Regulatory compliance and standard requirements

Security Think Tank: In the cloud, the buck stops with you

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

By

• Mike Gillespie

Banks let customers down with mixed approaches to security

Treasury Committee report recommends new measures to tackle financial fraud Continue Reading

By

• Alex Scroxton, Security Editor

Facebook agrees to pay £500,000 fine over Cambridge Analytica data law breaches

Social media giant also promises to change the way its platform is used to protect people’s data Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Alibaba Cloud earns security credentials in automotive and healthcare sectors

Alibaba Cloud’s compliance with Tisax and GxP follows earlier efforts by major public cloud suppliers to win over enterprises with strict data protection and security rules Continue Reading

By

• Aaron Tan, TechTarget

What will succeed the National Cyber Security Strategy?

As the National Cyber Security Strategy nears the end of its working life, the government is considering what comes next, and is asking probing questions of its successes and failures Continue Reading

By

• Alex Scroxton, Security Editor

IR35 reforms – the difficult decisions facing IT contractors

In this week’s Computer Weekly, we examine the difficult choices facing UK IT contractors from the controversial IR35 tax reforms. Social engineering is a major source of cyber security attacks – we look at mitigation strategies. And the IT chief at Mercedes F1 explains what it takes to support a world championship team. Read the issue now. Continue Reading

Security Think Tank: Embedding security in governance

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

By

• Sandeep Godbole, ISACA

Take responsibility for cyber security basics, urges NCSC CEO

At the launch of its third annual review, NCSC head Ciaran Martin appealed for individuals and businesses to address the fundamentals of cyber security hygiene to help lighten the load Continue Reading

By

• Alex Scroxton, Security Editor

Brexit: Withdrawal agreement lists EU IT data link beyond transition

Document lists system-to-system IT and network connectivity that will be required after the UK leaves the European Union Continue Reading

By

• Cliff Saran, Managing Editor

Security threat landscape becomes more organised and business-like

Approaches to securing the enterprise need to change in the face of a rapidly maturing threat landscape Continue Reading

By

• Alex Scroxton, Security Editor

Security Think Tank: Focus on metrics to manage risk

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading

By

• Eoin Keary

Emerging markets’ mobile financial services transactions set to surpass $1tn in by 2024

Mobile financial services transaction value will grow by 70% from 2019 to 2014 to total more than $1tn, driven by markets such as Latin America and Cico transactions Continue Reading

By

• Joe O’Halloran, Computer Weekly

Security Think Tank: Embed security professionals in your risk strategy

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

By

• Deshini Newman, (ISC)²

Security Think Tank: Risk management must go beyond spreadsheets

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading

By

• Richard Hunt, Turnkey Consulting

Securing the internet of things

In this week’s Computer Weekly, as security concerns prevent many organisations from adopting the internet of things, we examine mitigation strategies. Many firms are still struggling with GDPR policies – we assess if full compliance is ever possible. And we look at the technologies for delivering on-premise object storage. Read the issue now. Continue Reading

PCI DSS: Credit card data and what to expect from version 4.0

We preview October’s PCI Europe Community Meeting where attendees will discuss credit card payment data, with topics covered likely to include the cloud and point-to-point encryption Continue Reading

By

• Antony Adshead, Storage Editor

GDPR compliance: Whose job is it and is it really possible?

Nobody seems to have a good handle on business GDPR compliance, how many businesses are compliant, or indeed what compliance really is, but according to security experts, it very much depends on who you talk to. Continue Reading

Security Think Tank: Consider risk holistically, not just from an IT angle

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading

By

• Paddy Francis

Zuckerberg’s mentor condemns Facebook’s business practices

Long-time Silicon Valley investor speaks out against surveillance capitalism and the lack of rules and regulations governing big tech’s behaviour Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Data management strategies are evolving – so must enterprises

A growing number of data-driven initiatives, alongside heightened demand for security in governance, data management and compliance, has led to the rise of a more holistic approach – integrated risk management Continue Reading

By

• Peter Ray Allison

Small business guide: How to keep your organisation secure from fraudsters and hackers

Doing a few things well can keep your organisation protected from common cyber attacks and fraudsters Continue Reading

By

• Jan Youngren

Security Think Tank: The operational approach to integrated risk management

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

By

• Simon Persin, Turnkey Consulting

Security Think Tank: Risk is unavoidable in digital transformation

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

By

• Maxine Holt, Omdia

UK and US call on Facebook to walk back encryption plans

The US, Australian and UK governments have asked Facebook to ditch plans to deploy end-to-end encryption across Facebook Messenger, Instagram and WhatsApp Continue Reading

