IT governance

IT governance provides the core workflows and processes that help IT managers to oversee the successful functioning of the IT department, and to prove the value of IT to the business. Regulations and compliance are just as important as technological and management skills, and we highlight the best practice in IT governance and the example of successful IT leaders.

E-Zine 20 Jan 2023
CW APAC January 2023 – Trend Watch: CIO Trends

As we enter a new year, it remains vital for IT leaders to keep track of the latest developments across the industry. In this handbook, focused on CIO trends in the Asia-Pacific region, Computer Weekly looks at predictions for 2023, how the Australian Red Cross managed a donation surge, Mondelez’s digital transformation and Singapore’s public sector IT strategy Continue Reading
E-Zine 21 Nov 2022
CW APAC: Trend Watch: Artificial intelligence in APAC

Artificial intelligence is becoming more commonplace across business. In this handbook, focused on the adoption of the technology in the Asia-Pacific region, Computer Weekly looks at what still stands in its way, Dell’s deep learning model, how AI can realise its potential in healthcare, and the pros and cons of using AI and ML applications in the cloud. Continue Reading

News 06 Dec 2022

EU fails to protect human rights in surveillance tech transfers

Transfers of surveillance technology from the European Union to African governments are carried out without due regard for the human rights impacts, the European Ombudsman has found after a year-long investigation into the European Commission’s management of an aid fund Continue Reading
News 06 Dec 2022

Don’t become an unwitting tool in Russia’s cyber war

Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack? Continue Reading
News 05 Dec 2022

Fake investment ads persist on Meta’s social networks

Online adverts for investment scams relating to property and crypto assets are still getting past measures designed to stop them Continue Reading
News 05 Dec 2022

DCMS to assess UK semiconductor industry

The ongoing global chip crisis, geopolitician tension with China and deal-blocking are the backdrop to this latest assessment Continue Reading
News 05 Dec 2022

Cohesity doubles down on cyber-defence failings via backup

Datahawk service and Data Security Alliance bring clean data restores, ransomware artefact detection, data vaulting and data audit for a clearer understanding of attack impact Continue Reading
News 05 Dec 2022

French cyber consultancy Hackuity sets up UK operation

Risk-based vulnerability management company is to establish a UK base of operations in the hope of expanding its enterprise client base Continue Reading
News 02 Dec 2022

Post Office boosted its ‘coffers’ as Horizon system threw up unexplained shortfalls, inquiry told

The Post Office was ‘keen’ to make subpostmasters cover unexplained accounting shortfall as its business struggled, public inquiry hears Continue Reading
News 02 Dec 2022

Twitter ‘replacement’ Hive Social shuts off service in privacy alert

Hive Social, a recently established social media network, has temporarily closed its servers to address deep structural privacy issues identified by ethical hackers Continue Reading
News 01 Dec 2022

MI6 chief’s hacked emails attacked MI5 and betrayed British spy operations in China

Former UK spy boss Richard Dearlove leaked names of MI6 secret agent recruiters in China to back an aggressive right-wing US campaign against tech company Huawei. His emails were hacked and then leaked – probably by Russian intelligence Continue Reading
News 01 Dec 2022

LastPass probes new cyber incident related to August attack

The August 2022 cyber attack on LastPass seems to have begat another incident, according to company CEO Karim Toubba Continue Reading
News 30 Nov 2022

Microsoft 365 banned in German schools over privacy concerns

German schools cannot legally use Microsoft Office 365 over lack of clarity about how data is collected, shared and used, as well as the potential for unlawful transfer of European citizens’ personal data to the US Continue Reading
News 30 Nov 2022

South Staffs Water customer data leaked after ransomware attack

Personal data of water utility’s direct debit customers exposed on the dark web following a Clop ransomware attack Continue Reading
News 30 Nov 2022

NIS regulations to be extended to cover MSPs

The UK government is moving ahead with plans to update the Network and Information Systems regulations to bring outsourcers and MSPs into scope Continue Reading
News 30 Nov 2022

