Regulatory compliance and standard requirements
-
Feature
08 Nov 2024
What are the security risks of bring your own AI?
The rise of generative AI has led to a plethora of publicly accessible artificial intelligence tools, but what are the risks when external AI tools are used with corporate data? Continue Reading
-
News
07 Nov 2024
Google Cloud MFA enforcement meets with approval
Latest Google Cloud policy to enforce multifactor authentication across its user base is welcomed by security professionals Continue Reading
-
News
21 Dec 2023
Top 10 cyber crime stories of 2023
Ransomware gangs dominated the cyber criminal underworld in 2023, a year that will prove notable for significant evolutionary trends in their tactics Continue Reading
-
News
21 Dec 2023
Top 10 storage supplier strategy stories of 2023
In 2023, we looked at the top storage suppliers, their market share and how they set themselves for a future of hybrid cloud, containerisation and consumption models of purchasing Continue Reading
-
Opinion
20 Dec 2023
Beyond the office walls: Safeguarding remote workers from attack
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
Opinion
20 Dec 2023
Zero-trust principles: Your gateway to securing remote workers
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
Opinion
20 Dec 2023
What we learned in cyber in 2023, and what to look out for
PA Consulting's Rasika Somasiri looks back at a busy 12 months in the cyber security world, and highlights some key learnings from 2023 Continue Reading
-
Opinion
19 Dec 2023
Security Think Tank: Testing to improve remote worker security
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
News
19 Dec 2023
Top 10 cyber security stories of 2023
The past 12 months have seen the security agenda dominated by the usual round of vulnerabilities, concerns over supply chain security and more besides, but it was the chaotic state of global geopolitics that really made an impact Continue Reading
-
Opinion
19 Dec 2023
Security Think Tank: Anytime, anywhere access is achievable
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
News
14 Dec 2023
Government plans to regulate to tackle datacentre threats
DSIT outlines a range of proposals designed to protect data storage facilities from cyber attacks, as well as physical threats and the effects of climate breakdown Continue Reading
-
News
14 Dec 2023
The Security Interviews: Talking identity with Microsoft’s Joy Chik
Microsoft’s president of identity and network access, Joy Chik, joins Computer Weekly to discuss the evolving threat landscape in identity security, using innovations in artificial intelligence to stay ahead, and advocating for the coming passwordless future Continue Reading
-
News
14 Dec 2023
NCSC CEO Lindy Cameron to step down in 2024
NCSC chief exec Lindy Cameron, who helped lead and elevate the national dialogue on cyber security through major events such as Covid-19, SolarWinds Sunburst and Colonial Pipeline, is to step down in the New Year Continue Reading
-
News
14 Dec 2023
ICO complaint seeks answers from prosecutors over deleted Assange emails
An Italian journalist has complained to the data protection watchdog after the Crown Prosecution Service gave conflicting explanations over its deletion of key emails on WikiLeaks founder Julian Assange Continue Reading
-
News
13 Dec 2023
How ransomware gangs use the tech media against their victims
Ransomware gangs are increasingly media-savvy operators, and this means incident response plans now need to account for communications and PR strategies too Continue Reading
-
News
13 Dec 2023
Critical UK infrastructure a ‘hostage of fortune’ to ransomware
A lack of ransomware planning and preparedness at the highest levels of government is leaving UK operators or critical national infrastructure dangerously exposed, according to a Joint Committee report Continue Reading
-
News
13 Dec 2023
Inside the Singapore government’s cloud journey
The Smart Nation Group’s chief digital technology officer outlines the government’s cloud journey, including its approach to cloud migration and how it came to host mission-critical workloads on AWS Continue Reading
-
News
12 Dec 2023
MoD fined after breach of Afghan staffers’ data put lives at risk
The MoD has been fined £350,000 by the ICO after an email blunder exposed data on Afghan nationals who had worked with British forces and were at risk of Taliban reprisals Continue Reading
-
News
12 Dec 2023
Top IT predictions in APAC in 2024
Generative AI will continue to leave its mark on many areas in business and IT, along with other trends such as sustainability, cyber security and smart factories that are expected to shape the region’s technology landscape in 2024 Continue Reading
-
News
11 Dec 2023
Nordic governments join forces to protect data transfers
Nordic countries deepen their cooperation over cyber security amid heightened threat from neighbouring Russia Continue Reading
-
Feature
05 Dec 2023
How to recover systems in the event of a cyber attack
Recovering compromised systems after a cyber attack isn’t easy, but understanding industry best practice offers a template for the key processes to follow Continue Reading
-
News
05 Dec 2023
Operator of Sellafield nuclear facility denies hacking claims
