IT governance

IT governance provides the core workflows and processes that help IT managers to oversee the successful functioning of the IT department, and to prove the value of IT to the business. Regulations and compliance are just as important as technological and management skills, and we highlight the best practice in IT governance and the example of successful IT leaders.

E-Zine 20 Jan 2023
CW APAC January 2023 – Trend Watch: CIO Trends

As we enter a new year, it remains vital for IT leaders to keep track of the latest developments across the industry. In this handbook, focused on CIO trends in the Asia-Pacific region, Computer Weekly looks at predictions for 2023, how the Australian Red Cross managed a donation surge, Mondelez’s digital transformation and Singapore’s public sector IT strategy Continue Reading
E-Zine 21 Nov 2022
CW APAC: Trend Watch: Artificial intelligence in APAC

Artificial intelligence is becoming more commonplace across business. In this handbook, focused on the adoption of the technology in the Asia-Pacific region, Computer Weekly looks at what still stands in its way, Dell’s deep learning model, how AI can realise its potential in healthcare, and the pros and cons of using AI and ML applications in the cloud. Continue Reading

News 08 Jun 2022

ProxyLogon, ProxyShell may have driven increase in dwell times

The median network intruder dwell time was up 36% to 15 days last year, thanks to massive exploitation of the ProxyLogon and ProxyShell vulnerabilities by IABs, according to new Sophos data Continue Reading
News 07 Jun 2022

Software house Mega achieves holistic SaaS security with Synopsys

Mega International, a supplier of IT management software, turned to Synopsys’s Coverity and Black Duck products to reassure both itself and its customers that its software-as-a-service offerings were built to the best possible security standards Continue Reading
Opinion 01 Jun 2022

What does the EU’s NIS 2 cyber directive cover?

We run the rule over the European Union’s updated NIS2 security directive Continue Reading
Opinion 31 May 2022

The importance of making information security more accessible

Robin Smith, CSO of Aston Martin Lagonda, talks about how an accessible approach to cyber is helping him to keep the organisation secure Continue Reading
Feature 31 May 2022

Attack of the clones: the rise of identity theft on social media

The proliferation of social media has resulted in the rise of identity theft on these platforms, with accounts copied for fraudulent or malicious purposes. What can be done to mitigate it? Continue Reading
Opinion 31 May 2022

How cryptocurrency is bringing humanitarian value to Ukraine

Web3 technology has great significance as a form of charitable giving, and in providing permanent records for the government Continue Reading
Opinion 30 May 2022

Log4Shell: How friendly hackers rose to the challenge

HackerOne CISO Chris Evans looks back at how the security community successfully rose to the challenge of Log4Shell, and saved end-user organisations millions Continue Reading
Opinion 30 May 2022

Strong internal foundations are key to withstanding external threats

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
Opinion 27 May 2022

Consistency is key to mitigate outsourcing risk

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
News 26 May 2022

Consultation launched on datacentre, cloud security

The government is seeking views on how to boost the security and resilience of the UK’s datacentres and online cloud platforms Continue Reading
Opinion 26 May 2022

Security Think Tank: Core security processes must adapt in a complex landscape

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
News 26 May 2022

Two-thirds of UK organisations defrauded since start of pandemic

Nearly two out of three UK companies say they have experienced some form of fraud or economic crime in the past two years, according to a report Continue Reading
News 26 May 2022

Most CFOs being left out of ransomware conversations

Barely a tenth of CFOs are actively involved in planning for cyber attacks, according to a report Continue Reading
News 24 May 2022

ICO orders facial recognition firm Clearview AI to delete all data about UK residents

UK data watchdog fines facial recognition company Clearview AI £7.5m for multiple privacy breaches. The firm, which offers services to law enforcement, faces growing pressure from regulators and legal action around the world Continue Reading
News 24 May 2022

Ransomware volumes grew faster than ever in 2021

Verizon’s annual DBIR assessment of the security landscape highlights an unprecedented boom in ransomware volumes, to the surprise of nobody Continue Reading
News 23 May 2022

Did the Conti ransomware crew orchestrate its own demise?