By

• Alex Scroxton, Security Editor

IT contractor charged over cyber attack on property valuation firm

Australian police charge 49-year-old man with stealing and posting more than 170,000 data records belonging to ASX-listed Landmark White on the dark web Continue Reading

By

• Beverley Head

Singapore outlines initiatives to tackle OT and IoT security

The Cyber Security Agency of Singapore has developed a blueprint to secure operational technology systems in critical sectors, among other measures to secure cyber-physical systems and the internet of things Continue Reading

By

• Aaron Tan, TechTarget

ABN Amro investigation lends weight to anti-money laundering collaboration by Dutch banks

Dutch authorities are investigating ABN Amro for possible failures to monitor and report potential money laundering activity Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

GDPR compliance: Whose job is it and is it really possible?

Nobody seems to have a good handle on business GDPR compliance, how many businesses are compliant, or indeed what compliance really is, but according to security experts, it very much depends on who you talk to Continue Reading

By

• Alex Scroxton, Security Editor

Singapore payment card data compromised by JavaScript sniffers

Raw data of thousands of payment cards issued by Singapore banks stolen by the online equivalent of a traditional card sniffer Continue Reading

By

• Aaron Tan, TechTarget

European court to decide on legality of bulk phone and internet surveillance

The European Court of Justice will decide whether intelligence agencies across Europe can continue to lawfully collect the telephone and internet communications data of citizens, following a two-day hearing this week Continue Reading

By

• Bill Goodwin, Computer Weekly

Dutch banks to work together in fight against money laundering

Dutch banks are sharing expertise and resources to help reduce money laundering through their accounts Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Government seeks views on post-Brexit security alignment

The government has called for views on its proposals to align the UK’s post-Brexit cyber security policy to that of the European Union Continue Reading

By

• Alex Scroxton, Security Editor

Nordic countries deepen collaboration with Estonia-based cyber security operation

Nordic countries are now working closer with Nato’s Estonia-based centre of excellence in cyber security Continue Reading

By

• Gerard O’Dwyer

GDPR non-compliance worse than feared

Over half of UK businesses do not yet appear to be fully GDPR-compliant, and many have de-prioritised their compliance efforts Continue Reading

By

• Alex Scroxton, Security Editor

UK calls for cyber capacity-building at UN security group

The UK’s representative to a United Nations cyber security working group has called for increased investment in capacity around cyber security Continue Reading

By

• Alex Scroxton, Security Editor

Terror watchlist faces reform after court rules it violates rights of people entering US

A secret US terrorist database containing information on more than 1.2 million people – who face repeated interrogations, detentions and electronic searches – violates constitutional rights, a US judge said last week Continue Reading

By

• Bill Goodwin, Computer Weekly

Data-driven marketing, the real risk boards are missing

Boards need to act to break the cycle of privacy compliance failures, and shift focus to aligning business purpose with privacy and dealing with the real risk of data driven marketing, warns PwC’s GDPR and data protection lead Continue Reading

By

• Warwick Ashford, Senior analyst

Australia government to chart 2020 cyber security strategy

Australia’s home affairs ministry has released a discussion paper to seek views from all segments of society on the country’s next cyber security blueprint Continue Reading

By

• Aaron Tan, TechTarget

Security pros doubt officials can enact effective security laws

Elected officials cannot be trusted to enact effective cyber security legislation and social media firms should be subject to strict privacy regulation, according to most information security professionals in a survey Continue Reading

By

• Warwick Ashford, Senior analyst

Tide Foundation aims to boost password security

While passwordless security remains just out of reach, a non-profit organisation has developed a mechanism that it says makes passwords exponentially more difficult to crack Continue Reading

By

• Warwick Ashford, Senior analyst

Latest Facebook security lapse exposes millions to account hijack

18 million UK users are among the more than 400 million at risk of account hijacking after phone numbers linked to their Facebook accounts were found in an open online database Continue Reading

By

• Warwick Ashford, Senior analyst

CISOs think cloud safer, but security fears remain

The majority of information security leaders think cloud is now safer than on-premise, but security fears remain, with recently breached and highly regulated organisations most concerned, poll reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Finland’s security agencies collaborate after cyber attacks

National Bureau of Investigations and National Cyber Security Centre aim to increase expertise and capability to defend Finland’s critical IT infrastructure Continue Reading