The operator of the Sellafield nuclear site has denied allegations that senior managers covered up a series of cyber security lapses that enabled Chinese and Russian threat actors to compromise its networks Continue Reading
-
Definition
04 Dec 2023
PCAOB (Public Company Accounting Oversight Board)
The Public Company Accounting Oversight Board (PCAOB) is a congressionally established nonprofit that assesses audits of public companies in the United States to protect investors' interests. Continue Reading
-
News
04 Dec 2023
Rhysida ransomware gang hits hospital holding royal family’s data
Ransomware gang boasts of having stolen data on the royal family in an attack on a private London hospital Continue Reading
-
News
01 Dec 2023
Report reveals sorry state of cyber security at UK football clubs
Football clubs up and down the country are putting staff, players and fans alike at risk through outdated attitudes to cyber security, according to a report Continue Reading
-
News
01 Dec 2023
Lords committee urges caution on UK use of autonomous weapons
UK government must ensure proper democratic oversight of its development and use of AI-powered weapon systems, says Lords committee Continue Reading
-
Opinion
30 Nov 2023
Prepare for your worst day: How to create a cyber incident response plan
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
News
28 Nov 2023
Meta faces GDPR complaint over processing personal data without 'free consent'
Paid-for service means data protection is only available to those who can afford it, privacy group argues in data protection complaint Continue Reading
-
News
28 Nov 2023
Scope of British Library data breach widens
Personal data on British Library users has appeared for sale on the dark web following a Rhysida ransomware attack, as the scope of the still-developing incident widens again Continue Reading
-
News
27 Nov 2023
NCSC publishes landmark guidelines on AI cyber security
The NCSC and its US counterpart CISA have brought together tech companies and governments to countersign a new set of guidelines aimed at promoting a secure-by-design culture in AI development Continue Reading
-
Opinion
24 Nov 2023
DORA raises the stakes for cloud use in financial services
The EU's DORA regulations will raise the stakes for cloud in financial services but resilience is more than just a tech issue, says NetApp's Steve Rackham Continue Reading
-
Opinion
23 Nov 2023
Navigating the DPDI Bill: A transformative shift ahead
The Data Protection and Digital Information (No. 2) Bill, or DPDI, is set to reshape the UK’s data protection framework. Louise Brooks of DQM GRC considers the implications Continue Reading
-
News
23 Nov 2023
North Korean APTs go all in on supply chain attacks, warns NCSC
Threat actors linked to the North Korean regime are becoming more adept at targeting software supply chains in the service of their cyber attacks Continue Reading
-
News
23 Nov 2023
Australia ups ante on cyber security
Australia’s new cyber security strategy will focus on building threat-blocking capabilities, protecting critical infrastructure and improving the cyber workforce, among other priorities Continue Reading
-
News
22 Nov 2023
Palantir awarded NHS FDP data contract
NHS England has awarded a £330m, seven-year contract to US data specialist Palantir, prompting concerns from data privacy practitioners Continue Reading
-
Opinion
21 Nov 2023
Why transparency and accountability are important in cyber security
If we accept that the humans who build technology and systems are naturally fallible and mistakes inevitable, and then deal with that with good grace, we could do much to improve cyber standards, writes Bugcrowd's Casey Ellis Continue Reading
-
News
20 Nov 2023
IT not ready for AI, Pure Storage survey finds
Storage, compute and networking hardware won’t cope without upgrades, and that often means total IT infrastructure overhaul Continue Reading
-
News
17 Nov 2023
Microsoft and Meta quizzed on AI copyright
Large language models are trained using vast amounts of public data – but do the hyperscalers comply with copyright laws? Continue Reading
-
News
16 Nov 2023
Ransomware gang grasses up uncooperative victim to US regulator
The ALPHV/BlackCat ransomware gang has added a new tactic to its playbook, going to ever more extreme lengths in search of a pay-off Continue Reading
-
Definition
14 Nov 2023
cardholder data environment (CDE)
A cardholder data environment (CDE) is a computer system or networked group of IT systems that processes, stores or transmits cardholder data or sensitive payment authentication data. Continue Reading
-
News
13 Nov 2023
Rogue state-aligned actors are most critical cyber threat to UK
The prospect of rogue nation-state-aligned attackers bringing down the UK’s critical infrastructure is keeping the NCSC up at night Continue Reading
-
News
13 Nov 2023
Victims’ legal action over 2015 Carphone Warehouse breach moves forward
A class action against Currys Retail over the 2015 data breach of Carphone Warehouse customers has been granted permission to move forward in the courts Continue Reading
-
News
13 Nov 2023
ICO alerted after technical ‘issue’ exposed college files to student barristers
A training college for barristers has reported a data breach that left sensitive data on hundreds of current and former students accessible to other trainees Continue Reading
