Security policy and user awareness
-
Feature
19 Nov 2024
Storage technology explained: Ransomware and storage and backup
We look at ransomware attacks, and the importance of good backup practice as well as immutable snapshots, air-gapping, network segmentation, AI anomaly detection and supplier warranties Continue Reading
-
Opinion
19 Nov 2024
Underfunded, under pressure: We must act to support cyber teams
With almost half of cyber pros experiencing more incidents this year, security leaders say their teams are coming under increasing strain. Businesses must be more proactive approach about building a resilient, future-ready workforce Continue Reading
-
E-Zine
19 Nov 2024
Adventures in AI at Tripadvisor
In this week’s Computer Weekly, we find out how travel site Tripadvisor is embracing AI to offer new products and services to its users. Gartner says the chance of a successful digital project is like ‘flipping a coin’ – we went to its annual IT leadership symposium to ask why. And we examine what companies must do to comply with the EU’s new NIS2 cyber security rules. Read the issue now. Continue Reading
-
News
18 Nov 2024
AWS widening scope of MFA programme after early success
AWS reports strong take-up of multi-factor authentication among customers since making it compulsory for root users earlier this year, and plans to expand the scope of its IAM programme in spring 2025 Continue Reading
-
News
18 Nov 2024
UK consumers losing more than ever to holiday scams
Last Christmas, UK consumers lost over £11m to cyber criminals. This year, to save them from tears, the NCSC and Action Fraud are teaming up to launch an anti-fraud campaign Continue Reading
-
E-Zine
14 Nov 2024
CW APAC – Trend Watch: Modernising security operations
Organisations everywhere know the risks of cyber security complacency. In this handbook, focused on modernising security operations in the Asia-Pacific region, Computer Weekly looks at how Australia is bolstering its defences, Splunk and Cisco’s integration, and Palo Alto Networks’ ‘precision AI’. Continue Reading
-
News
14 Nov 2024
Williams Racing F1 team supports kids cyber campaign
A multi-region campaign will teach pre-teen children cyber security basics – with a little help from Formula 1 star Alex Albon Continue Reading
-
News
14 Nov 2024
Ping CEO on ForgeRock integration and future of identity
Ping Identity CEO Andre Durand discusses the company’s unified roadmap, commitment to customer stability and growth plans in the evolving identity landscape following the merger with ForgeRock Continue Reading
-
News
12 Nov 2024
Microsoft fixes 89 CVEs on penultimate Patch Tuesday of 2024
High-profile vulns in NTLM, Windows Task Scheduler, Active Directory Certificate Services and Microsoft Exchange Server should be prioritised from November’s Patch Tuesday update Continue Reading
-
News
12 Nov 2024
Zero-day exploits increasingly sought out by attackers
Threat actors increasingly favour zero-day exploits to attack their victims before patches become available, according to the NCSC and CISA, which have just published a list of the most widely used vulnerabilities of 2023 Continue Reading
-
Opinion
12 Nov 2024
Strengthening cyber: Best IAM practices to combat threats
The Security Think Tank considers best practices in identity and access management and how can they be deployed to enable IT departments to combat cyber-attacks, phishing attacks and ransomware Continue Reading
-
Feature
08 Nov 2024
What are the security risks of bring your own AI?