By

• Gerard O'Dwyer

Kaspersky eyes enterprise business, opens APAC transparency hub

The security firm wants to engage with enterprises and use its newly launched Malaysian Transparency Centre to burnish its credentials Continue Reading

By

• Edwin Yapp

A helping hand from the Nordics in the eye of the GDPR storm

Nordic IT companies are well suited to supporting enterprises in their data protection projects, even though openness is more natural to them Continue Reading

By

• Matthew Staff

Tech firms join forces to boost cloud security

Top tech firms are to collaborate on open source technologies, tools, frameworks and standards that accelerate the adoption of confidential computing to boost security in cloud and edge computing Continue Reading

By

• Warwick Ashford, Senior analyst

ICO to probe facial recognition at King’s Cross

UK privacy watchdog is to investigate whether the use of live facial recognition technology at King’s Cross complies with data protection laws Continue Reading

By

• Warwick Ashford, Senior analyst

How C3M is easing multi-cloud management

Managing and securing access to multiple public cloud services can be a challenge for enterprises that are embarking on a multi-cloud strategy. Besides making sure that only authorised members of ... Continue Reading

By

• Aaron Tan, TechTarget

Australia needs to get digital identity right

A top Ping Identity executive urges Australia to put more focus on digital identity management following the government’s efforts to lay the groundwork for an open banking regime Continue Reading

By

• Beverley Head

2019 set to be another record year for data breaches

The number of data breach incidents continues to rise and looks set to reach another record this year, with the business sector first in the firing line, according to a mid-year breach report Continue Reading

By

• Warwick Ashford, Senior analyst

Melbourne researchers uncover privacy lapses in transport dataset

A team of University of Melbourne researchers has been able to re-identify individuals from a public transport dataset, raising serious privacy, safety and security issues Continue Reading

By

• Aaron Tan, TechTarget

DCMS funding aims to increase diversity in cyber sector

A funding round has been announced as part of the Cyber Skills Immediate Impact Fund (CSIIF) with aims of encouraging more diverse talent into the UK’s cyber security sector Continue Reading

By

• Clare McDonald, Business Editor

GDPR faces growing pains across Europe

The General Data Protection Regulation is over a year old now, but it faces challenges across Europe where compliance has taken place at different speeds Continue Reading

By

• Pat Brans, Pat Brans Associates/Grenoble Ecole de Management

Digital domain identified as major security threat by Norway’s intelligence service

Norway's intelligence services has revealed the extent of the threat posed to the country by cyber attacks Continue Reading

By

• Gerard O'Dwyer

UK finance regulator gives extra time for companies to meet payment security rules

Financial Conduct Authority gives companies under its watch an extra 18 months to meet an EU payments security standard Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

British Airways e-ticketing system could expose passenger details

British Airways has not addressed a potential leak of passenger details despite warnings from security researchers, but says it is aware of the issue and is taking action Continue Reading

By

• Warwick Ashford, Senior analyst

Breach cost $53m in Q2, says Desjardins

Credit union cooperative Desjardins reveals that a data breach in June cost the company $53m in the second quarter, but that could be just the start, warn industry commentators Continue Reading

By

• Warwick Ashford, Senior analyst

UK businesses still overlooking human element in security

Most UK businesses are still failing to address the human element in cyber security as part of an integrated approach, exposing themselves unnecessarily to cyber criminal attacks, a study shows Continue Reading

By

• Warwick Ashford, Senior analyst

South Wales Police starts facial recognition trial despite opposition

The use of the facial recognition app by South Wales Police marks the latest deployment of controversial facial recognition technology by police forces in the UK Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Southeast Asian ‘white hat’ urges more countries to sign the Paris Call

A renowned ethical hacker in Malaysia has called for more nations to support the Paris Call for Trust and Security in Cyberspace to counter the threat of cyber warfare Continue Reading

By

• Avanti Kumar

Using tech to boost staff morale

In this week’s Computer Weekly, we look at the emerging technologies being used to improve employee experience and raise staff loyalty and motivation. The CIO of the Football Association explains how IT is changing the way the national game is administered. And we examine the growing role of AI in preventing cyber attacks. Read the issue now. Continue Reading

ICO joins international call for transparency around Facebook’s Libra currency

Data protection regulators from around the world have signed a statement raising privacy concerns about Libra Continue Reading

By

• Bill Goodwin, Computer Weekly
• Sebastian Klovig Skelton, Data & ethics editor

Security Think Tank: Close interdisciplinary ties are key to security integration

