Regulatory compliance and standard requirements
-
News
19 Dec 2024
Latest attempt to override UK’s outdated hacking law stalls
Amendments to the Data Bill that would have given the UK cyber industry a boost by updating restrictive elements of the Computer Misuse Act have failed to progress beyond a Lords committee Continue Reading
-
Opinion
19 Dec 2024
The Data Bill: It’s time to cyber up
The Computer Misuse Act is outdated and needs reform - so it's disappointing to see the government decline an opportunity to update the legislation, says the peer who proposed amendments Continue Reading
-
News
18 Apr 2023
CyberUK 23: NCSC conference centres cyber collaboration
The NCSC’s annual CyberUK conference gets underway in Belfast this week, with collaboration and cooperation high on the agenda Continue Reading
-
News
18 Apr 2023
Focus on these three risky behaviours to boost cloud security
Some 80% of cloud security alerts are triggered by just 5% of security rules. Security teams can substantially improve their resilience by zeroing in on a small set of risky behaviours, according to a report Continue Reading
-
Feature
18 Apr 2023
Why IAM systems are crucial for securing multicloud architecture
As business tools evolve into cloud-based services, organisations are finding themselves becoming ever more reliant on the cloud, but how can data be secured across so many different platforms? Continue Reading
-
News
18 Apr 2023
UK presses on with post-Brexit data protection reform
The revised version of the Data Protection and Digital Information Bill has had its second reading in Parliament as the government presses on with post-Brexit changes, but critics remain sceptical that the EU will be convinced to maintain the UK's data adequacy agreement Continue Reading
-
News
17 Apr 2023
Charity data stolen in ransomware attack on supplier
A number of charities in Ireland and the UK have had their data compromised following a ransomware attack on an IT supplier Continue Reading
-
News
13 Apr 2023
UK joins key allies to launch secure-by-design guidelines
The UK has joined international partners in sharing new advice to help technology companies embed security into the product design and development process Continue Reading
-
Opinion
13 Apr 2023
With cyber attacks on the rise, businesses should prepare for quantum hacks now
Advances in quantum computing have brought the world is on the cusp of a technological revolution, but it is not without risk. Find out why you should start to prepare for post-quantum cryotography today. Continue Reading
-
News
12 Apr 2023
UK police double down on ‘improved’ facial recognition
The Met and South Wales Police have doubled down on their use of facial recognition technology after research found improved accuracy in their algorithms when using certain settings, but civil society groups maintain that the tech will still be used in a discriminatory fashion Continue Reading
-
News
12 Apr 2023
April Patch Tuesday fixes zero-day used to deliver ransomware
A zero-day in the Microsoft Common Log File System that has been abused by the operator of the Nokoyawa ransomware is among 97 vulnerabilities fixed in April’s Patch Tuesday update Continue Reading
-
News
12 Apr 2023
Okta integrates with Singapore’s national digital ID system
The integration with Singpass will let Okta customers authenticate consumers using Singapore’s national digital ID system and is expected to expand the company’s reach in regulated industries Continue Reading
-
News
11 Apr 2023
Anne Keast-Butler named as new director of GCHQ
The government has appointed current MI5 deputy director general Anne Keast-Butler to head signals and cyber agency GCHQ Continue Reading
-
News
11 Apr 2023
KFC, Pizza Hut data stolen in January ransomware attack
Yum!, the parent organisation behind KFC and Pizza Hut in the UK, has disclosed that employee data was accessed and exfiltrated in a January 2023 ransomware attack Continue Reading
-
News
06 Apr 2023
IBM's Nataraj Nagaratnam on the cyber challenges facing cloud services
Governments are introducing increasingly prescriptive data protection policies, but with organisations becoming ever more reliant on multiple cloud service platforms for essential business needs, how can they ensure they meet regulatory requirements? Continue Reading
-
News
06 Apr 2023
Prioritise automated hardening over traditional cyber controls, says report
A report from strategic risk specialist Marsh McLennan advises security buyers to funnel their budgets towards automated cyber security hardening techniques, saying they have a much better chance of reducing risk in a meaningful way Continue Reading
-
News
05 Apr 2023
Italy’s ChatGPT ban: Sober precaution or chilling overreaction?