-
Opinion
10 Nov 2023
Breached? Don't panic… if you created a robust IR plan
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
News
10 Nov 2023
UN disarmament body calls for global action on autonomous weapons
UN draft resolution highlighting the dangers of autonomous weapons passes with overwhelming majority Continue Reading
-
Opinion
10 Nov 2023
How the Online Safety Act will impact businesses beyond Big Tech
The Online Safety Act will impact an estimated 100,000 online services in the UK and overseas Continue Reading
-
Opinion
09 Nov 2023
The best IR plans are well-revised and deeply familiar
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
News
09 Nov 2023
The Security Interviews: Why cyber needs to integrate better
Cyber security is an intensely technical field, but we shouldn’t ignore the soft skills of communication and collaboration. Wipro’s Tony Buffomante explains why a robust security posture is dependent on a security team engaging with the wider organisation Continue Reading
-
News
08 Nov 2023
Data-sharing management gap highlights cyber risk, says report
Organisations are struggling to secure their use of communications tools to share data with third-party partners and suppliers, and in the process are exposing themselves to heightened levels of risk, according to a report Continue Reading
-
Opinion
08 Nov 2023
The plan for the inevitable cyber attack: Get the gist of NIST
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
News
08 Nov 2023
King’s Speech misses the mark on cyber law reform, says campaign
A group of activists who want to reform the UK’s computer misuse laws to protect bona fide cyber pros from prosecution have been left disappointed by a lack of legislative progress Continue Reading
-
News
08 Nov 2023
The Security Interviews: ISC2’s Clar Rosso on cyber diversity and policy
Computer Weekly catches up with ISC2 CEO Clar Rosso to talk about diversifying the cyber workforce and supporting cyber pros as they keep up with growing compliance and security policy demands Continue Reading
-
Opinion
07 Nov 2023
Enhancing security: The crucial role of incident response plans
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
E-Zine
07 Nov 2023
How ExxonMobil is leading with data
In this week’s Computer Weekly, we talk to the leader of ExxonMobil’s data organisation, about the energy giant’s strategy to establish enterprise-wide principles for the use of data. As the UK’s Online Safety Act comes into force, we examine the tech sector’s concerns over the laws around end-to-end encryption. And we look at the software tools available to HR teams to help improve staff retention. Read the issue now. Continue Reading
-
Opinion
06 Nov 2023
IR plans: The difference between disaster and recovery
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
News
06 Nov 2023
How Trellix’s CISO keeps threat actors at bay
Trellix’s chief information security officer, Harold Rivas, outlines how the company mitigates security threats through containment and by helping security analysts to respond faster to cyber incidents Continue Reading
-
Opinion
03 Nov 2023
Incident response planning requires constant testing
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
Opinion
02 Nov 2023
Use existing structures to build your incident response plan
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
News
02 Nov 2023
EU digital ID reforms should be ‘actively resisted’, say experts
Over 300 cyber security experts have called for the EU to rethink its proposals for eIDAS digital identity reforms, saying some of the provisions risk damaging user privacy and security Continue Reading
-
Opinion
01 Nov 2023
Incident response planning is vulnerable to legacy thinking
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
News
01 Nov 2023
Darktrace CEO Poppy Gustafsson on her AI Safety Summit goals
As the AI Safety Summit at Bletchley Park takes place, Computer Weekly caught up with Darktrace CEO Poppy Gustafsson to find out what one of the UK’s most prominent AI advocates wants from proceedings Continue Reading
-
News
31 Oct 2023
British Library falls victim to cyber attack
The British Library is experiencing a major IT outage following a cyber incident of an undisclosed nature Continue Reading
-
News
31 Oct 2023
SEC sues SolarWinds, alleging serious security failures
SolarWinds and its CISO have been charged with fraud and internal control failures by the US authorities amid allegations of a series of cyber security failings leading up to the 2020 Sunburst attacks Continue Reading
-
Definition
30 Oct 2023
ISO 27002 (International Organization for Standardization 27002)
The ISO 27002 standard is a collection of information security management guidelines that are intended to help an organization implement, maintain and improve its information security management. Continue Reading
-
Opinion
30 Oct 2023
The implications of biased AI models on the financial services industry
The Bank of England has warned of the risk artificial intelligence models present in creating bias that could pose a threat to the UK’s financial services sector. How do those risks emerge and how they might be mitigated? Continue Reading
-
Feature
30 Oct 2023