Analysts examining the shutdown of the Conti ransomware syndicate suggest the cyber crime collective orchestrated its own demise Continue Reading
Opinion 23 May 2022

Security Think Tank: Understanding attack paths is a question of training

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
News 20 May 2022

Applying international law to cyber will be a tall order

Many in the security community have voiced their support for the UK government’s ambitions to work towards agreement with other countries on the application of international law to cyber space, but not without some reservations Continue Reading
News 20 May 2022

Third of organisations to outsource more IT amid talent shortage

Cutting costs is not the main reason for outsourcing IT in the UK, according to a major study Continue Reading
News 20 May 2022

Microsoft drops emergency patch after Patch Tuesday screw up

Microsoft fixed a certificate mapping issue that caused server authentication failures on domain controllers for users that had installed the most recent Patch Tuesday updates Continue Reading
News 19 May 2022

Defensive cyber attacks may be justified, says attorney general

Speaking ahead of a speech at the Chatham House think tank, the UK’s attorney general has suggested defensive cyber attacks against hostile countries may be legally justifiable Continue Reading
News 19 May 2022

Deliveroo accused of ‘soft union busting’ with GMB deal

Smaller grassroots unions have criticised Deliveroo and GMB for making a “hollow” deal that will ultimately undermine workers’ self-organising efforts Continue Reading
News 19 May 2022

Red teaming will be standard in Dutch governmental organisations by 2025

The Dutch government wants to include the testing of the digital security of systems, processes and people – also known as red teaming – in all of its governmental organisations’ test planning and budgeting by 2025 at the latest Continue Reading
Opinion 19 May 2022

Security Think Tank: Yes, zero trust can help you understand attack paths

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
Opinion 18 May 2022

Security Think Tank: To follow a path, you need a good map

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
News 16 May 2022

Gartner Data & Analytics Summit: Unleash innovation on emergence from pandemic

Analysts at the Gartner Data & Analytics Summit in London urged D&A leaders to unleash innovation as their organisations emerge from the shadow of the pandemic Continue Reading
News 13 May 2022

Pro-competition data sharing will not include users’ personal info, says minister

UK government proposals to improve competition in digital markets by making tech giants share data with smaller firms will not include consumers’ personal information, says digital minister Continue Reading
News 12 May 2022

GPDPR data scrape a ‘mistake’, says leading scientist

Giving evidence to the Science and Technology Committee, academic, physician and science writer Ben Goldacre has expressed serious misgivings about the on-hold GPDPR NHS data scrape Continue Reading
Feature 12 May 2022

The limits and risks of backup as ransomware protection

Backups can provide a sound means of recovery from ransomware infection, but they are not 100% certain to foil attackers. We look at the limits and risks of depending on backups Continue Reading
Opinion 12 May 2022

Security Think Tank: Your path to understanding attack paths

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
News 11 May 2022

CyberUK 22: Five Eyes focuses on MSP security

The western intelligence community has set out practical steps IT service providers and their customers can take to protect themselves Continue Reading
News 11 May 2022

Data Reform Bill announced in Queen’s Speech

Government claims proposals to reform the UK’s data protection regime will create a framework ‘focused on privacy outcomes rather than box-ticking’ Continue Reading
News 11 May 2022

Analysts confirm return of REvil ransomware gang

Secureworks CTU analysis has found that the REvil ransomware is undergoing active development, possibly heralding a new campaign of cyber attacks Continue Reading
News 11 May 2022

Microsoft fixes three zero-days on May Patch Tuesday

It’s the second-to-last Patch Tuesday as we know it, and Microsoft has fixed a total of 75 bugs, including three zero-days Continue Reading
News 10 May 2022

CyberUK 22: Cyber leaders affirm UK’s whole-of-society strategy

On the opening day of CyberUK 2022, GCHQ director Jeremy Fleming and NCSC CEO Lindy Cameron have spoken of their commitment to the government’s ambition for a whole-of-society cyber strategy Continue Reading
News 10 May 2022

Post Office scandal inquiry chair brings forward urgent compensation hearings

The chair of the Post Office Horizon scandal inquiry has brought forward hearings about compensation as victims warn that at this rate “people will die” before they get anything Continue Reading
News 10 May 2022

CyberUK 22: NCSC refreshes cloud security guidance

The National Cyber Security Centre is revising its cloud guidance as increasing uptake of potentially vulnerable cloud services puts more organisations at risk of compromise Continue Reading
News 06 May 2022

UK digital markets regulator to be given statutory powers

Digital Markets Unit will be put on statutory footing by UK government to ensure technology giants do not abuse market power, but announcement comes with no clear indication of when legislation will be introduced Continue Reading
Feature 05 May 2022

Disaster recovery is an essential service for EDF with Phenix-IT

EDF has built disaster recovery tracking, planning and testing software on a six-month upgrade cycle based on governance, risk and compliance functionality in Mega’s Hopex platform Continue Reading
Opinion 05 May 2022

Security Think Tank: Identify, assess and monitor to understand attack paths

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
Opinion 04 May 2022

Security Think Tank: Defenders must get out ahead of complexity

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to better understand these attack pathways to fight back Continue Reading
Opinion 03 May 2022

