IT risk management

Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.

News 26 Jan 2023
Zero-trust implementations remain work in progress

Just one in 10 large enterprises are expected to have mature and measurable zero-trust programmes in place by 2026, study finds Continue Reading
News 10 Jan 2023
New APT group targets ASEAN governments and militaries

The Dark Pink advanced persistent threat group used custom malware to exfiltrate data from high-profile targets through spear-phishing emails last year, according to Group-IB Continue Reading

News 01 Feb 2023

CryptoRom scam abuses Apple and Google app stores to claim victims

Sophos researchers report on two fake apps used by romance scammers to lure victims into parting with their money, both of which were able to escape the attention of Apple and Google app store safeguards Continue Reading
News 01 Feb 2023

UK Cyber Council and ISACA launch audit, assurance programme

The UK Cyber Security Council has teamed up with ISACA to partner on a new audit and assurance programme for security pros Continue Reading
Opinion 01 Feb 2023

Tips on improving cyber training for home workers

How better security training can help firms tackle new cyber threats facing remote workers Continue Reading
News 31 Jan 2023

Cyber training firm launches £20k data protection scholarship

Training specialist Freevacy has launched a £20,000 scholarship fund to train data privacy and protection professionals Continue Reading
News 31 Jan 2023

Russian DDoS hacktivists seen targeting western hospitals

A swathe of attacks by the Putin-supporting DDoS operation known as Killnet has targeted hospitals and other infrastructure in several Nato countries, with the UK thought to be at risk Continue Reading
News 31 Jan 2023

GitHub warns Desktop, Atom users after code-signing certificates pinched

Threat actors stole encrypted code-signing certificates for GitHub’s Desktop and Atom applications in December 2022, prompting warnings for users Continue Reading
News 31 Jan 2023

ATO renews major Macquarie deal

The contract renewal will enable the Australian Tax Office to tap Macquarie’s security operations centre, among other services, to secure its IT environment and protect sensitive data Continue Reading
News 26 Jan 2023

Zero-trust implementations remain work in progress

Just one in 10 large enterprises are expected to have mature and measurable zero-trust programmes in place by 2026, study finds Continue Reading
News 25 Jan 2023

Boards struggle to resolve cyber risk in digital supply chains

Accelerated digitisation of supply chains is introducing more cyber risk for which many organisations seem unprepared, according to the BSI’s annual report on supply chain risk Continue Reading
News 24 Jan 2023

Chinese IoT suppliers expose UK businesses to espionage and data theft

Chinese companies supplying network components, known as IoT modules, post a greater long-term threat to UK security than the now banned 5G supplier Huawei, according to a study by a Chinese expert and former diplomat Continue Reading
News 24 Jan 2023

UK insurers need to up their game on cyber gaps, says PRA

Gaps and limitations in how insurers respond to cyber risk need to be addressed, according to the Bank of England regulator, the Prudential Regulation Authority Continue Reading
Feature 24 Jan 2023

IT’s shift to the cloud: Veeam’s data protection report in detail

With half of servers in the cloud, most backup and nearly all disaster recovery cloud-centric, the shift to the cloud is significant – but container backup is one area that is yet to settle down Continue Reading
News 24 Jan 2023

SSRF attacks hit 100,000 businesses globally since November

There has been a dramatic increase in attacks exploiting the ProxyNotShell/OWASSRF exploit chains to target Microsoft Exchange servers Continue Reading
News 23 Jan 2023

Trellix automates patching for 62,000 vulnerable open source projects

Since revealing startling statistics about the prevalence of a 15-year-old Python vulnerability, Trellix says it has helped fix almost 62,000 vulnerable projects in the past four months Continue Reading
Opinion 23 Jan 2023

The rise of fraud in pop culture is impacting consumers’ digital trust

Shows such as The Tinder Swindler and Inventing Anna were big money-earners for Netflix in 2022, but Onfido’s Mike Tuchen says their popularity risks damaging consumer trust Continue Reading
News 23 Jan 2023