How can infosec professionals and data architects work together to support business goals and achieve a good level of cyber security? Continue Reading

By

• Petra Wenham

Enhancing business purpose with privacy compliance

Computer Weekly looks at the importance of building on basic GDPR compliance and making privacy a key foundation of business culture Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: CIA at heart of infosec-data architect partnership

How can infosec professionals and data architects work together to support business goals and achieve a good level of cyber security? Continue Reading

By

• Maxine Holt, Omdia

Facebook asked to explain discrepancies in evidence over Cambridge Analytica

DCMS Committee chairman asks Facebook to clarify what it knew about Cambridge Analytica’s use of its data and when Continue Reading

By

• Sebastian Klovig Skelton and Bill Goodwin

GDPR taken more seriously after first fines

Security professionals believe the first big fines under the General Data Protection Regulation will get organisations to take the new rules more seriously, but will not necessarily change policies or practices Continue Reading

By

• Warwick Ashford, Senior analyst

Leaked Sephora databases peddled on dark web

Cyber security firm finds two databases likely to be related to the Sephora data breach that affected online customers in Southeast Asia, Australia and New Zealand Continue Reading

By

• Aaron Tan, TechTarget

Cisco pays $8.6m after whistleblower discloses security flaws in video surveillance system

James Glenn, a video surveillance expert working for a Cisco reseller in Denmark, alerted Cisco to security faults and stands to gain a share of a multimillion-dollar settlement with the US government Continue Reading

By

• Bill Goodwin, Computer Weekly

Australian firms grappling with “train-smash” of security legislation

While businesses should avoid going into checkbox compliance mode, the constant flux of regulations on cyber security and privacy has led to calls for more legislative coherence from regulators Continue Reading

By

• Beverley Head

ICO selects first innovation Sandbox participants

UK privacy watchdog has chosen the first firms to take part in its Sandbox programme aimed at developing innovative and beneficial products and services that are privacy compliant Continue Reading

By

• Warwick Ashford, Senior analyst

Think beyond tick-box compliance

A year on since GDPR, many organisations are yet to stop fretting over fines and focus instead on business value Continue Reading

By

• Cliff Saran, Managing Editor

F-Secure talks up threat-hunting to stay ahead of cyber attacks in APAC

Cyber security firm calls for organisations to double up on threat-hunting now that nearly all attack and reconnaissance traffic is automated Continue Reading

By

• Avanti Kumar

Facebook shrugs off $5bn fine, reports strong quarter

Investors responded positively after social networking firm reported better-than-expected second-quarter results after budgeting for FTC fine, but the company faces a further antitrust investigation Continue Reading

By

• Warwick Ashford, Senior analyst

Zuckerberg responsible for Facebook privacy compliance after $5bn FTC fine

Facebook pays record fine after breaching users’ privacy, following settlements with Federal Trade Commission and Securities and Exchange Commission Continue Reading

By

• Bill Goodwin and Sebastian Klovig Skelton

Controversial ‘immigration exemption’ used in 60% of cases

The UK government has used a controversial GDPR opt-out in response to the majority of its immigration-related data requests since the start of 2019, the High Court has heard Continue Reading

By

• Warwick Ashford, Senior analyst

Phishing attack highlights cyber security need at universities

UK university cyber security is once again under the spotlight after Lancaster University reveals that it has been targeted by a phishing attack used to send fake invoices Continue Reading

By

• Warwick Ashford, Senior analyst

Almost a third of European firms still not compliant with GDPR

Almost a third of European businesses admit they are still not compliant with the EU’s General Data Protection Regulation, but there are encouraging signs of increased maturity in data protection, with the new rules driving better, business-supporting practices Continue Reading

By

• Warwick Ashford, Senior analyst

High Court to hear challenge to immigration exemption in DPA

The High Court is to hear a challenge by two human rights groups of a controversial clause in new UK data protection legislation they say is in conflict with the EU’s Charter of Fundamental Rights and undermines the General Data Protection Regulation Continue Reading

By

• Warwick Ashford, Senior analyst

How Apollo 11 influenced modern computing

In this week’s Computer Weekly, on the 50th anniversary of the Moon landings we look at the influence Apollo 11 had on modern hardware and software. Our latest buyer’s guide examines data protection. And we find out how retailers with physical stores are using technology to respond to the rise of online shopping. Read the issue now. Continue Reading