Parity AI talks about auditing recruitment algorithms for bias

Algorithmic auditing firm Parity speaks to Computer Weekly about the process of auditing artificial intelligence for bias, following its partnership with AI-powered recruitment platform Beamery Continue Reading
Opinion 30 Nov 2022

Think technology, process, human risk to manage ransomware

Effective ransomware handling boils down to three core areas – technology, process and human risk Continue Reading
Opinion 29 Nov 2022

Chartered status and aligned standards are crucial for the UK's cyber sector

As the UK moves closer to ushering in the world’s first chartered cyber professionals, the UK Cyber Security Council’s Simon Hepburn outlines the sector’s defining moment Continue Reading
News 29 Nov 2022

‘Legal but harmful’ clause dropped from Online Safety Bill

Online Safety Bill’s ‘legal but harmful’ provision will be dropped by the UK government in favour of public risk assessments, tools to help users control the content they consume, and new criminal offences around self-harm Continue Reading
News 25 Nov 2022

Data management, backup becoming the CISO's responsibility

More and more CISOs are taking on responsibility for wider data management strategies, and this trend looks set to grow next year Continue Reading
Feature 24 Nov 2022

Indefinite storage: What it is and why you might need it

Indefinite storage addresses the issue that archived data may need to be kept well beyond the lifespan of the technology it was written for Continue Reading
Opinion 24 Nov 2022

Your staff are the frontline in your ransomware fight

As part of a solid cyber defence plan, the CISO must make sure that the frontline within the organisation is prepared for an attack, says Theodore Wiggins of Airbus Protect Continue Reading
News 23 Nov 2022

UK police arrest 120 in largest-ever cyber fraud crackdown

The administrator and more than 100 users of the iSpoof.cc cyber fraud website have been arrested in a major counter-fraud operation led by the Metropolitan Police Continue Reading
News 23 Nov 2022

AI accountability held back by ‘audit-washing’ practices

Algorithmic auditing will be useless in holding artificial intelligence accountable until there are common standards, approaches and goals that scrutinise systems at each stage of development and deployment, says think-tank Continue Reading
News 23 Nov 2022

South Korea data adequacy pact brings £15m Brexit bonus

UK government finalises a data adequacy agreement with South Korea, saying it will unlock a post-Brexit business bonus of just under £15m Continue Reading
News 23 Nov 2022

Red team tool developer slams ‘irresponsible’ disclosure

UK security firm MDSec defends its Nighthawk command and control penetration testing framework after suggestions were made that it could be appropriated by threat actors Continue Reading
News 22 Nov 2022

Ducktail spins new tales to hijack Facebook Business accounts

The increasingly active Ducktail cyber crime operation is refining its operations, seeking new methods to compromise its victims’ Facebook Business accounts Continue Reading
News 22 Nov 2022

Killnet DDoS hacktivists target Royal Family and others

Russia-aligned hacktivists targeted multiple UK websites, including those of the Royal Family, in a new campaign of DDoS attacks Continue Reading
Feature 22 Nov 2022

Cloud storage: Key storage specifications

We look at the key specs in cloud storage, including availability – such as five nines – bandwidth, IOPS and latency, capacity and tiering functionality, egress charges and security Continue Reading
E-Zine 21 Nov 2022

CW APAC: Trend Watch: Artificial intelligence in APAC

Artificial intelligence is becoming more commonplace across business. In this handbook, focused on the adoption of the technology in the Asia-Pacific region, Computer Weekly looks at what still stands in its way, Dell’s deep learning model, how AI can realise its potential in healthcare, and the pros and cons of using AI and ML applications in the cloud. Continue Reading
News 21 Nov 2022

Bug Bounty Calculator helps organisations fine-tune their payouts

Newly launched comparison tool will supposedly help operators of vulnerability disclosure or bug bounty programmes to ensure their payments match market rates and expectations, and attract the right sort of attention Continue Reading
News 21 Nov 2022

NHS federated data platform must avoid repeating Care.data mistakes, says national data guardian