Royal Society calls on public sector to pilot privacy tech

The Royal Society says public sector bodies should lead the way in piloting privacy-enhancing technologies to unlock the value of data without compromising privacy and data rights, but lack of standards and incentives mean adoption is slow Continue Reading
News 23 Jan 2023

NCSC warning over cyber risk to charity sector

Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC Continue Reading
News 22 Jan 2023

Royal Mail making limited progress on ransomware recovery

Royal Mail asks customers to hold back from sending post overseas as some services get back on track, while a report warns that disruptive attacks on critical infrastructure are set to become more common Continue Reading
News 20 Jan 2023

Veeam survey finds ransomware blocks digital transformation

Annual report shows secular trend to the cloud and increased use of containers, but prevalence of ransomware attacks means digital transformation is hindered Continue Reading
News 20 Jan 2023

WhatsApp’s £4.8m fine raises questions for organisations using behavioural advertising

The Irish Data Protection Commissioner has fined WhatsApp, owned by Meta, in a case that will raise questions for organisations that rely on contracts rather than consent to comply with GDPR when offering behavioural advertising Continue Reading
News 19 Jan 2023

Outdated IT infrastructure poses growing risk to UK Security Vetting

Delays to UKSV’s important work in safeguarding the country’s national security are in part down to a legacy IT estate in dire need of modernisation, says the NAO Continue Reading
News 18 Jan 2023

Ukraine CERT leaders touch down in London for talks

The UK’s NCSC has been hosting Ukrainian cyber security leaders for a round of bilateral talks on improving resilience Continue Reading
News 18 Jan 2023

Ukraine cyber teams responded to more than 2,000 attacks in 2022

The Ukrainian authorities responded to more than 2,000 major cyber incidents during 2022, and are blocking thousands more potential attacks every day Continue Reading
News 17 Jan 2023

Crest throws support behind CyberUp CMA reform campaign

Cyber accreditation association Crest International has lent its support to the CyberUp campaign for reform to the Computer Misuse Act of 1990 Continue Reading
E-Zine 16 Jan 2023

CW EMEA: Protecting the privacy of schoolchildren

In this month’s CW EMEA, we look at how schools in Germany have stopped using Microsoft Office 365 over lack of clarity over how data is collected, shared and used. We also delve into how former UK spy boss Richard Dearlove leaked names of MI6 secret agent recruiters in China to back an aggressive right-wing US campaign against tech company Huawei. Read the issue now. Continue Reading
News 14 Jan 2023

Experts concerned over silence around government obligation to review UK surveillance laws

The government is required to review the UK’s surveillance law, the Investigatory Powers Act, but experts say they are in the dark about its plans. The National Crime Agency’s operation Venetic has highlighted the need for urgent reforms Continue Reading
News 12 Jan 2023

Companies warned to step up cyber security to become ‘insurable’

Investing in better IT security to protect against cyber crime will make businesses more resilient against other risks Continue Reading
News 12 Jan 2023

Chrome vulnerability could have led to widespread data theft

A dangerous vulnerability in Google Chrome and Chromium-based browsers could have put billions of users’ files at risk of being stolen Continue Reading
Opinion 12 Jan 2023

Europe’s cyber security strategy must be clear about open source

Europe’s cyber security policy on open source is lagging behind the US, and despite growing government awareness of the issues, that poses a problem Continue Reading
News 11 Jan 2023

Should we be worried about malicious use of AI language models?