Analytics and GDPR compliance: How to achieve it

Mathieu Gorge, CEO of Vigitrust, looks at technologies such as pseudonymisation that can help organisations stay GDPR-compliant while gaining value from analytics on customer data Continue Reading

By

• Antony Adshead, Storage Editor

GDPR one year in

Until recently, no one assumed the ICO would issue large fines for GDPR non-compliance. But that has all changed now that it plans to fine BA Continue Reading

By

• Bob Tarzey

Latest ICO fine highlights privacy due diligence

A week after issuing the first serious GDPR fines, the ICO has further underlined the importance of data stewardship and due diligence regarding privacy practices Continue Reading

By

• Warwick Ashford, Senior analyst

MPs warn of data adequacy hole in no-deal Brexit

Transferring data to and from the EU will only be possible if an agreement is in place before the UK leaves. No deal means no data agreement Continue Reading

By

• Cliff Saran, Managing Editor

How IT pros are building resilience against email security threats

For most people, emails are an easy and harmless way to communicate in the workplace, but they could also be a security disaster waiting to happen Continue Reading

By

• Nicholas Fearn

CW ASEAN: Trend Watch – Security

Artificial intelligence tools are becoming a vital part of the security arsenal for organizations and cyber criminals alike. In this handbook, Computer Weekly looks at how ASEAN firms are using AI to combat cyber threats and experts discuss the latest smart cyber security tools. Continue Reading

Free tool reveals the true cost of ‘free’ online services

New data discovery portal developed by Finnish security firm F-Secure helps to uncover what Facebook, Amazon, Google and other tech giants know about consumers Continue Reading

By

• Warwick Ashford, Senior analyst

Australia’s Notifiable Data Breaches scheme drives compliance but issues remain

Australia’s data breach notification rules have largely been complied with, but some quarters are calling for more clarity on the reporting threshold and tougher action against errant firms. Continue Reading

CW ANZ: Trend Watch – Security

With regulations pushing data protection up the business agenda, we look at how Australia’s Notifiable Data Breaches scheme has been received and consider why a survey that found Australian firms are experiencing fewer cyber breach incidents appears to conflict with anecdotal evidence that suggests the opposite. Continue Reading

Security Think Tank: Engage business to address commercial risk

What strategies can infosec pros use to shift focus from GDPR fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose? Continue Reading

By

• Raef Meeuwisse

Parliamentary committee calls for halt to facial recognition trials

Issues with biometrics and forensics pose a significant risk to effective functioning of the criminal justice system, according to a report by the Science and Technology Committee Continue Reading

By

• Warwick Ashford, Senior analyst

Most security pros still concerned about public cloud security

Despite accelerated adoption of public cloud services by companies keen to benefit from increased efficiency, scalability and agility, most security professionals have reservations Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Translating GDPR compliance into business benefits

What strategies can information security professionals use to shift focus from General Data Protection Regulation fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose? Continue Reading

By

• Emma Bickerstaffe, Information Security Forum (ISF)

NCSC calls out Microsoft over Dmarc reports

The UK’s cyber security agency has called out Microsoft for seriously undermining global email security by failing to provide crucial reports from its email platforms Continue Reading

By

• Warwick Ashford, Senior analyst

UN resolution ignores special rapporteur’s call for halt to spyware sales

UN’s Human Rights Council adopts resolution to explore the impact of new and emerging digital technologies on human rights, but the text ignores a damning report by the council’s own expert on freedom of expression Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Security Think Tank: Aligning data privacy with business objectives

What strategies can infosec pros use to shift focus from GDPR fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose? Continue Reading

By

• Sanjana  Mehta, (ISC)2

BA/Marriott GDPR fines: What they were for and how to avoid them

We talk to Mathieu Gorge, CEO of Vigitrust, about the BA and Marriott GDPR fines and what organisations can do to ensure they achieve compliance with GDPR and similar regulations Continue Reading

By

• Antony Adshead, Storage Editor

Billion-dollar privacy penalties put CEOs on notice

Facebook’s potential $5bn settlement with the FTC follows notifications of planned GDPR fines for British Airways and Marriott International, underlining the importance of data stewardship Continue Reading

By

• Warwick Ashford, Senior analyst

UK public sector needs to prioritise mobile device security

Only 10% of public service stolen and lost mobile are recovered, underlining the need for mobile-centric, zero-trust model to reduce the risk, says MobileIron Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Don’t dismiss the business benefits of GDPR

What strategies can infosec pros use to shift focus from GDPR fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose? Continue Reading

By

• Richard Hunt, Turnkey Consulting