The rise of generative AI has led to a plethora of publicly accessible artificial intelligence tools, but what are the risks when external AI tools are used with corporate data? Continue Reading
-
News
07 Nov 2024
Google Cloud MFA enforcement meets with approval
Latest Google Cloud policy to enforce multifactor authentication across its user base is welcomed by security professionals Continue Reading
-
News
07 Nov 2024
AI a force multiplier for the bad guys, say cyber pros
CIISec’s annual report on the security profession finds evidence of growing concern that artificial intelligence will ultimately prove more useful to threat actors than defenders Continue Reading
-
Opinion
05 Nov 2024
User-centric security should be core to cloud IAM practice
The Security Think Tank considers best practices in identity and access management and how can they be deployed to enable IT departments to combat cyber-attacks, phishing attacks and ransomware Continue Reading
-
News
01 Nov 2024
CISA looks to global collaboration as fraught US election begins
The US' CISA cyber agency has unveiled a two-year International Strategic Plan to advance collaboration and improve resilience against shared risks and threats Continue Reading
-
News
29 Oct 2024
EMEA businesses siphoning budgets to hit NIS2 goals
With NIS2 now in effect, European business leaders are having to divert budget from elsewhere to achieve compliance Continue Reading
-
News
28 Oct 2024
Russian Linux kernel maintainers blocked
To ensure compliance, the Linux kernel will no longer allow Russian software developers to work on maintaining the codebase Continue Reading
-
News
28 Oct 2024
UK launches cyber guidance package for tech startups
The NCSC and NPSA, alongside agencies from the Five Eyes alliance, have issued guidance for startups on how to secure themselves against common cyber threats and targeted industrial espionage Continue Reading
-
News
25 Oct 2024
Dutch critical infrastructure at risk despite high leadership confidence
Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise Continue Reading
-
News
22 Oct 2024
Danish government reboots cyber security council amid AI expansion
Denmark’s government relaunches digital security initiative to protect business sectors and society at large Continue Reading
-
News
21 Oct 2024
Can AI be secure? Experts discuss emerging threats and AI safety
International cyber security experts call for global cooperation and proactive strategies to address the security challenges posed by artificial intelligence Continue Reading
-
News
17 Oct 2024
EU cyber security bill NIS2 hits compliance deadline
The EU’s NIS2 bill will harmonise how companies and member states approach cyber security, but its success will depend on how well it is implemented and enforced Continue Reading
-
News
15 Oct 2024
NCSC expands school cyber service to academies and private schools
The National Cyber Security Centre is expanding its PDNS for Schools service to encompass a wider variety of institutions up and down the UK Continue Reading
-
Feature
15 Oct 2024
Reinventing security operations for the modern threat landscape
The growing pace of digital transformation has opened new avenues for attackers, making traditional security measures obsolete. Organisations must modernise their security operations to fortify their defences and navigate the evolving threat landscape Continue Reading
-
Opinion
11 Oct 2024
Robust cloud IAM should align to zero-trust principles
The Security Think Tank considers best practices in identity and access management and how can they be deployed to enable IT departments to combat cyber-attacks, phishing attacks and ransomware. Continue Reading
-
News
10 Oct 2024
NCSC issues fresh alert over wave of Cozy Bear activity
The NCSC, FBI and NSA publish updated warning about Cozy Bear’s activities, highlighting a range of vulnerabilities the threat actor is using to set up its cyber attacks Continue Reading
-
News
10 Oct 2024
Government launches cyber standard for local authorities
Local government bodies are being invited to take advantage of a new NCSC-derived Cyber Assessment Framework to help enhance their resilience and ward off cyber attacks Continue Reading
-
News
09 Oct 2024
MoneyGram customer data breached in attack
MoneyGram confirms that customer data has been stolen in an incident that appears to have started with a social engineering attack on its IT helpdesk staff Continue Reading
-
News
09 Oct 2024
Five zero-days to be fixed on October Patch Tuesday
Stand-out vulnerabilities in Microsoft’s latest Patch Tuesday drop include problems in Microsoft Management Console and the Windows MSHTML Platform Continue Reading
-
Definition
09 Oct 2024
What is OPSEC (operations security)?
OPSEC (operations security) is an analytical process that military, law enforcement, government and private organizations use to prevent sensitive or proprietary information from being accessed inappropriately. Continue Reading
-
News
09 Oct 2024
UK Cyber Team seeks future security professionals
Young people from across the UK have a chance to represent the country in international competitions and advance their future careers in cyber security Continue Reading
-
News
08 Oct 2024
Secureworks: Ransomware takedowns didn’t put off cyber criminals
The number of active cyber criminal ransomware gangs has surged by almost a third in the space of 12 months, according to the latest intelligence from Secureworks Continue Reading
-
News
04 Oct 2024
NCSC celebrates eight years as Horne blows in
Outgoing NCSC interim leader Felicity Oswald shares her thoughts on the body’s work over the past eight years as she hands over the reins to incoming CEO Richard Horne Continue Reading
-
News
03 Oct 2024
Microsoft files lawsuit to seize domains used by Russian spooks
Microsoft has been given permission to seize multiple domains used by the Russian state threat actor Star Blizzard as part of a coordinated disruption effort undertaken ahead of the US elections Continue Reading
-
Opinion
03 Oct 2024
Rise of the cyber clones: When seeing isn’t believing
It is frighteningly easy to clone someone else's identity using readily-available artificial intelligence tools Continue Reading
-
News
02 Oct 2024
UK and Singapore to collaborate on supporting ransomware victims
At the fourth Counter Ransomware Initiative Summit in the US, both the UK and Singapore have committed to working on new guidance designed to better support victims and undermine cyber criminal business models Continue Reading
-
News
02 Oct 2024
Cyber UK’s quickest growing tech field, but skills gap remains
More people than ever are joining the cyber security profession in the UK, according to a report, but there is still a serious shortage even with a doubling in numbers Continue Reading
-
News
01 Oct 2024
Unmasked: The Evil Corp cyber gangster who worked for LockBit
The NCA has named and shamed a prominent member of the Evil Corp cyber crime collective who also worked as an affiliate of the LockBit ransomware gang as the UK unveils new sanctions against 16 Russian cyber criminals Continue Reading
-
News
01 Oct 2024
Cyber teams say they can’t keep up with attack volumes
Over 60% of European security pros say their teams are understaffed, and over 50% don’t have enough budget, according to data from ISACA Continue Reading
-
News
27 Sep 2024
UK on high alert over Iranian spear phishing attacks, says NCSC
The NCSC and counterpart agencies in the US have issued a warning over enhanced Iranian spear phishing activity targeting politicians, journalists, activists and others with an interest in Middle Eastern affairs Continue Reading
-
Opinion
27 Sep 2024
Defaulting to open: Decoding the (very public) CrowdStrike event
The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading
-
Opinion
27 Sep 2024
Cyber companies need a best practice approach to major incidents.