WithSecure research into GPT-3 language models, used by the likes of ChatGPT, surfaces concerning findings about how easy it is to use large language models for malicious purposes. Should security teams be concerned? Continue Reading
News 11 Jan 2023

Internet shutdowns cost global economy $24bn in 2022

Deliberate disruption of people’s access to the internet by governments is having a substantial economic impact and contributing to a range of human rights abuses, primarily against protestors Continue Reading
News 11 Jan 2023

Davos 2023: Pervasive cyber crime and cyber security gaps pose severe risk to organisations

Governments and organisations face tough trade-offs as they balance immediate problems caused by economic recession, energy shortages and rising interest rates with longer-term risks, including the impact of global warming Continue Reading
News 11 Jan 2023

What’s happening with quantum-safe cryptography?

Chinese researchers claim quantum technology is reaching a point where a quantum device will soon be able to crack RSA 2048 public key encryption Continue Reading
News 10 Jan 2023

New APT group targets ASEAN governments and militaries

The Dark Pink advanced persistent threat group used custom malware to exfiltrate data from high-profile targets through spear-phishing emails last year, according to Group-IB Continue Reading
News 10 Jan 2023

Insurer Beazley introduces catastrophe bond to ease cyber risk

Insurance company Beazley says that its $45m cyber catastrophe bond will help to protect its balance sheet and enable it to offer more cyber insurance cover Continue Reading
News 08 Jan 2023

Vulnerable organisations to get free Cyber Essentials support

Charities and legal aid firms are among those to be offered free security checks and certifications from the National Cyber Security Centre Continue Reading
News 06 Jan 2023

Proposed digital fraud refund rules risk excluding many victims

Proposals to establish a fraud refund mechanism in the UK risk excluding many victims of digitally enabled fraud, a major bank has warned Continue Reading
News 06 Jan 2023

Russia’s Turla falls back on old malware C2 domains to avoid detection

Mandiant says it has observed the Russian APT UNC2410, also known as Turla, re-registering expired or sinkholed domains previously used by financially motivated cyber criminals Continue Reading
News 05 Jan 2023

Warning over ransomware attacks spreading via Fortinet kit

Following the disclosure of a critical vulnerability in October 2022, Fortinet VPN devices were exploited in two known ransomware attacks, with access likely sold on the dark web Continue Reading
News 05 Jan 2023

Cashless Denmark has no bank robberies in a year for first time

Denmark saw no bank robberies in a single year for the first time ever, but online fraud continues to increase Continue Reading
Feature 05 Jan 2023

Securing low Earth orbit represents the new space race

The barriers to launching satellites into low Earth orbit are falling fast, and that brings new cyber security challenges Continue Reading
News 02 Jan 2023

China and India governments among top targets for cyber attackers

Chinese and Indian governments targeted by hacktivists and ransomware groups out to make statement or expose flaws in their respective security postures Continue Reading
Feature 29 Dec 2022

Cyber security professionals share their biggest lessons of 2022

In the run-up to 2023, cyber security professionals are taking the time to reflect on the past few months and share their biggest lessons of 2022 Continue Reading
Opinion 29 Dec 2022

How does red teaming test the ultimate limits of cyber security?

An expert ethical hacker reveals how he goes about carrying out a red team exercise Continue Reading
Opinion 28 Dec 2022

Why the current fraud model is broken, and how to fix it

Scammers and fraudsters are catching up with the good guys; a new technological approach is needed to fight skyrocketing volumes of digital fraud, says Darwinium founder Alisdair Faulkner Continue Reading
News 28 Dec 2022

Complaints that NCA failed in duty of candour over EncroChat warrants ‘incredible’, court hears

NCA lawyers argue that a decision by an NCA intelligence officer to disclose notes of a key meeting after two-and-a-half years boosts her credibility as a witness Continue Reading
News 22 Dec 2022

Top 10 cyber security stories of 2022

The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides Continue Reading
News 22 Dec 2022

Top 10 crime, national security and law stories of 2022

Here are Computer Weekly’s top 10 crime, national security and law stories of 2022 Continue Reading
News 22 Dec 2022

Top 10 cyber crime stories of 2022

Cyber crime continued to hit the headlines in 2022, with impactful cyber attacks abounding, digitally enabled fraud ever more widespread and plenty of ransomware incidents Continue Reading
Feature 21 Dec 2022

A sticky story: How, and why, hackers love stickers on laptops

We’ve all seen laptops adorned with security stickers and in-jokes, but how did this cyber community trend get started, what does it signify, and what does it say about the humans behind the screens? Continue Reading
Opinion 21 Dec 2022

Post-Brexit cyber dynamics in the UK and Europe: diverging paradigms?