UK’s national data guardian agrees with the ambitions of the platform, but warns that the programme must avoid ‘common pitfalls around trust and transparency’ Continue Reading
News 21 Nov 2022

AI adopted without due consideration for workers, MPs told

MPs have been warned that the rapid roll-out of artificial intelligence in workplaces has changed UK enterprises’ management practices so much that current employment law is no longer fit for purpose Continue Reading
News 21 Nov 2022

NHS trust that deleted up to 90,000 emails cleared of deliberately concealing evidence

A tribunal found in a high-profile case brought by whistleblower Chris Day that an NHS trust had not deliberately concealed evidence when a director deleted up to 90,000 emails before he was due to testify Continue Reading
Feature 21 Nov 2022

Ransomware, storage and backup: Impacts, limits and capabilities

We look at the impact of ransomware on storage and backup, how storage and data protection can best be used to combat ransomware, and how they fit in the fight against it Continue Reading
News 18 Nov 2022

Is Elon Musk’s Twitter safe, and should you stop using it?

With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use Continue Reading
News 18 Nov 2022

New gold standard to protect good faith hackers

HackerOne’s new Gold Standard Safe Harbour statement will supposedly act as a guarantee for good faith hacking Continue Reading
News 18 Nov 2022

Post Office scandal inquiry’s expert IT witness ‘troubled’ by his findings

Controversial Post Office Horizon system lacked the integrity required to trust accounting data and contained ‘joke’ coding akin to an ‘overly engineered mousetrap’, inquiry told Continue Reading
News 18 Nov 2022

CyberPeace Institute helps NGOs improve their security resilience

Adrien Ogée of the CyberPeace Institute talks about his work supporting NGOs and humanitarian organisations, and how the security community at large can help protect the world’s most vulnerable people Continue Reading
News 17 Nov 2022

Brexit deregulation will make UK next Silicon Valley, vows Hunt

Chancellor vows to revolutionise how the IT industry is regulated to spur competition, investment and innovation in a technological ‘Big Bang’ Continue Reading
News 17 Nov 2022

Another Log4Shell warning after Iranian attack on US government

The breach of a US federal body by an Iranian threat actor exploiting the Adobe Log4j Log4Shell vulnerability has prompted a fresh flurry of patching Continue Reading
News 17 Nov 2022

NHS Digital confirms final settlement of £3.95m with HMRC following conclusion of IR35 investigation

The health service’s digital arm has paid HMRC £3.95m in unpaid tax to cover the cost of its IR35 compliance errors Continue Reading
Opinion 17 Nov 2022

Gartner: Three key tasks needed to decommission applications

A guide to slimming down a full portfolio of applications that are expensive to maintain and difficult to adapt to business needs Continue Reading
News 16 Nov 2022

Global network fragmentation a source of increasing risk

Risk consultancy’s report says the weaponisation of cyber space and geopolitical clashes herald a breakdown of global networks into distinct regional or national architectures Continue Reading
Opinion 16 Nov 2022

Security Think Tank: Ransomware defences: An extended to-do list

Strategies to extend ransomware protection beyond backups and intrusion detection must centre dark web monitoring, among other things Continue Reading
News 15 Nov 2022

APP fraud volumes expected to double by 2026, says report

Losses to authorised push payment fraud in the UK are expected to climb to over $1.5bn in the next four years. Meanwhile, the NAO accuses the Home Office of lagging on progress to tackle the issue Continue Reading
News 15 Nov 2022

Met Police removes nearly two-thirds of people from gangs matrix

Legal action by human rights group Liberty forces Met Police to overhaul its gangs violence matrix database Continue Reading
News 14 Nov 2022

Sadiq Khan launches Data for London Advisory Board

Board will look at how to join up and share data between public and private London organisations in an effort to build a stronger data economy and improve public services Continue Reading
Opinion 14 Nov 2022