The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading
-
Opinion
27 Sep 2024
Closing the curtain on cyber security theatre
Leaders must redefine expectations, rethink responsibility and eliminate unproductive practices to move towards real security, says Gartner vice-president analyst Richard Addiscott Continue Reading
-
News
26 Sep 2024
Racist Network Rail Wi-Fi hack was work of malicious insider
Police have revealed that this week’s racist cyber attack on public Wi-Fi networks at stations across the UK appears to have been the work of a malicious insider, after arresting an employee of one of the service providers Continue Reading
-
News
24 Sep 2024
Unique malware sample volumes seen surging
BlackBerry’s latest ‘Global threat intelligence’ report details a surge in unique malware samples as threat actors ramp up the pace of targeted attacks Continue Reading
-
Opinion
24 Sep 2024
How to respond when your cyber company becomes the story
The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading
-
News
23 Sep 2024
Microsoft shares progress on Secure Future Initiative
Microsoft has published a progress report on its Secure Future Initiative, launched last year in the wake of multiple security incidents, and made a series of commitments to improve its internal cyber culture Continue Reading
-
Opinion
23 Sep 2024
Security Think Tank: Win back lost trust by working smarter
The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading
-
Opinion
23 Sep 2024
Gartner: Mitigating security threats in AI agents
Agents represent a step-change in the use of artificial intelligence in the enterprise - as attendees at Salesforce's annual conference saw first hand this month - but do not come without their risks Continue Reading
-
Opinion
20 Sep 2024
CrowdStrike incident shows we need to rethink cyber
The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading
-
News
18 Sep 2024
NCSC exposes Chinese company running malicious Mirai botnet
The NCSC and its Five Eyes allies have published details of the activities of a China-based cyber security company that is operating a Mirai IoT botnet in the service of government-backed intrusions Continue Reading
-
Definition
18 Sep 2024
What is email spam and how to fight it?
Email spam, also known as 'junk email,' refers to unsolicited email messages, usually sent in bulk to a large list of recipients. Humans send spam, but more often, botnets are responsible for sending it. Continue Reading
-
News
13 Sep 2024
Cyber workforce must almost double to meet global talent need
Research from ISC2 finds global cyber workforce needs additional 4.8 million people to fully secure businesses Continue Reading
-
News
11 Sep 2024
How Sonar is elevating code quality in the age of AI
Sonar’s code quality platform helps developers maintain secure, high-quality code amid the rise of artificial intelligence-based coding assistants, now expanding into the Asian market Continue Reading
-
News
11 Sep 2024
ICO and NCA sign MoU to provide joint support for cyber crime victims
UK data protection watchdog joins forces with law enforcement agency to provide more support for organisations that fall victim to cyber crime and ransomware attacks Continue Reading
-
News
10 Sep 2024
JFrog and GitHub unveil open source security integrations
Secure software specialist JFrog is working with code development service GitHub to integrate the onboard capabilities of its Software Supply Chain Platform service into GitHub’s platform Continue Reading
-
News
05 Sep 2024
NCSC and allies call out Russia's Unit 29155 over cyber warfare
The NCSC and counterpart agencies from the US and other countries have exposed a long-running campaign of Russian cyber espionage and warfare conducted by GRU Unit 29155 Continue Reading
-
News
05 Sep 2024
Fog ransomware crew evolving into wide-ranging threat
The emergent Fog ransomware gang appears to be changing up its victimology in search of more cash-rich victims Continue Reading
-
Blog Post
05 Sep 2024
Resetting our relationship with data
We need to have an open and honest debate about data, data collection and, just as important, the timely disposal of the information when it is no longer needed.While there are many good reasons ... Continue Reading