Security Think Tank: Solving for complexity in the network

The modern-day abundance of IT platforms, apps and tools gives the bad guys ample opportunity to move rapidly through the network to hit critical assets. Security teams must understand these attack pathways better in order to fight back Continue Reading
News 03 May 2022

Post Office scandal CEO could be stripped of CBE

Honours Forfeiture Committee to review Paula Vennells’ CBE in the light of Post Office scandal Continue Reading
Podcast 29 Apr 2022

Podcast: War, geo-political risk, data storage and compliance

We talk to Mathieu Gorge, CEO of Vigitrust, about impacts on compliance and data storage from instability in geo-political events, such as the Russian invasion of Ukraine Continue Reading
News 28 Apr 2022

Ransomware recovery costs dwarf actual ransoms

The cost of recovering from a ransomware attack far outweighs the ransoms now being demanded by cyber criminals, according to recent data Continue Reading
News 28 Apr 2022

UK regulators seek input on algorithmic processing and auditing

Digital Regulation Cooperation Forum is inviting views on how the four UK watchdogs involved should approach regulating algorithms, following its publication of discussion papers and a 2022 workplan Continue Reading
News 28 Apr 2022

Russia plumbs new depths in cyber war on Ukraine

Microsoft details cyber attacks on Ukrainian civilian communications, nuclear safety authorities, and the exploitation of the destruction of Mariupol in a phishing campaign Continue Reading
News 27 Apr 2022

Russia-supporting cyber crime gang claims Coca-Cola as victim

Stormous cyber crime collective claims to have stolen 161GB of data from Coca-Cola, and says it plans to sell it off Continue Reading
News 27 Apr 2022

Ransomware victims paying out when they don’t need to

Sophos’s annual State of Ransomware report shows dramatic increases in the impact of ransomware attacks, but also finds many organisations are paying ransoms when they don’t need to Continue Reading
News 27 Apr 2022

Government digital ignorance puts Dutch economy at risk

In this interview, Michiel Steltman, managing director of Digital Infrastructure Netherlands, tells Computer Weekly why the Dutch digital economy is at risk due to a lack of knowledge and understanding at government level Continue Reading
News 27 Apr 2022

Police question former Fujitsu worker again in Post Office scandal perjury investigation

Police have interviewed a former Fujitsu employee for the third time in the investigation into potential perjury during trials of wrongfully convicted subpostmasters Continue Reading
News 26 Apr 2022

Odense Robotics helps develop key export for Denmark

Robotics seen as a future export sector for Denmark as investment startups build their skills in public sector projects Continue Reading
News 25 Apr 2022

Government appoints head of technology transfer unit

Government announces a CEO to lead its initiatives around commercialising its knowledge assets Continue Reading
News 22 Apr 2022

EU lawmakers propose limited ban on predictive policing systems

MEPs’ joint report on European Artificial Intelligence Act sets out limited ban on predictive policing systems alongside a raft of further amendments to improve redress mechanisms and extend the list of AI systems deemed high-risk Continue Reading
News 22 Apr 2022

What’s up with Conti and REvil, and should we be worrying?

New intelligence on some of the world’s most prolific ransomware gangs suggests recent disruption to their activities was like water off a duck’s back Continue Reading
News 22 Apr 2022

UAE bolsters cyber security

The United Arab Emirates has successfully improved its security posture amid mounting cyber threats Continue Reading
News 21 Apr 2022

Zoom adds new round of cyber security enhancements

Videoconferencing platform Zoom adds multiple third-party security certifications and service enhancements Continue Reading
News 21 Apr 2022

Five Eyes in new Russia cyber warning

Latest cross-body alert warns of Russian threat to utilities and other core elements of national infrastructure Continue Reading
News 21 Apr 2022

Impact of Lapsus$ attack on Okta less than feared

Okta’s investigation into Lapsus$ breach of its systems via a Sitel workstation has concluded that the impact was significantly less than the maximum potential Continue Reading
News 20 Apr 2022

Bots could help businesses polish up their green credentials

Metrics are a key aspect of a sound sustainability strategy and Oracle believes automation can help businesses achieve their environmental goals Continue Reading
News 20 Apr 2022

Home secretary Priti Patel to decide whether to extradite Assange

Home secretary will decide in four weeks whether to approve Julian Assange’s extradition to the US, where he faces espionage and hacking charges Continue Reading
News 19 Apr 2022

