IT governance

IT governance provides the core workflows and processes that help IT managers to oversee the successful functioning of the IT department, and to prove the value of IT to the business. Regulations and compliance are just as important as technological and management skills, and we highlight the best practice in IT governance and the example of successful IT leaders.

Feature 11 Jul 2023
Norwegian data privacy experts sound alarm over generative AI

Hundreds of millions of people embrace generative artificial intelligence, blissfully ignorant of what it’s doing to data privacy. Continue Reading
News 24 Apr 2023
Finland and Estonia deepen cross-border digital partnerships

Finland and Estonia, two global tech pioneers, are increasingly sharing their expertise Continue Reading

News 05 Oct 2021

New Python-based ransomware attacks unfold in record time

Sophos researchers detail a new variety of Python-based ransomware attack targeting VMware ESXi-hosted VMs Continue Reading
Opinion 05 Oct 2021

Invest in cyber security with confidence using a structured approach

Cyber security has never been more challenging or important in rapidly changing business, regulatory, IT and threat environments. There is a need for a more structured approach to investment Continue Reading
Opinion 05 Oct 2021

ICO cookie consent: How will the plan affect businesses?

A data privacy and compliance expert considers what the ICO’s proposals for an overhaul of cookie consent procedures could mean for businesses Continue Reading
News 05 Oct 2021

Australian organisations lack maturity in responsible AI

Most Australian organisations are still in the early stages of their responsible artificial intelligence efforts despite growing use of AI by businesses and consumers, study finds Continue Reading
News 04 Oct 2021

Mandiant name returns to fore ahead of FireEye sale

Mandiant has completed its corporate rebrand pending the imminent sale of the FireEye products business to a private equity group Continue Reading
News 04 Oct 2021

One Identity buys OneLogin for access management expertise

Acquisition of OneLogin adds access management solutions to One Identity’s Unified Identity Security platform Continue Reading
Opinion 04 Oct 2021

Security Think Tank: Embracing vulnerability management for the greater good

When it comes to vulnerability management, CISOs should define a responsible disclosure policy so that they can receive and manage identified vulnerabilities transparently, practically and collaboratively, says Paul Watts of the ISF Continue Reading
News 01 Oct 2021

Met Police purchase new retrospective facial-recognition system

Retrospective facial-recognition software purchased for £3m by the Met Police will be deployed in coming months amid continuing controversy around the use of biometric technologies by law enforcement bodies Continue Reading
News 01 Oct 2021

BEIS urged to prioritise funding to protect umbrella workers in government Spending Review

In an open letter to the Department for Business, Energy and Industrial Strategy, umbrella regulation draft policymakers Rebecca Seeley Harris and James Poyser urge the government to prioritise funding for a single enforcement body Continue Reading
News 01 Oct 2021

Amnesty International exploited in malware campaign

According to new intelligence from Cisco Talos, Amnesty International’s branding and profile is being used as part of a new malware campaign that exploits people’s fears of the notorious Pegasus spyware app Continue Reading
News 01 Oct 2021

JVCKenwood hit by Conti ransomware attack

Nearly 2TB of data was stolen from Japanese electronics firm in a Conti ransomware hit Continue Reading
News 01 Oct 2021

IR35: Giant Group cyber attack prompts renewed calls for statutory regulation of umbrella companies

As details about the fallout from the cyber attack on the Giant Group umbrella company emerge, stakeholders say the incident should prompt the government to expedite regulating contractor payroll processing firms Continue Reading
News 29 Sep 2021

Russia arrests prominent cyber security executive

Founder and CEO of cyber security firm Group-IB detained in Moscow on treason charges Continue Reading
News 29 Sep 2021

FoggyWeb malware latest tool of dangerous Nobelium APT

Microsoft’s threat intelligence team warns of a new strain of malware being used by the Russia-linked Nobelium APT Continue Reading
News 29 Sep 2021

The Security Interviews: How SolarWinds came through its darkest hour

In his first major UK press interview, SolarWinds CEO Sudhakar Ramakrishna tells Computer Weekly how a relentless focus on transparency saw the company safely through a nightmare cyber breach scenario Continue Reading
News 28 Sep 2021