Greek data watchdog to rule on AI systems in refugee camps
A forthcoming decision on the compliance of surveillance and security systems in Greek refugee camps could set a precedent for how AI and biometric systems are deployed for ‘migration management’ in Europe Continue Reading
-
Definition
27 Oct 2023
compliance officer
Compliance officers are employees tasked with ensuring a company follows its internal rules and best-practice policies while always complying with applicable external laws and government regulations. Continue Reading
-
News
27 Oct 2023
Domestic abuse charities surface fresh worries over NHS data sharing
With new NHS data access options coming into effect at the end of October, a group of campaigners including womens' charities and the BMA have warned that the revived GP-patient data sharing scheme risks putting vulnerable people at risk Continue Reading
-
News
27 Oct 2023
Germany: European Court opinion kicks questions over EncroChat back to national courts
Germany lawfully obtained data on German EncroChat users from France, but whether the evidence is legally admissible is a matter for national courts Continue Reading
-
News
26 Oct 2023
Sunak sets scene for upcoming AI Safety Summit
Prime minister Rishi Sunak has outlined how the UK will approach making AI safe, but experts say there is still too big a focus on catastrophic but speculative risks over real harms the technology is already causing Continue Reading
-
News
25 Oct 2023
UK Finance paints mixed picture of fraud as losses top £500m
UK losses to fraud in the first six months of the year topped £500m, but a slight decline in overall crime rates was observed, according to UK Finance’s latest data Continue Reading
-
News
24 Oct 2023
Research team tricks AI chatbots into writing usable malicious code
Researchers at the University of Sheffield have demonstrated that so-called Text-to-SQL systems can be tricked into writing malicious code for use in cyber attacks Continue Reading
-
Opinion
24 Oct 2023
The new data landscape: how will the new UK-US data bridge affect businesses?
With the UK-US data bridge coming into effect on 12 October 2023, find out what steps your organisation can take to take advantage of, and remain compliant with, the new framework Continue Reading
-
News
19 Oct 2023
Nuclear regulator raps EDF over cyber compliance
The Office for Nuclear Regulation says EDF has come up short on needed measures to improve cyber security standards at several critical UK nuclear facilities Continue Reading
-
News
19 Oct 2023
Sellafield local authority unsure if data was stolen six years on from North Korea ransomware attack
Senior managers at an ‘Achilles heel’ local authority for Europe’s biggest nuclear site ‘still don’t know what was lost’ in a 2017 cyber attack, according to a council source Continue Reading
-
Opinion
19 Oct 2023
DORA: Moving into a new era of digital resilience
The EU’s Digital Operational Resilience Act will come into force in just over a year, the majority of risk management professionals are only at the beginning of their planning journey. Kate Needham-Bennett of Fusion Risk Management explains how to get things moving Continue Reading
-
News
12 Oct 2023
Scottish biometrics watchdog outlines police cloud concerns
Police Scotland’s response to the biometrics commissioner’s formal information notice ‘did not ameliorate’ his concerns about the sovereignty and security of the sensitive biometric information being uploaded to cloud infrastructure that is subject to intrusive US surveillance laws Continue Reading
-
News
10 Oct 2023
MGM faces £100m loss from cyber attack on its casinos
MGM Resorts has provided further details on the fallout of the hack targeting its casinos in early September, confirming that a range of personal information has been stolen and that it will likely cost the firm around $100m Continue Reading
-
News
05 Oct 2023
Policing minister wants to use UK passport data in facial recognition
The policing minister’s plans to integrate the UK’s passport database with police facial-recognition systems have been met with criticism from campaigners, academics, and the biometrics commissioner for England and Wales Continue Reading
-
News
04 Oct 2023
Lloyds Bank launches digital identity app
Lloyds Bank has launched a digital identity app with tech startup Yoti, after it invested £10m in the firm Continue Reading
-
Feature
04 Oct 2023
Ransomware: All the ways you can protect storage and backup
We survey the key methods of ransomware protection, including immutable snapshots, anomaly detection, air-gapping, anomaly detection, and supplier monetary guarantees Continue Reading
-
News
03 Oct 2023
Cyber experts urge EU to rethink vulnerability disclosure plans
The European Union’s proposed cyber security vulnerability disclosure measures are well-intentioned but ultimately counterproductive, as making unmitigated vulnerabilities public knowledge increases the risk of their exploitation by various actors, experts claim Continue Reading
-
News
03 Oct 2023
CIISec scores DSIT funding to expand successful CyberEPQ scheme
DSIT has committed to enhanced funding to expand CIISec’s CyberEPQ education programme after recording excellent results to date Continue Reading
-
E-Zine
03 Oct 2023
Where next for quantum computing?