Italy’s data protection authority issued a temporary ban on ChatGPT citing data protection concerns and alleged breaches of the GDPR. Is this a reasonable precaution, or a chilling restriction on personal freedoms? Continue Reading
-
News
04 Apr 2023
TikTok fined in UK over unlawful use of children’s data
The ICO has fined TikTok £12.7m for breaches of data protection law, including unlawfully collecting data on children under 13 Continue Reading
-
News
04 Apr 2023
National Cyber Force carrying out daily hacking operations to disrupt hostile threats
Government discloses details about the National Cyber Force’s disruption activities against terrorists, organised criminals and nation states – and names first NCF chief as James Babbage Continue Reading
-
News
03 Apr 2023
Australia’s media and telecoms sector saw most data breaches in 2022
The media and telecoms industry accounted for the bulk of stolen credentials in Australia in 2022, underscoring the need to shore up the country’s cyber security posture Continue Reading
-
News
30 Mar 2023
NCSC issues revised security Board Toolkit for business leaders
National Cyber Security Centre calls on CEOs and senior business leaders to take a more hands-on approach to cyber resilience with the launch of revised board-level tools Continue Reading
-
Opinion
30 Mar 2023
Preventing artificial deception in the age of AI
The proposals contained in Westminster’s AI whitepaper are a good start, but more creative thinking and investment will be required to achieve a truly pro-innovation regulatory environment Continue Reading
-
News
29 Mar 2023
How organisations can weaponise data privacy
Organisations should turn data privacy into a competitive advantage and look beyond regulatory compliance to build a privacy programme that aligns with business targets, says Gartner Continue Reading
-
News
28 Mar 2023
Europol warns cops to prep for malicious AI abuse
In a report looking at how large language models can be used by criminals, Europol’s Innovation Lab calls on law enforcement agencies to prepare themselves for wide-ranging impacts on their work Continue Reading
-
News
28 Mar 2023
Ethical hackers urged to respond to Computer Misuse Act reform proposals
The deadline for submissions to the government’s consultation on reform of the Computer Misuse Act is fast approaching, and ethical hackers and security experts need to make their voices heard, says Bugcrowd Continue Reading
-
E-Zine
28 Mar 2023
Is TikTok really a security threat to your business?
In this week’s Computer Weekly, with the UK government becoming the latest administration to ban TikTok, we ask whether the controversial social media app is really a security threat to enterprises. Technology guru Bruce Schneier tells us about the need to take back control of AI and the personal data it relies on. And we look at how firms are trying – and failing – to make AI work for online content moderation. Read the issue now. Continue Reading
-
Definition
28 Mar 2023
Sarbanes-Oxley Act
The Sarbanes-Oxley Act of 2002 is a federal law that established sweeping auditing and financial regulations for public companies. Continue Reading
-
News
27 Mar 2023
France latest to ban TikTok on government devices
Following bans in the UK and US, France has moved to enact restrictions on TikTok, and other social media apps, on government devices Continue Reading
-
News
22 Mar 2023
Why Veeam thinks ransomware warranty payouts are unlikely
Veeam Data Platform v12 offers a financial guarantee to customers that can’t restore after ransomware attacks, but the backup supplier is convinced it won’t be making many payouts Continue Reading
-
News
21 Mar 2023
Nordics move towards common cyber defence strategy
Nordic countries agree to work together to improve their cyber defences amid increasing threat Continue Reading
-
News
17 Mar 2023
UK TikTok ban gives us all cause to consider social media security
The UK government’s ban on TikTok should give all organisations cause to look into what information social media platforms are collecting on us, and what they are using it for Continue Reading
-
News
17 Mar 2023
UK government to create code of practice for generative AI firms
The code will look to strike a balance between copyright holders and generative AI firms so that both parties can benefit from the use of copyrighted material in training data Continue Reading
-
News
16 Mar 2023
TikTok banned on UK government devices
The UK government has followed in the footsteps of its US and European counterparts and banned the use of Chinese social media app TikTok on official devices Continue Reading
-
News
13 Mar 2023