Digital regulators need discrete but cooperative remits

The UK’s information commissioner has told MPs that digital economy regulators need discrete remits backed up by strong information sharing powers to both provide clear focus as well as allow for greater cooperation between their disparate but interlinked regimes Continue Reading
News 28 Sep 2021

How one red team exercise averted a new SolarWinds-style attack

Palo Alto Networks shares details of how its red teamers found and sealed a customer vulnerability that could have led to another SolarWinds-style supply chain attack Continue Reading
Opinion 24 Sep 2021

Facial recognition cannot be a standalone authentication method

As more organisations look to facial recognition to improve their digital identity practices, they must remember that it cannot stand in isolation Continue Reading
News 24 Sep 2021

London publishes guidelines for ethical use of smart city tech

Latest draft of the ‘Emerging Technology Charter for London’ encourages local authorities, public services and technology companies to improve how they implement technology in the capital Continue Reading
News 23 Sep 2021

Fresh alert over Conti ransomware surge

Conti ransomware crew appears increasingly active, prompting fresh warnings from the US authorities Continue Reading
News 23 Sep 2021

MoD in second leak of Afghan citizens’ data

A second breach of data relating to Afghan citizens at risk of Taliban reprisals has been reported by the Ministry of Defence Continue Reading
News 23 Sep 2021

Threat actors target VMware vCenter Server users

Users of VMware vCenter Server are advised to patch a series of vulnerabilities post haste Continue Reading
News 22 Sep 2021

AI cannot be regulated by technical measures alone

The regulation of artificial intelligence must address the power of tech companies, as technical measures alone will not be enough to prevent the harms caused by AI-driven technologies, says report Continue Reading
Opinion 21 Sep 2021

Managing cyber risk through integrated supply chains

High-profile supply chain cyber attacks have caused huge disruption this year. PA Consulting’s Carl Nightingale considers key questions business leaders should be asking of their organisations Continue Reading
News 21 Sep 2021

US sanctions Suex crypto exchange over ransomware links

US Treasury cracks down on cryptocurrency exchange that supposedly facilitated proceeds from multiple ransomware gangs Continue Reading
News 21 Sep 2021

Spanish police bust Mafia-linked phishing gang

A joint operation between European authorities has dismantled a cyber criminal gang with links to the Italian Mafia Continue Reading
News 21 Sep 2021

BlackMatter gang ramps up attacks on multiple victims

A wave of new BlackMatter ransomware attacks is hitting organisations around the world, even as the US authorities mull new sanctions on ransom payment infrastructure Continue Reading
News 20 Sep 2021

NGO Fair Trials calls on EU to ban predictive policing systems

The use of artificial intelligence to predict criminal behaviour should be banned because of its discriminatory outcomes and high risk of further entrenching existing inequalities, claims Fair Trials Continue Reading
News 16 Sep 2021

Travel-themed phishing lures spiked this summer

As people begin to take holidays again after more than a year of restrictions and lockdowns, opportunist cyber criminals have taken note, according to new data from Palo Alto’s Unit 42 Continue Reading
News 15 Sep 2021

UN human rights chief calls for moratorium on AI technologies

High commissioner’s call for a moratorium on the use of AI systems that pose a serious risk to human rights is accompanied by a UN report on the negative human rights impacts associated with the technology Continue Reading
News 15 Sep 2021

Microsoft patches 66 vulnerabilities in September update

Another lighter-than-usual Patch Tuesday update includes important fixes for recently disclosed vulnerabilities, including a dangerous zero-day, and an update in the PrintNightmare saga Continue Reading
News 14 Sep 2021

Mass health tracker data breach has UK impact

The leak of a database of 61 million users of health-tracking devices includes records on individuals located in the UK Continue Reading
News 14 Sep 2021

Cost of ransomware attack in financial sector exceeds $2m

Mid-sized financial services organisations worldwide spend an average of over $2m recovering from ransomware attacks Continue Reading
News 14 Sep 2021

Apple patches ForcedEntry vulnerability used by spyware firm NSO

Apple patches ForcedEntry vulnerability that was used to target political activists with spyware Continue Reading
News 13 Sep 2021

Smishing attacks up sevenfold in six months

Scam text messages are reaching pandemic proportions, thanks in part to the pandemic Continue Reading
News 13 Sep 2021