In this week’s Computer Weekly, we talk to the head of Amazon’s Braket quantum computing services about how the technology is progressing. We go behind the scenes at an ethical hacker event to find out how bug bounty programmes work. And we analyse the offerings of the major players in software-defined storage. Read the issue now. Continue Reading
-
Opinion
29 Sep 2023
The trust deficit in CNI: How to address a growing concern
When it comes to addressing the trust deficit in CNI, technological advancements, evolving threats, inadequate regulations, insufficient investment, public awareness, and international cooperation are all critical components that need attention Continue Reading
-
News
28 Sep 2023
Strasbourg court condemns Turkey for jailing teacher for using ByLock encrypted messaging app
The case is expected to have implications for the use of digital evidence in prosecutions against users of other encrypted phone apps Continue Reading
-
Opinion
28 Sep 2023
Security Think Tank: To encrypt or not to encrypt, that is the question
The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading
-
News
28 Sep 2023
Yahoo picks Intigriti to run crowdsourced bug bounty programme
Digital media brand Yahoo is setting up a crowdsourced bug bounty programme with ethical hacking specialist Intigriti, and is reaching out to the Capture the Flag community to participate Continue Reading
-
News
26 Sep 2023
Cover-ups still the norm in the wake of a cyber incident
Almost half of organisations that have experienced a cyber incident did not report it to the appropriate authorities, according to a report Continue Reading
-
E-Zine
26 Sep 2023
Preparing for post-quantum cryptography
In this week’s Computer Weekly, our latest buyer’s guide assesses the challenges for cryptography in the emerging era of quantum computing. Google Cloud experts explain how the internet giant is preparing its datacentres for a world of AI. And we examine the privacy, compliance and backup issues from generative AI. Read the issue now. Continue Reading
-
News
22 Sep 2023
UK-US data bridge to open to traffic on 12 October
Government forges ahead with the implementation of the UK-US data bridge, which will come into effect for real just under three weeks from now Continue Reading
-
Opinion
22 Sep 2023
Fear is the mind-killer: Governance key to safety in the cyber dunes
Whether you’re tasked with protecting your organisation against cyber threats or ravenous subterranean worms, getting the basics of governance and risk management right counts for a lot and choosing the right framework will remove a huge burden from security teams and executives Continue Reading
-
News
21 Sep 2023
Poor digital experience a blocker for cyber resilience
Organisations that neglect the digital employee experience are not only vulnerable to employee attrition, but putting themselves at increased cyber risk, an Ivanti report finds Continue Reading
-
News
20 Sep 2023
Parliament passes sweeping Online Safety Bill but tech companies still concerned over encryption
Ofcom will consult on standards to enforce new powers, but tech companies remain concerned about the impact of the bill’s ‘spy clause’, which could require them to scan encrypted messages Continue Reading
-
News
19 Sep 2023
Braverman puts pressure on Meta to pause end-to-end encryption plans
The home secretary is calling on Meta to halt its plans to introduce encrypted messaging services on Facebook and Instagram until the company puts measures in place to detect abuse Continue Reading
-
News
19 Sep 2023
New revelations from the Snowden archive surface
A decade after Snowden exposed NSA’s mass surveillance in cooperation with the British GCHQ, only about 1% of the documents have been published – but three major facts can finally be revealed thanks to a doctoral thesis in applied cryptography by Jacob Appelbaum Continue Reading
-
News
19 Sep 2023
Nominet and European counterparts link up on intelligence sharing
The new European TLD ISAC, a collaborative project between top-level domain providers across Europe, aims to enhance their collective security posture to better protect internet users Continue Reading
-
Feature
18 Sep 2023
APAC guide to identity and access management
The rise of identity-based attacks is fuelling investments in identity and access management (IAM) tools. We examine the key capabilities of IAM, discuss implementation best practices, and explore the future of this technology Continue Reading
-
Opinion
18 Sep 2023
Security Think Tank: A user’s guide to encryption
The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading
-
News
15 Sep 2023
TikTok fined €345m under GDPR for failing to protect children’s privacy
Data protection regulators warn social media companies to take all necessary measures to protect children’s privacy Continue Reading
-
News
15 Sep 2023
Las Vegas mainstay Caesars Palace likely paid off ransomware crew
Caesars Entertainment, owner of the lavish Roman Empire-themed Caesars Palace casino in Las Vegas, has revealed it also suffered a ransomware attack, and appears to have paid off its hackers Continue Reading
-
News
15 Sep 2023
Manchester police data breach a classic supply chain incident
The developing data breach at Greater Manchester Police follows a cyber attack on the systems of a key supplier of ID services to the force Continue Reading