The UK faces a choice in terms of its ongoing cyber security relationship with the EU – to preserve its collaboration with the EU by adopting an aligned approach or to adopt a divergent approach Continue Reading
Opinion 19 Dec 2022

Security Think Tank: 2022 brought plenty of learning opportunities in cyber

At the end of another busy 12 months, Turnkey Consulting’s Andrew Morris sums up some of the most important takeaways for cyber pros Continue Reading
News 16 Dec 2022

Defence lawyers claim NCA witness gave unreliable evidence on EncroChat hacking operation

National Crime Agency argues that the lawfulness of surveillance warrants issued to hack the EncroChat phone network should only be considered in the light of facts and assessments known at the time Continue Reading
News 16 Dec 2022

UK unis implement new IP traffic policies to combat ransomware

Jisc will introduce new measures to protect UK universities and research institutions from ransomware attacks that exploit the Remote Desktop Protocol remote-access feature Continue Reading
News 15 Dec 2022

NCA officer questioned in Investigatory Powers Tribunal over failure to disclose EncroChat notes

EncroChat hacking warrant was unlawful and in breach of human rights law, the Investigatory Powers Tribunal hears Continue Reading
News 14 Dec 2022

Private health provider data could be shared with NHS England

Plans are advancing to create a single source of healthcare data in England combining both private providers and the NHS to avoid a repeat of the Ian Paterson scandal Continue Reading
News 14 Dec 2022

Advanced Azov data wiper likely to become active threat

Check Point deep dives into an emergent data wiper strain known as Azov, which is making waves with hundreds of new samples being submitted to VirusTotal daily Continue Reading
News 14 Dec 2022

NHS gets new guidance on public benefits of data sharing

NHS national data guardian Nicola Byrne has published new guidance on how health and social care bodies should approach the task of evaluating public benefit when using data for purposes beyond individual care Continue Reading
News 14 Dec 2022

Ethical hackers flex their muscles in 2022

Ethical hackers working through HackerOne programmes found 21% more vulnerabilities in 2022 than in 2021 Continue Reading
News 14 Dec 2022

Microsoft fixes two zero-days in final Patch Tuesday of 2022

December’s Patch Tuesday is typically a light month for Microsoft, and this year proved no exception, but there are still several critical issues worth addressing, and two zero-days for defenders to pore over Continue Reading
Opinion 14 Dec 2022

Security Think Tank: How much digital trust can you place on zero-trust?

The events of the past couple of years have highlighted many considerations that should be taken into consideration when pursuing a zero-trust strategy, says ISACA’s Steven Sim Kok Leong Continue Reading
News 13 Dec 2022

Crime Stoppers Tasmania debuts new reporting portal

Reporting tool will enable the public to share crime-related information with law enforcement agencies to support policing in Tasmania Continue Reading
News 13 Dec 2022

EU issues draft data adequacy decision in favour of US

The European Commission has concluded that the United States does ensure an adequate level of protection for personal data transferred from the European Union and will now launch the process towards the adoption of an adequacy decision Continue Reading
News 13 Dec 2022

The nature of the CISO role will be in flux in 2023

As cyber risk outpaces organisational defences, and cyber attacks and breaches cause more and more damage, the nature of the CISO role is entering a state of flux, according to a report Continue Reading
News 13 Dec 2022

Finnish government launches information security voucher scheme

Finland’s government is offering businesses financial support to help them improve their cyber security Continue Reading
News 13 Dec 2022