Softbank and UnaBiz team up on internet of robotic things

Japan’s Softbank Robotics and Singapore-based UnaBiz are bringing IoT and robotics technology together to improve facilities management, among other applications Continue Reading
Feature 14 Apr 2022

Refugee support group works with tech startup on reporting system

Computer Weekly speaks to a refugee support group about its ongoing collaboration with an academic tech startup to develop a digital human rights reporting system for refugees Continue Reading
Feature 14 Apr 2022

How algorithmic automation could manage workers ethically

Managing workers by algorithm and automated process has generated ethical problems aplenty. Can such means be pressed into the service for a more ethical mode of worker management? We find out Continue Reading
News 14 Apr 2022

Government agrees bulk surveillance powers fail to protect journalists and sources

Campaign group Liberty to launch legal appeal that will call for journalists to receive stronger legal protections from state surveillance Continue Reading
News 13 Apr 2022

WatchGuard firewall users urged to patch Cyclops Blink vulnerability

The US authorities have seen fit to add the WatchGuard vulnerability used by Sandworm to build the Cyclops Blink botnet to its list of must-patch vulnerabilities Continue Reading
News 13 Apr 2022

Microsoft patches two zero-days, 10 critical bugs

Patch Tuesday is here once again. This month, security teams must fix two privilege escalation zero-days in the Windows Common Log File System Driver and the Windows User Profile Service Continue Reading
News 13 Apr 2022

Criminals researched hacking TTPs post-breach in ‘messy’ cyber attack

Sophos shares details of a cyber attack that saw attackers hang out in their victim environment for five months while they prepared to sow further mischief Continue Reading
News 12 Apr 2022

AI researcher says police tech suppliers are hostile to transparency

Expert witness in Lords police tech inquiry welcomes committee’s findings but questions whether its recommendations on how to end the ‘Wild West’ of police artificial intelligence and algorithmic technologies in the UK would be implemented Continue Reading
News 11 Apr 2022

Border IT system fixed after 10-day outage

Post-Brexit border IT system failure fixed after going down at the start of April, allowing traders to once again file customs documents electronically rather than by hand Continue Reading
News 08 Apr 2022

EncroChat: France says ‘defence secrecy’ in police surveillance operations is constitutional

Constitutional court finds that invoking ‘defence secrecy’ to withhold information about the state hacking of EncroChat cryptophones is constitutional. Defence lawyers now head for the supreme court Continue Reading
Feature 06 Apr 2022

Snapshots best practice: Five key things you need to know

We look at snapshots best practice, including the way they work, why they are not the same as backups, how to avoid heavy processing overheads and key user permissions tweaks Continue Reading
News 05 Apr 2022

Structured decentralisation is the key to unlocking Nordic-level innovation

Finnish tech entrepreneurs will be taking the stage at the World Economic Forum to tell the world about the role of trust in Finnish startup success Continue Reading
News 05 Apr 2022

Saudi Arabian ICT sector hits $32.1bn after strong pandemic response

The Saudi Arabian IT and communications sector is recovering strongly from the Covid-19 pandemic Continue Reading
News 01 Apr 2022

Four moves to ‘checkmate’ critical assets thanks to lax cloud security

Malicious actors can compromise 94% of critical assets within four steps of the initial breach point, according to a report Continue Reading
News 31 Mar 2022

EU Act ‘must empower those affected by AI systems to take action’

Ada Lovelace Institute publishes recommendations on how European institutions can improve the Artificial Intelligence Act by establishing a ‘comprehensive remedies framework’ around those affected by the deployment of AI systems Continue Reading
News 31 Mar 2022

Global upheaval shows cyber security isn’t good enough, says GCHQ director

Generational global upheaval has laid bare significant gaps in national cyber strategies, GCHQ chief Jeremy Fleming has said in a speech Continue Reading
News 31 Mar 2022

Bank fraud prevention scheme blocked £60m in fraud last year

Scheme to catch fraudsters, including online scammers, before they commit their crimes has reported a significant increase in crimes prevented Continue Reading
News 30 Mar 2022

One-third of UK firms suffer a cyber attack every week

New statistics from the annual DCMS Cyber security breaches survey reveal the extent and frequency with which UK organisations are being attacked by malicious actors Continue Reading
Feature 30 Mar 2022

Recruitment risks: Avoiding the dangers of fraudulent candidates

Tech companies are seeing an increase in fraudulent job applications, with associated impacts on risk and cyber security. So how can organisations protect themselves from fraudulent applicants while ensuring they recruit the best talent? Continue Reading
News 29 Mar 2022