MI5 to oversee new National Protective Security Authority
The new National Protective Security Authority will address various national security threats including state-sponsored cyber espionage against UK targets Continue Reading
-
News
10 Mar 2023
Technology minister Michelle Donelan defends data reforms
Secretary of state Michelle Donelan has defended the government’s new data reforms as providing certainty for businesses while simultaneously retaining high standards of data protection, but industry figures are having mixed reactions Continue Reading
-
Definition
08 Mar 2023
FACTA (Fair and Accurate Credit Transactions Act)
FACTA (Fair and Accurate Credit Transactions Act) is an amendment to FCRA (Fair Credit Reporting Act ) that was added, primarily, to protect consumers from identity theft... (Continued) Continue Reading
-
News
08 Mar 2023
How ForgeRock is tackling identity management
ForgeRock CEO Fran Rosch has set the identity and access management software supplier on a path to deliver a frictionless identity experience without compromising security or privacy Continue Reading
-
News
07 Mar 2023
Nine in 10 enterprises fell victim to successful phishing in 2022
Egress annual email security risk report breaks down impacts of email-based phishing attacks and data loss, and the effect these can have on organisations in terms of staff retention and morale Continue Reading
-
News
07 Mar 2023
Dutch hospitals underestimate impact of cyber attack
IT failures in acute care organisations in the Netherlands have increased considerably since 2010, affecting patient care and stressing the need to improve IT security in hospitals Continue Reading
-
Podcast
06 Mar 2023
Podcast: 2023 compliance and storage outlook
Geopolitical instability casts its shadow as organisations must think about cyber attacks, data location and what to do if things change quickly. We talk to Mathieu Gorge, CEO of Vigitrust Continue Reading
-
News
03 Mar 2023
White House unveils National Cybersecurity Strategy
The strategy will focus on ensuring closer collaboration on cyber security between government and industry, while giving software and other tech companies a bigger role in combatting threats due to their resources and expertise Continue Reading
-
News
02 Mar 2023
AI interview: Michael Osborne, professor of machine learning
Artificial intelligence researcher speaks with Computer Weekly about the implications of a market-driven AI arms race and the overwhelming dominance of the private sector over the technology Continue Reading
-
News
01 Mar 2023
Data breaches in Australia on the rise, says OAIC
Cyber security incidents were the cause of most data breaches, which rose by 26% in the second half of 2022, according to the Office of the Australian Information Commissioner Continue Reading
-
Opinion
28 Feb 2023
Security Think Tank: Training can no longer be a compliance exercise
Historically, security training has tended to take a compliance-based focus, a ‘tick-box’ exercise using generic, off-the-shelf courses. This needs to change, says Hayley Watson of Turnkey Consulting. Continue Reading
-
News
27 Feb 2023
Scotland launches data strategy for health and social care
The five-year strategy aims to make it easier for people to access their own health and social care data, improve data flows between organisations, and transform the way data is used to enhance services Continue Reading
-
News
24 Feb 2023
UK police have ‘culture of retention’ around biometric data
A culture of retention around biometric data in UK policing is damaging public trust, says UK biometrics commissioner, who is calling for clear regulation to govern police use of biometric technologies Continue Reading
-
Opinion
21 Feb 2023
Cyber security training: Insights for future professionals
Future cyber security professionals need soft skills as well as technical ones, says security educator Sudeep Subramanian Continue Reading
-
Opinion
16 Feb 2023
Security Think Tank: New trends and drivers in cyber security training
Self-paced, interactive, bite-sized learning is becoming the optimum path for cyber security training in the workplace, says John Tolbert of KuppingerCole Continue Reading
-
News
14 Feb 2023
UK authorities clamp down on illegal crypto ATMs
The Financial Conduct Authority and West Yorkshire Police have disrupted a number of illegal crypto ATMs Continue Reading
-
News
14 Feb 2023
OSC&R framework to stop supply chain attacks in the wild
The backers of a new MITRE ATT&CK style framework called OSC&R hope to help organisations get to grips with threats to their software supply chains Continue Reading
-
News