More Uber data exposed in possible supply chain attack

A second incident affecting ride-sharing app Uber appears to have originated through a third party in a supply chain attack Continue Reading
News 12 Dec 2022

Top IT predictions in APAC in 2023

Robotics, cross-cloud data mobility and cyber insurance are some of the key trends that will shape Asia-Pacific’s technology landscape in 2023 Continue Reading
Opinion 12 Dec 2022

Security Think Tank: Embrace prioritisation, people, imperfections

Security and IT professionals should try to make peace with their imperfections in 2023, says Nominet CISO Paul Lewis Continue Reading
News 11 Dec 2022

How Zscaler is cracking APAC’s cloud security market

Zscaler’s head in Asia-Pacific and Japan talks up the company’s growth momentum in the region and what it is doing to address areas where it can do better Continue Reading
Opinion 09 Dec 2022

Security Think Tank: 2022 changed how we thought about resilience

Increasing cyber resilience is at the heart of the people-processes-technology triangle, and 2022 saw shifts in all three of these aspects, says PA Consulting’s Sharon Shochat Continue Reading
E-Zine 08 Dec 2022

CW Europe: Finland prepares for drone technology take-off

Finland is preparing for a future where it could rely on flying drone technology. Read about its plans in this issue. Also find out how a PhD student in the Netherlands is helping to detect hidden messages on the internet by using steganography. Continue Reading
News 08 Dec 2022

Australia to develop new cyber security strategy

New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals Continue Reading
News 07 Dec 2022

Rackspace email outage confirmed as ransomware attack

An ongoing outage affecting Rackspace email customers is the result of a ransomware attack Continue Reading
News 07 Dec 2022

Google, MS, Oracle vulnerabilities make November ’22 a big month for patching

Vulnerabilities affecting the likes of Google, Microsoft and Oracle proved particularly troublesome in November Continue Reading
Opinion 07 Dec 2022

Security Think Tank: As cyber pros, we need to articulate our needs better

There is always a lot to learn about security, but one of the most important lessons may not relate to technology at all, says Petra Wenham Continue Reading
News 06 Dec 2022

Legacy IT magnifies cyber risk for Defra, says NAO

Some 30% of Defra’s applications are currently unsupported, magnifying cyber risk as the government department struggles to make progress on a digital transformation programme Continue Reading
News 06 Dec 2022

Industrial IoT focus of next NCSC startup challenge

The NCSC for Startups programme is looking for innovative ideas to encrypt and secure the industrial internet of things Continue Reading
News 06 Dec 2022

EU fails to protect human rights in surveillance tech transfers

Transfers of surveillance technology from the European Union to African governments are carried out without due regard for the human rights impacts, the European Ombudsman has found after a year-long investigation into the European Commission’s management of an aid fund Continue Reading
News 06 Dec 2022

Don’t become an unwitting tool in Russia’s cyber war

Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack? Continue Reading
News 05 Dec 2022

French cyber consultancy Hackuity sets up UK operation

Risk-based vulnerability management company is to establish a UK base of operations in the hope of expanding its enterprise client base Continue Reading
Opinion 05 Dec 2022

Security Think Tank: The more you buy, the less you protect

The most important lesson learned this year is that the more controls you have in place, the less secure you become, argues 2-sec’s Tim Holman Continue Reading
News 02 Dec 2022

Twitter ‘replacement’ Hive Social shuts off service in privacy alert

Hive Social, a recently established social media network, has temporarily closed its servers to address deep structural privacy issues identified by ethical hackers Continue Reading
News 01 Dec 2022

MI6 chief’s hacked emails attacked MI5 and betrayed British spy operations in China

Former UK spy boss Richard Dearlove leaked names of MI6 secret agent recruiters in China to back an aggressive right-wing US campaign against tech company Huawei. His emails were hacked and then leaked – probably by Russian intelligence Continue Reading
Opinion 01 Dec 2022

Ransomware: Is there hope beyond the overhyped?