Security Think Tank: Let’s be transparent about ransomware

Greater transparency regarding ransomware attacks, including details about attack methods used and what kinds of assets were compromised, would likely help the community prevent future attacks Continue Reading
Feature 14 Nov 2022

How to prepare for ransomware

What are the best practices you should use to protect against ransomware attacks and manage such attacks when they do happen? Continue Reading
Opinion 11 Nov 2022

Cyber insurance: The good, the bad and the ugly

Most cyber insurance contracts are innately flawed because they exclude losses arising from state-backed cyber attacks, and this will make proper attribution even more important in the future, says Cisco Talos’ Martin Lee Continue Reading
News 11 Nov 2022

Volume of self-reported breaches to ICO jumps 30%

The number of self-reported breaches to the UK’s Information Commissioner’s Office soared by nearly 30% in the 12 months to 30 June 2022 Continue Reading
News 11 Nov 2022

MoD recruits Immersive Labs to bolster cyber resilience

UK’s Ministry of Defence will run cyber drills and address its security talent gap with Immersive Labs’ CyberPro, Cyber Crisis Simulator and Application Security products Continue Reading
Opinion 11 Nov 2022

Security Think Tank: To stop ransomware, preparation is the best medicine

You can’t ‘stop’ ransomware, but you can do a lot to keep yourself from becoming ensnared when it strikes Continue Reading
News 10 Nov 2022

Scrutinising AI requires holistic, end-to-end system audits

Understanding the full impacts of artificial intelligence requires organisations to conduct end-to-end social and technical audits of their systems, but the process comes with a number of challenges Continue Reading
News 10 Nov 2022

Cyber criminals have World Cup Qatar 2022 in their sights

Volumes of malicious cyber activity around the upcoming FIFA World Cup are already starting to tick upwards and are likely to continue to do so Continue Reading
Opinion 10 Nov 2022

All means all when it comes to encryption

Nigel Thorpe, technical director at SecureAge, makes the case for encrypting everything all of the time when it comes to protecting data Continue Reading
News 09 Nov 2022

UK’s National Cyber Advisory Board convenes for first time

Government convenes National Cyber Advisory Board to further its goals of making the UK one of the safest places to live and work online Continue Reading
News 09 Nov 2022

Microsoft serves smorgasbord of six zero-days

November’s Patch Tuesday fixes significantly fewer vulnerabilities of late, but includes six actively-exploited zero-days, three of them of critical severity Continue Reading
News 09 Nov 2022

Fujitsu expert witness in subpostmaster trial ‘manoeuvred’ into role, public inquiry told

A former Fujitsu technology expert who defended the Horizon system’s robustness in court was unhappy after being ‘manoeuvred’ into acting as an expert witness, public inquiry hears Continue Reading
Opinion 09 Nov 2022

Security Think Tank: Anti-ransomware strategies should be as easy as ABC

When developing and implementing ransomware protection strategies, the importance of paying thorough attention to security measures you might consider elementary cannot be understated Continue Reading
News 08 Nov 2022

Six subpostmaster convictions referred for appeal in Scotland

Six former subpostmasters in Scotland will have appeals against criminal convictions heard after being referred by Scotland’s Criminal Cases Review Commission Continue Reading
07 Nov 2022

US president ramps up China chip sanctions

War of words between China and US has ramifications across the tech sector. Continue Reading
News 07 Nov 2022

Public sector IT projects need ethical data practices from start

Data ethics needs to be integrated into public sector IT projects from the very start, and considered throughout every stage of the process, to be effective Continue Reading
News 07 Nov 2022

Department for Education escapes £10m fine over data misuse

Department entrusted data on 28 million children to a company called Trustopia, which turned out to be anything but trustworthy, but has escaped a £10m fine under new rules Continue Reading
Opinion 07 Nov 2022

To fight ransomware, we must treat digital infrastructure as critical

Ransomware defence is failing because we don’t view our digital infrastructure in the same way as our physical infrastructure, argues Elastic’s Mandy Andress Continue Reading
News 04 Nov 2022