-
News
05 Sep 2024
Canadian arrested by France after cooperating with US on Sky ECC cryptophone investigation
Thomas Herdman, who faces charges in France over his involvement in distributing Sky ECC encrypted phones, was arrested by French police despite agreeing to cooperate with US law enforcement Continue Reading
-
News
04 Sep 2024
Fraud and scam complaints hit highest ever level in UK
The Financial Ombudsman Service says it recorded almost 9,000 complaints about fraud and scams from April to June, the most ever recorded Continue Reading
-
Opinion
04 Sep 2024
Cyber firms need to centre their own resilience
The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading
-
News
29 Aug 2024
Check Point secured for annual Security Serious cyber awards
The annual Security Serious Unsung Heroes awards, recognising the champions of the UK cyber security industry, are back once again, with a new headline sponsor joining the party Continue Reading
-
News
29 Aug 2024
Iranian APT caught acting as access broker for ransomware crews
Members of Iran-backed Pioneer Kitten APT appear to be trying to supplement their pay packets by helping Russian-speaking ransomware gangs to access their victims in exchange for a cut of the profits Continue Reading
-
Opinion
29 Aug 2024
Cyber law reform should be top of Labour's policy list
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
Opinion
28 Aug 2024
A coherent Labour cyber strategy depends on consistency
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
28 Aug 2024
Iranian APT Peach Sandstorm teases new Tickler malware
Peach Sandstorm, an Iranian state threat actor, has developed a dangerous new malware strain that forms a key element of a rapidly evolving attack sequence Continue Reading
-
News
28 Aug 2024
Global cyber spend to rise 15% in 2025, pushed along by AI
Security spending will increase at pace in 2025, with artificial intelligence, cloud and consultancy services all pushing outlay to new highs, according to Gartner Continue Reading
-
Opinion
27 Aug 2024
Extending zero-trust principles to endpoints
By combining zero-trust principles with other security strategies and continuously monitoring and improving their security posture, organisations can effectively mitigate risks and protect their resources, says Gartner's Nikul Patel Continue Reading
-
Opinion
27 Aug 2024
The US courts may have thrown a wrench into cyber regulation
A recent decision by the US Supreme Court to overrule the longstanding Chevron Deference has serious implications for global cyber security regulation Continue Reading
-
Opinion
27 Aug 2024
Public education on security must be a top priority for Labour
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
22 Aug 2024
New Qilin tactics a ‘bonus multiplier’ for ransomware chaos
Sophos X-Ops caught the Qilin ransomware gang stealing credentials stored by victims' employees in Google Chrome, heralding further cyber attacks and breaches down the line. Continue Reading
-
News
21 Aug 2024
Pakistani national arrested over Southport ‘cyber terrorism’
Authorities in Pakistan have arrested a man on suspicion of cyber terrorism over his role in the spread of online misinformation in the wake of the Southport knife attack Continue Reading
-
Opinion
20 Aug 2024
From manifesto to material: What No. 10 needs to make reality
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
20 Aug 2024
Phishing links becoming bigger threat than email attachments
Phishing techniques are evolving away from malicious email attachments, according to a report Continue Reading
-
News
19 Aug 2024
Challenges of deploying PQC globally
Quantum computers will eventually be powerful and reliable enough to crack strong encryption. PQC is the answer, but it could take years to deploy Continue Reading
-
Opinion
19 Aug 2024
How might the UK's cyber landscape change under Labour?
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
16 Aug 2024
Thousands of NetSuite customers accidentally exposing their data
Misconfigured permissions across live websites are leaving thousands of NetSuite users open to having their valuable customer data stolen, researchers say Continue Reading
-
Opinion
15 Aug 2024
Google's cookie conundrum: What comes next?
