Government seeks views on post-Brexit security alignment

The government has called for views on its proposals to align the UK’s post-Brexit cyber security policy to that of the European Union Continue Reading

By

• Alex Scroxton, Security Editor

Nordic countries deepen collaboration with Estonia-based cyber security operation

Nordic countries are now working closer with Nato’s Estonia-based centre of excellence in cyber security Continue Reading

By

• Gerard O’Dwyer

GDPR non-compliance worse than feared

Over half of UK businesses do not yet appear to be fully GDPR-compliant, and many have de-prioritised their compliance efforts Continue Reading

By

• Alex Scroxton, Security Editor

UK calls for cyber capacity-building at UN security group

The UK’s representative to a United Nations cyber security working group has called for increased investment in capacity around cyber security Continue Reading

By

• Alex Scroxton, Security Editor

Terror watchlist faces reform after court rules it violates rights of people entering US

A secret US terrorist database containing information on more than 1.2 million people – who face repeated interrogations, detentions and electronic searches – violates constitutional rights, a US judge said last week Continue Reading

By

• Bill Goodwin, Computer Weekly

Data-driven marketing, the real risk boards are missing

Boards need to act to break the cycle of privacy compliance failures, and shift focus to aligning business purpose with privacy and dealing with the real risk of data driven marketing, warns PwC’s GDPR and data protection lead Continue Reading

By

• Warwick Ashford, Senior analyst

Australia government to chart 2020 cyber security strategy

Australia’s home affairs ministry has released a discussion paper to seek views from all segments of society on the country’s next cyber security blueprint Continue Reading

By

• Aaron Tan, TechTarget

Security pros doubt officials can enact effective security laws

Elected officials cannot be trusted to enact effective cyber security legislation and social media firms should be subject to strict privacy regulation, according to most information security professionals in a survey Continue Reading

By

• Warwick Ashford, Senior analyst

Tide Foundation aims to boost password security

While passwordless security remains just out of reach, a non-profit organisation has developed a mechanism that it says makes passwords exponentially more difficult to crack Continue Reading

By

• Warwick Ashford, Senior analyst

Latest Facebook security lapse exposes millions to account hijack

18 million UK users are among the more than 400 million at risk of account hijacking after phone numbers linked to their Facebook accounts were found in an open online database Continue Reading

By

• Warwick Ashford, Senior analyst