Microsoft: Nation-state cyber attacks became increasingly destructive in 2022

The willingness of nation-state actors to conduct destructive cyber attacks is a source of grave concern, as Microsoft’s latest annual Digital Defence Report lays bare Continue Reading
Opinion 04 Nov 2022

Security Think Tank: Ransomware and CISOs’ balancing act

Ransomware has the potential to cause irreversible business damage, so CISOs should consider not only protection but also response and recovery Continue Reading
News 03 Nov 2022

Confirmation bias led Post Office to prosecute subpostmasters without investigation, inquiry told

Former Post Office tech leader tells public inquiry that confirmation bias led to hundreds of subpostmasters being prosecuted for financial crimes without proper investigation Continue Reading
News 03 Nov 2022

Automated threats biggest source of cyber risk for retailers

Threat actors targeting retailers during the coming holiday season are increasingly turning to automated forms of cyber attack, according to a report Continue Reading
News 03 Nov 2022

Global coalition reaffirms commitment to fight ransomware

Representatives of 36 countries, as well as the EU, attended the second International Counter Ransomware Initiative Summit in Washington DC Continue Reading
News 02 Nov 2022

Shadow digital secretary outlines Labour’s tech priorities

Labour’s digital and technology plans focus on reining in the power of the tech giants, boosting connectivity across the UK, and improving online safety Continue Reading
News 02 Nov 2022

Dropbox code compromised in phishing attack

Cloud storage service says malicious actors successfully accessed some of its code within GitHub, but insists customer data is secure Continue Reading
News 02 Nov 2022

UK spent £6.4m on secret cyber package for Ukraine

Westminster has revealed for the first time the existence of a previously top-secret security programme that has been helping Ukraine fend off Russian cyber attacks Continue Reading
Opinion 02 Nov 2022

Security Think Tank: Know your networks, know your suppliers

To combat the ransomware scourge, we must work harder to monitor and learn from the increasingly complex threat environment, keep a closer eye on supply chains, and share our insights Continue Reading
News 01 Nov 2022

A third of UK cyber leaders want to quit, report says

Nearly a third of UK security leaders are considering leaving their current role, and more than half are struggling to keep on top of their workload Continue Reading
News 01 Nov 2022

NCSC looks back on year of ‘profound change’ for cyber

The NCSC ramped up its support for UK plc in the past 12 months, but it was events beyond the UK’s borders that proved the most impactful Continue Reading
Opinion 31 Oct 2022

How to build consumer trust with a privacy-by-design approach

Undertaken with the right mindset and technology, privacy by design delivers value to consumers and builds trust for the long term Continue Reading
Opinion 31 Oct 2022

The risk of losing our EU data adequacy agreement is real

While some may welcome the government’s ambition to shake up the UK’s data protection regime, Westminster should be wary of drifting too far from the path charted by our US and European partners Continue Reading
Feature 31 Oct 2022

AI experts question tech industry’s ethical commitments

The massive proliferation of ethical frameworks for artificial intelligence has done little to change how the technology is developed and deployed, with experts questioning the tech industry’s commitment to making it a positive social force Continue Reading
News 31 Oct 2022

Prepare today for potentially high-impact OpenSSL bug

OpenSSL trailed a critical vulnerability patch last week, which will be only the second such flaw ever found in the open source encryption project. Unfortunately, the first was Heartbleed Continue Reading
Opinion 31 Oct 2022

Security Think Tank: Container security: why so different?

Done well, container security can be a model for securing the enterprise, and businesses that focus their teams on solving it can help accelerate positive change in other areas Continue Reading
Feature 31 Oct 2022

The tech helping organisations manage their finances

With a worsening economic climate, software has an important role in helping finance departments control budgets and spending Continue Reading
News 28 Oct 2022

Post Office warned of Horizon software-induced ‘tragedy’ in 1999

Problems experienced during live trials of the Post Office Horizon system predicted the ‘tragedy’ that unfolded Continue Reading
Opinion 28 Oct 2022

How has container security changed since 2020, and have we taken it too far?