14 Feb 2023
Researcher exposes crypto scam network exploiting YouTube
A massive network of fake YouTube videos promoted by automated sock puppet accounts is reeling in hundreds of cryptocurrency enthusiasts and persuading them to hand over their money, WithSecure researchers found Continue Reading
-
Opinion
14 Feb 2023
How to protect your business from fraud during a recession
This winter, the chilly winds of a global recession have fraudsters turning up the heat. PJ Rohall of SEON Fraud Fighters shares some guidance on how to bundle up against fraud Continue Reading
-
News
13 Feb 2023
Investigatory Powers Act: Home Office proposes rethink of safeguards on bulk data collection
David Anderson KC will review the safeguards on intelligence service and police use of bulk datasets following a Home Office assessment that they are 'disproportionate'. Continue Reading
-
Definition
10 Feb 2023
Opex (operational expenditure)
Opex (operational expenditure) is the money a company or organization spends on an ongoing, day-to-day basis to run its business. Continue Reading
-
Definition
08 Feb 2023
SOC 3 (System and Organization Controls 3)
A System and Organization Controls 3 (SOC 3) report outlines information related to a service organization's internal controls for security, availability, processing integrity, confidentiality and privacy. Continue Reading
-
News
08 Feb 2023
Campaigners lament lack of movement on Computer Misuse Act reform
Westminster has opened a new consultation on proposed reforms to the Computer Misuse Act of 1990, but campaigners who want the law changed to protect cyber professionals have been left disappointed Continue Reading
-
News
07 Feb 2023
APP fraud reimbursement proposal is ‘fundamentally flawed’, say MPs
MPs claim the involvement of a bank-sponsored organisation in reimbursing victims of APP fraud would be a conflict of interest Continue Reading
-
Feature
07 Feb 2023
The one problem with AI content moderation? It doesn’t work
The use of artificial intelligence for content moderation is likely to become more pronounced with the passage of the Online Safety Bill, but practitioners and experts question the efficacy of this approach Continue Reading
-
News
06 Feb 2023
Cops make arrests and seize drugs after hacking Exclu encrypted messaging app
Police in the Netherlands, Belgium and Poland raided 80 addresses after covertly intercepting messages from the Exclu encrypted messaging app Continue Reading
-
News
06 Feb 2023
Online banks still riddled with cyber security flaws, report says
Online bank Virgin Money was found to have the weakest online and application security measures in a Which? study but Nationwide, TSB and The Co-Operative Bank all failed on multiple points, too. Continue Reading
-
News
06 Feb 2023
The Security Interviews: How to overcome data protection compliance challenges
Complying with the vast swathe of data protection legislation around the world is complex, especially for smaller organisations without the necessary expertise. Could the compliance process be simplified, and if so, how? Continue Reading
-
Definition
03 Feb 2023
audit program (audit plan)
An audit program, also called an audit plan, is an action plan that documents what procedures an auditor will follow to validate that an organization is in conformance with compliance regulations. Continue Reading
-
News
03 Feb 2023
FCA cracks down on misleading promos by social media influencers
Social media is becoming a major part of the FCA’s work in clamping down on misleading financial advertising and promotions, with multiple influencers rapped for their behaviour Continue Reading
-
Opinion
03 Feb 2023
Security Think Tank: In 2023, we need a new way to cultivate better habits
Regular, small adjustments to behaviour offer a better way to keep employees on track and cultivate a corporate culture of cyber awareness, writes Elastic’s Mandy Andress Continue Reading
-
News
01 Feb 2023
Innovative Technology deploys age estimation tech in shops and pubs
A company involved in Home Office-led trials of biometric age estimation technologies has begun rolling out its hardware to UK shops and pubs so they can use its facial recognition algorithm to assure customers’ ages Continue Reading
-
News
01 Feb 2023
UK Cyber Council and ISACA launch audit, assurance programme
The UK Cyber Security Council has teamed up with ISACA to partner on a new audit and assurance programme for security pros Continue Reading
-
News
31 Jan 2023
Cyber training firm launches £20k data protection scholarship
Training specialist Freevacy has launched a £20,000 scholarship fund to train data privacy and protection professionals Continue Reading