Up-and-coming cyber concepts attack surface management and security mesh architectures seem to hold some promise in tackling ransomware, but they are a little way off maturity Continue Reading
News 30 Nov 2022

NIS regulations to be extended to cover MSPs

The UK government is moving ahead with plans to update the Network and Information Systems regulations to bring outsourcers and MSPs into scope Continue Reading
Opinion 30 Nov 2022

Think technology, process, human risk to manage ransomware

Effective ransomware handling boils down to three core areas – technology, process and human risk Continue Reading
News 29 Nov 2022

AWS doubles down on data management

Cloud giant Amazon Web Services declares a bold vision to eliminate the need to extract, transform and load data alongside other efforts to address business problems in domains like cyber security and logistics Continue Reading
News 29 Nov 2022

‘Legal but harmful’ clause dropped from Online Safety Bill

Online Safety Bill’s ‘legal but harmful’ provision will be dropped by the UK government in favour of public risk assessments, tools to help users control the content they consume, and new criminal offences around self-harm Continue Reading
Feature 29 Nov 2022

How gamifying cyber training can improve your defences

Security training is the cornerstone of any cyber defence strategy. With ever-escalating online threats, it is now more important than ever that this training is an engaging experience Continue Reading
Feature 28 Nov 2022

Ransomware: Practical tips to improve resiliency

With ransomware attacks on organisations increasing, the question is not if an attack will happen, but when. We look at ways to minimise the impact of such an attack Continue Reading
News 27 Nov 2022

Plexal inducts six into cyber leadership scheme

Tech innovation hub Plexal is expanding its Cyber Runway programme with a new Ignite strand dedicated to supporting high-potential security leaders Continue Reading
News 25 Nov 2022

Data management, backup becoming the CISO's responsibility

More and more CISOs are taking on responsibility for wider data management strategies, and this trend looks set to grow next year Continue Reading
News 24 Nov 2022

Not-for-profit aims to encourage 1,300 girls into cyber careers

CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber Continue Reading
E-Zine 24 Nov 2022

CW Nordics: Icelandic datacentres point way to greener IT

Iceland may soon become even more attractive to firms wanting to minimise their carbon footprint while using high-performance computing services. Read more about it in this issue. Also find out how a robo investment company, Nord Investments, is harnessing open banking to make thing easier for its clients. Continue Reading
News 23 Nov 2022

South Korea data adequacy pact brings £15m Brexit bonus

UK government finalises a data adequacy agreement with South Korea, saying it will unlock a post-Brexit business bonus of just under £15m Continue Reading
News 23 Nov 2022

Red team tool developer slams ‘irresponsible’ disclosure

UK security firm MDSec defends its Nighthawk command and control penetration testing framework after suggestions were made that it could be appropriated by threat actors Continue Reading
News 23 Nov 2022

Dutch national cyber security strategy aims to protect digital society

Cabinet sets up national cyber security strategy to make the Netherlands digitally secure Continue Reading
News 22 Nov 2022

Killnet DDoS hacktivists target Royal Family and others

Russia-aligned hacktivists targeted multiple UK websites, including those of the Royal Family, in a new campaign of DDoS attacks Continue Reading
News 22 Nov 2022

C-suite mystified by cyber security jargon

Malware, supply chain attack, zero-day, IoC, TTP and Mitre ATT&CK are just some of the everyday terms that security pros use that risk making the world of cyber incomprehensible to outsiders Continue Reading
E-Zine 22 Nov 2022

Cyber criminals target World Cup Qatar 2022

In this week’s Computer Weekly, as the FIFA World Cup opens in Qatar, we examine the cyber security threats from criminals targeting the event. We report from the Gartner Symposium on the latest predictions for enterprise software development. And we talk to the CIO of Kyiv City Council about managing IT in the shadow of war. Read the issue now. Continue Reading