While containers are now one of the most popular ways to deploy applications, it is fair to say that the adoption and implementation of security best practice to govern their use has not kept up Continue Reading
News 27 Oct 2022

Government ups cyber support for elderly, vulnerable web users

DCMS announces a funding boost to help the elderly, disabled and other vulnerable groups stay safe online and avoid being misled by disinformation Continue Reading
Feature 27 Oct 2022

Will the OCSF create an open and collaborative cyber industry?

The Open Cybersecurity Schema Framework promises to transform security data analysis and collection, but there are challenges around adoption Continue Reading
News 27 Oct 2022

NHS to get new national CISO

The Department for Health and Social Care is seeking a new national CISO, who will be tasked with providing strategic cyber leadership, direction and expertise across DHSC and the wider NHS Continue Reading
News 27 Oct 2022

LinkedIn adds new features to safeguard user privacy, security

Social media platform is adding a number of features and systems designed to protect legitimate users from inauthentic profiles and activity Continue Reading
News 27 Oct 2022

Santander calls for cooperation to tackle APP fraud

New report puts forward key recommendations that the banking sector, government and other industries could take to tackle authorised push payment fraud Continue Reading
News 26 Oct 2022

ICO warns against using biometrics for ‘emotional analysis’

ICO warning highlights risk of ‘systemic bias’ and discrimination associated with organisations using biometric data and technologies for emotion analysis Continue Reading
Opinion 26 Oct 2022

The Conservatives are laughing at cyber security pros

If causing a security breach is a resigning matter, then you shouldn’t expect to get your old job back a week later. Unless you’re a Conservative home secretary, apparently Continue Reading
News 25 Oct 2022

One in five tech workers subject to workplace surveillance

Digital surveillance is now a common feature of the UK’s post-pandemic economy, says Prospect Union, adding to growing calls for workers to be given a greater say over how technologies are deployed in the workplace Continue Reading
News 25 Oct 2022

US authorities charge two Chinese spies over telco security probe

Two Chinese nationals have been charged with attempting to obstruct the criminal prosecution of a prominent Chinese telecoms firm Continue Reading
News 25 Oct 2022

Germany: European Court of Justice asked to rule on legality of hacked EncroChat phone evidence

Berlin’s Regional Court has asked the European Court of Justice to answer questions about whether the use of hacked EncroChat phone evidence complies with European law Continue Reading
News 25 Oct 2022

Digital-first businesses more willing to accept some fraud

Companies founded in the past 20 years appear more willing to accept higher levels of fraudulent activity during the customer onboarding process, according to a report Continue Reading
News 24 Oct 2022

Complacency biggest cyber risk to UK plc, says ICO

Information commissioner John Edwards warns against complacency as his office issues a multimillion-pound fine to a building company that failed to prevent a ransomware attack Continue Reading
Feature 24 Oct 2022

Improving finance and accounting software with AI

Artificial intelligence algorithms and datasets have potential value across many areas in finance and accounting, but usage isn’t yet widespread Continue Reading
Feature 20 Oct 2022

What do the US’s new software security rules mean for UK organisations?

The White House announced recently that all software supplied to the US government and its agencies needs to be secure, so what does this mean for the UK and EU security sectors? Continue Reading
News 20 Oct 2022

The Security Interviews: Why now for ZTNA 2.0?

With organisations facing escalating online threats, security teams need to improve their defences using zero-trust network access to preserve the integrity of their systems. Palo Alto Networks’ Simon Crocker shares his views on zero-trust network access Continue Reading
News 20 Oct 2022

Parliamentary committee launches inquiry into AI governance

MPs will examine the impacts of artificial intelligence throughout the UK economy and how governance of the technology can be improved ahead of the government publishing its formal regulatory proposals Continue Reading
News 19 Oct 2022

Ransomware crews regrouping as LockBit rise continues

Overall ransomware activity dropped off in the third quarter of 2022, but increasing attack volumes in September may herald a difficult few months ahead Continue Reading