Google's revised approach to third-party cookies shouldn't come as a surprise, and may also be welcome Continue Reading
-
Opinion
15 Aug 2024
With the right tools and strategy, public cloud should be safe to use
Despite the complexity and evolving nature of threats, with the right strategy, tools, and constant vigilance, businesses can safely and securely leverage public cloud services Continue Reading
-
News
14 Aug 2024
August Patch Tuesday proves busy with six zero-days to fix
Microsoft patches six actively exploited zero-days among over 100 issues during its regular monthly update Continue Reading
-
Opinion
13 Aug 2024
Labour's first cyber priority must be the NHS
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
Blog Post
09 Aug 2024
Cyberfirst needs more than a change of gear
Instead of establishing a new organisation, Cyberfirst should be restructured to work locally and nationally through the Cyber Security Council and existing mainstream on-line safety, safeguarding ... Continue Reading
-
Feature
09 Aug 2024
Deep dive into quantum-resistant cryptography for email security
Quantum computers have the potential to crack many of the encryption methods we currently rely on to keep our digital communications safe. Quantum-resistant cryptography may be the answer Continue Reading
-
News
08 Aug 2024
Royal ransomware crew puts on a BlackSuit in rebrand
The Royal ransomware gang is back, with a new name and refreshed capabilities, including an apparently unique ‘partial encryption’ gambit, according to CISA Continue Reading
-
News
08 Aug 2024
US lawmakers seek to brand ransomware gangs as terrorists
Proposals from legislators in Washington DC could shake up the global ransomware ecosystem and give law enforcement sweeping new powers Continue Reading
-
Opinion
07 Aug 2024
Cyber security adoption is vital to Scotland’s space race
Scotland has a golden opportunity to capitalise on space technology to make itself a global leader, but to maximise its potential in the new space race, more attention must be paid to cyber security risk Continue Reading
-
News
06 Aug 2024
Advanced faces fine over LockBit attack that crippled NHS 111
Advanced Software faces a multimillion pound fine for a series of failings which directly led to a 2022 LockBit ransomware attack that disrupted NHS and social care services across the UK Continue Reading
-
News
06 Aug 2024
2024 seeing more CVEs than ever before, but few are weaponised
The number of disclosed CVEs soared by 30% in the first seven-and-a-half months of the year, but a tiny fraction of these have been exploited by threat actors, a reminder of the importance of focused security strategies Continue Reading
-
News
05 Aug 2024
Chinese cyber attack sparks alert over six-year-old MS vuln
After a proof-of-concept for a six-year-old Microsoft vulnerability emerged in a Chinese APT attack chain, defenders should be on the look-out for exploitation of CVE-2018-0824 Continue Reading
-
News
05 Aug 2024
World’s largest companies at near-universal risk of supply chain breach
Data from SecurityScorecard once again focuses on the interconnected nature of business supply chains and the risk posed to operational resilience by unexpected IT problems and cyber threats Continue Reading
-
News
05 Aug 2024
Russia’s luxury car phish continues to prove effective
Government organisations and other bodies operating in Ukraine continue to be targeted by a relatively unsophisticated phishing campaign that has proven so effective for Russia’s cyber spooks that there are now multiple agencies involved Continue Reading
-
Opinion
05 Aug 2024
Cyber lessons, and priorities for the UK's new government
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
Opinion
02 Aug 2024
Labour should focus on talent to improve UK's cyber posture
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
01 Aug 2024
Police hunt scammers after takedown of Russian Coms fraud platform
The National Crime Agency has arrested four people after taking down a phone number spoofing platform used by criminals to defraud hundreds of thousands of people in the UK with more arrests to follow Continue Reading
-
Opinion
01 Aug 2024
Is it time to refresh the UK's cyber strategy?
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
01 Aug 2024
Banks, telcos call for more data sharing to fight fraud
A Which?-led coalition of banks and telecoms operators is calling on the UK's new government to take the lead on enabling data sharing to help fight digital fraud Continue Reading
-
Opinion
31 Jul 2024
When critical cyber response becomes second nature
When alerts and headlines blare out warnings of critical vulnerabilities in widely-used software, the cyber security community needs to adopt a more decisive and clear-cut approach, says Huntress' Chris Henderson Continue Reading
-
News
31 Jul 2024
Campaigners call for evidence to reform UK cyber laws
The CyberUp Campaign for reform of the 1990 Computer Misuse Act launches an industry survey inviting cyber experts to share their views on how the outdated law hinders legitimate work Continue Reading
-
Definition
31 Jul 2024
What is cyber attribution?
Cyber attribution is the process of tracking and identifying the perpetrator of a cyberattack or other cyber operation. Continue Reading
-
Feature
30 Jul 2024
CISO mentoring – who to turn to when the worst happens
Those who get the role of a CISO may have overcome some professional hurdles, but are they ready to face what comes as part of the job? And who do they ask for advice? We look at the mentoring dilemma Continue Reading