Overhaul of UK police tech needed to prevent abuse

Lords inquiry finds UK police are deploying artificial intelligence and algorithmic technologies without a thorough examination of their efficacy or outcomes, and are essentially ‘making it up as they go along’ Continue Reading
News 29 Mar 2022

NCSC: Not necessarily wise to ditch Kaspersky

UK’s National Cyber Security Centre issues refreshed guidance on organisations’ usage of technology and services of Russian origin, but stops short of advising users to expunge all Russian products from their IT estates Continue Reading
News 29 Mar 2022

Wave of Log4j-linked attacks targeting VMware Horizon

Sophos issues a new warning to organisations that have so far failed to patch their VMware Horizon servers against Log4Shell Continue Reading
News 29 Mar 2022

FCA reports 52% jump in security incidents

The Financial Conduct Authority received 116 cyber incident reports in 2021, a fifth of them involving ransomware Continue Reading
News 25 Mar 2022

European Commission proposes new cyber security regulations

New cyber and information security regulations have been proposed by the European Commission to create a minimum set of standards in both areas Continue Reading
News 24 Mar 2022

The Security Interviews: Red gets automated

We speak to Jack Stockdale, CTO of Darktrace, about Cambridge’s strong data analytics and artificial intelligence links and the role of AI in cyber security Continue Reading
Opinion 22 Mar 2022

Revised scope of UK security strategy reflects digitised society

The omission of the word ‘security’ from the title of the UK government’s new National Cyber Strategy is a telling one, reflecting our increasingly digitised society, say Maximillian Brook and Arunoshi Singh of the ISF Continue Reading
News 21 Mar 2022

Siloed data holding back coordinated health responses

Digital health experts discuss the role of data in coordinating the NHS’s pandemic response and how managing privacy and governance issues are key to further success Continue Reading
Opinion 21 Mar 2022

How 2022’s most significant data privacy trends affect your organisation

Data privacy and protection are now core responsibilities for most, but as we all know by now, compliance is a moving target. Here, expert Alan Calder looks ahead at what to expect in the coming months Continue Reading
Opinion 21 Mar 2022

UK Cyber Strategy a welcome injection of progress

The National Cyber Strategy should be seen as a welcome injection of both focus and investment in bettering cyber defence for everyone, says Turnkey Consulting senior consultant Louise Barber Continue Reading
News 18 Mar 2022

Electronic patient records key to NHS digital transformation

Getting EPR systems rolled out across NHS organisations will help boost digital transformation efforts, and are key to fulfilling government healthcare plans Continue Reading
Opinion 18 Mar 2022

National Cyber Strategy will enhance UK’s cyber power status

The UK punches above its weight when it comes to wielding cyber power around the world, but challenges to this status are clear. The National Cyber Strategy has a clear role to play in maintaining and enhancing this status, writes Paddy Francis of Airbus Cybersecurity Continue Reading
News 18 Mar 2022

Russian IT sector faces unprecedented crisis

The Russian IT sector faces a major crisis as IT professionals and businesses flee the country after its invasion of Ukraine Continue Reading
News 17 Mar 2022

Kaspersky CEO: Ukraine war must end through diplomacy

Eugene Kaspersky speaks out on the war in Ukraine, and rebuffs Germany’s BSI, branding its warnings over his company’s trustworthiness as insulting Continue Reading
News 17 Mar 2022

Online Safety Bill introduced in Parliament

The government has introduced its long-awaited Online Safety Bill in Parliament, alongside new criminal offences and sanctions for tech company execs Continue Reading
News 17 Mar 2022

Alarm raised over ‘trickster’ LokiLocker ransomware

The new LokiLocker ransomware is, like its namesake, adept at tricks and misdirection, say BlackBerry researchers Continue Reading
News 16 Mar 2022

German authorities warn on Kaspersky but stop short of ban

Germany authorities warn Kaspersky users to consider alternatives to the firm’s flagship antivirus software, citing national security concerns and the war on Ukraine Continue Reading
Opinion 15 Mar 2022

How cyber security teams can conquer the four-day working week

The four-day week may be an idea whose time has come, but for always-on cyber security professionals, the impact of squeezing more work into fewer days is a tricky proposition Continue Reading
Opinion 15 Mar 2022

Achieving agility, collaboration and data control in the cloud

Organisations have historically had to make a trade-off between the proven benefits of the cloud and maintaining full control of their data, but with the right strategy it is possible to have both Continue Reading
Feature 14 Mar 2022

How can I avoid an exodus of cyber talent linked to stress and burnout?

Cyber security professionals have played a crucial role during the pandemic, yet many feel like their employers aren’t providing adequate mental health support and have considered quitting their jobs as a result. What can employers do to help them? Continue Reading