-
News
31 Jan 2023
MI5 unlawfully collected and held millions of people’s data
Secretive court finds MI5 knowingly acted unlawfully in use of bulk surveillance warrants, and the Home Office continued granting warrants despite information the agency was operating outside the law Continue Reading
-
News
30 Jan 2023
Data of 10 million JD Sports customers accessed in cyber attack
Data on 10 million people who shopped online at JD Sports over a two-year period was accessed and potentially stolen in a cyber attack Continue Reading
-
News
25 Jan 2023
Boards struggle to resolve cyber risk in digital supply chains
Accelerated digitisation of supply chains is introducing more cyber risk for which many organisations seem unprepared, according to the BSI’s annual report on supply chain risk Continue Reading
-
News
23 Jan 2023
NCSC warning over cyber risk to charity sector
Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC Continue Reading
-
News
20 Jan 2023
Veeam survey finds ransomware blocks digital transformation
Annual report shows secular trend to the cloud and increased use of containers, but prevalence of ransomware attacks means digital transformation is hindered Continue Reading
-
News
20 Jan 2023
WhatsApp’s £4.8m fine raises questions for organisations using behavioural advertising
The Irish Data Protection Commissioner has fined WhatsApp, owned by Meta, in a case that will raise questions for organisations that rely on contracts rather than consent to comply with GDPR when offering behavioural advertising Continue Reading
-
Definition
19 Jan 2023
ITAR and EAR compliance
The International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR) are two important U.S. export control laws that affect the manufacturing, sales and distribution of certain technologies, technology products, software and services. Continue Reading
-
News
19 Jan 2023
Fraudsters and cyber criminals stole more than £4bn in the UK through 2022
The amount of money stolen by fraudsters and cybercriminals in the UK saw a huge increase in 2022 Continue Reading
-
News
19 Jan 2023
Newham Council rejects use of live facial-recognition tech by police
Live facial-recognition technology should not be used by police in Newham until biometric and anti-discrimination safeguards are in place, according to a motion passed unanimously by the council, but the Met Police and the Home Office have indicated they will not suspend its use Continue Reading
-
News
19 Jan 2023
Outdated IT infrastructure poses growing risk to UK Security Vetting
Delays to UKSV’s important work in safeguarding the country’s national security are in part down to a legacy IT estate in dire need of modernisation, says the NAO Continue Reading
-
News
18 Jan 2023
David Anderson KC to review UK surveillance laws
Home Office commissions independent review of the Investigatory Powers Act, known as the snoopers’ charter. It will include a review of bulk datasets and government access to internet connection records held by phone and internet companies Continue Reading
-
News
17 Jan 2023
Cloudflare urged to clamp down on pirates, counterfeiters
A whitepaper produced by brand protection specialist Corsearch calls on Cloudflare to do more to stop online content piracy and sales of counterfeit goods Continue Reading
-
News
17 Jan 2023
Crest throws support behind CyberUp CMA reform campaign
Cyber accreditation association Crest International has lent its support to the CyberUp campaign for reform to the Computer Misuse Act of 1990 Continue Reading
-
News
14 Jan 2023
Experts concerned over silence around government obligation to review UK surveillance laws
The government is required to review the UK’s surveillance law, the Investigatory Powers Act, but experts say they are in the dark about its plans. The National Crime Agency’s operation Venetic has highlighted the need for urgent reforms Continue Reading
-
News
12 Jan 2023
UK government completes trials of age estimation technology
Government-led trials of age estimation and verification technologies for the sale of alcohol in nightlife venues and supermarkets have been completed, with both government and retail lobbyists pushing for legislation that would allow retailers to adopt the tools for alcohol sales Continue Reading
-
Opinion
12 Jan 2023
Europe’s cyber security strategy must be clear about open source
Europe’s cyber security policy on open source is lagging behind the US, and despite growing government awareness of the issues, that poses a problem Continue Reading
-
News
11 Jan 2023
Should we be worried about malicious use of AI language models?
WithSecure research into GPT-3 language models, used by the likes of ChatGPT, surfaces concerning findings about how easy it is to use large language models for malicious purposes. Should security teams be concerned? Continue Reading
-
News
10 Jan 2023
Insurer Beazley introduces catastrophe bond to ease cyber risk
Insurance company Beazley says that its $45m cyber catastrophe bond will help to protect its balance sheet and enable it to offer more cyber insurance cover Continue Reading
-
News
09 Jan 2023
JPMorgan ordered to face lawsuit over cyber attack on Ray-Ban maker
US banking giant JPMorgan forced to respond to accusations that it failed to inform a business customer about suspicious transactions Continue Reading
-
News
08 Jan 2023
Vulnerable organisations to get free Cyber Essentials support
Charities and legal aid firms are among those to be offered free security checks and certifications from the National Cyber Security Centre Continue Reading
-
News
06 Jan 2023
Proposed digital fraud refund rules risk excluding many victims
Proposals to establish a fraud refund mechanism in the UK risk excluding many victims of digitally enabled fraud, a major bank has warned Continue Reading
-
News
06 Jan 2023
Meta to appeal £345m fine for Facebook and Instagram privacy breaches
Social media company Meta is to appeal after the Irish Data Protection Commission fined the company for breaching GDPR Continue Reading
-
Feature
05 Jan 2023
Securing low Earth orbit represents the new space race
The barriers to launching satellites into low Earth orbit are falling fast, and that brings new cyber security challenges Continue Reading
-
Feature
29 Dec 2022
Cyber security professionals share their biggest lessons of 2022
In the run-up to 2023, cyber security professionals are taking the time to reflect on the past few months and share their biggest lessons of 2022 Continue Reading
-
News
29 Dec 2022
Top 10 technology and ethics stories of 2022
Here are Computer Weekly’s top 10 technology and ethics stories of 2022 Continue Reading
-
News
22 Dec 2022
Top 10 cyber security stories of 2022
The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides Continue Reading
-
News
22 Dec 2022
Top 10 crime, national security and law stories of 2022
Here are Computer Weekly’s top 10 crime, national security and law stories of 2022 Continue Reading
-
Opinion
21 Dec 2022
Post-Brexit cyber dynamics in the UK and Europe: diverging paradigms?
The UK faces a choice in terms of its ongoing cyber security relationship with the EU – to preserve its collaboration with the EU by adopting an aligned approach or to adopt a divergent approach Continue Reading
-
Opinion
19 Dec 2022
Security Think Tank: 2022 brought plenty of learning opportunities in cyber
At the end of another busy 12 months, Turnkey Consulting’s Andrew Morris sums up some of the most important takeaways for cyber pros Continue Reading
-
News
16 Dec 2022
Shiseido data breach victims plan legal action over fake companies
Employees and former employees of cosmetics firm Shiseido whose data was stolen in a recent breach are planning group legal action after their information was used to establish fraudulent companies in their names Continue Reading
-
News
15 Dec 2022
NCA officer questioned in Investigatory Powers Tribunal over failure to disclose EncroChat notes
EncroChat hacking warrant was unlawful and in breach of human rights law, the Investigatory Powers Tribunal hears Continue Reading
-
News
14 Dec 2022
Private health provider data could be shared with NHS England
Plans are advancing to create a single source of healthcare data in England combining both private providers and the NHS to avoid a repeat of the Ian Paterson scandal Continue Reading
-
News
14 Dec 2022
NHS gets new guidance on public benefits of data sharing
NHS national data guardian Nicola Byrne has published new guidance on how health and social care bodies should approach the task of evaluating public benefit when using data for purposes beyond individual care Continue Reading
-
News
14 Dec 2022
New cyber approaches ease Registers of Scotland’s AWS migration
As the holder of the oldest national public land register in the world, Registers of Scotland has a storied history dating back centuries. Find out how Palo Alto Networks is keeping its processes and data secure as it goes all-in on Amazon Web Services Continue Reading
-
News
13 Dec 2022
EU issues draft data adequacy decision in favour of US
The European Commission has concluded that the United States does ensure an adequate level of protection for personal data transferred from the European Union and will now launch the process towards the adoption of an adequacy decision Continue Reading