Olympus likely victim of BlackMatter ransomware

Key IT systems remain shut off at Olympus, five days after what seems to have been a BlackMatter ransomware attack Continue Reading
News 09 Sep 2021

UK GDPR faces changes under planned reforms

DCMS is launching a major consultation on proposed changes to the UK’s data protection regime, under which several key elements of the GDPR are likely to change Continue Reading
News 08 Sep 2021

REvil reappearance may herald new ransom campaigns

The re-emergence of the infamous REvil ransomware gang is a likely sign that more high-profile attacks will unfold over the coming weeks Continue Reading
News 08 Sep 2021

Covid positive for security market, but still a source of stress

CIISec’s latest “State of the profession report” highlights both positives and challenges for cyber pros arising from the past two years Continue Reading
News 08 Sep 2021

Stolen credit card data worth about £13 on dark web, PayPal worth more

The average price of a stolen credit card on a dark web marketplace comes in at around $17.40, or £12.60, according to new data – but the real money for cyber criminals is in hacked PayPal accounts Continue Reading
Opinion 08 Sep 2021

Security Think Tank: Optimising privacy, post-GDPR

Airbus CyberSecurity CTO Paddy Francis explores the impact of regulation on data protection, and how it has changed how one goes about optimising data privacy in the enterprise Continue Reading
News 07 Sep 2021

ICO in bid to end cookie pop-ups

Outgoing information commissioner Elizabeth Denham will call on her equivalents across the G7 group of countries to collaborate on an overhaul of cookie consent pop-ups Continue Reading
News 07 Sep 2021

Lords committee calls for evidence on digital regulation

House of Lords Communications and Digital Committee has called for evidence to inform its inquiry into the effectiveness of digital regulation Continue Reading
Opinion 07 Sep 2021

Security Think Tank: A response to planned data protection changes

The ISF’s Emma Bickerstaffe assesses how organisations might respond to proposed changes to the UK’s data protection regime Continue Reading
Opinion 06 Sep 2021

The rise of the chief risk officer

The impact of the Covid-19 pandemic has seen chief risk officers take their rightful place in the boardroom Continue Reading
Opinion 06 Sep 2021

UK’s new data protection strategy risks costing business more than it gains

The apparent business benefits of pursuing data adequacy agreements around the world may not be as enticing as they at first appear Continue Reading
News 03 Sep 2021

Mandiant, Sophos detail dangerous ProxyShell attacks

Threat researchers and incident responders continue to track threat activity around the dangerous ProxyShell Microsoft Exchange vulnerabilities, including impactful ransomware hits Continue Reading
News 02 Sep 2021

WhatsApp fined €225m over GDPR breaches

Irish data protection watchdog has issued one of the largest GDPR fines to date against Facebook-owned WhatsApp Continue Reading
Opinion 02 Sep 2021

Protecting children in the digital playground

The ICO’s Age Appropriate Design Code ushers in a new set of standards that advance children’s rights in the digital age Continue Reading
News 02 Sep 2021

Twitter tests auto-block feature for accounts at risk of abuse

Latest Twitter feature automatically blocks abusive users, and is intended to help victims regain control of their experience on the platform Continue Reading
Opinion 02 Sep 2021

Security Think Tank: Managing data securely throughout its lifecycle

Managing data in a secure manner is key to ensuring its integrity and therefore its value to the organisation, as well as reducing risk from breaches and misinformation Continue Reading
News 01 Sep 2021

Experts warn on Office 365 phishing attacks

Newly observed campaign is particularly dangerous because it appears to neutralise one of the most widely known anti-phishing techniques Continue Reading
News 01 Sep 2021

Remote workers routinely bypassed security tools during pandemic

New data from Palo Alto Networks reveals that over 25% of UK security leaders saw their employees circumventing or switching off security measures at the height of the pandemic Continue Reading
Opinion 27 Aug 2021

How the cyber security market is evolving

The cyber security market has gained even greater importance in the post-Covid era and continues to grow and evolve. But what factors are driving trends in that market and what should your organisation consider when making cyber security investments? Continue Reading
News 27 Aug 2021

Are proposed data protection changes a threat to UK citizens’ privacy?

Though changes are as-yet undefined pending an upcoming consultation, concerns are already being expressed over the government’s plan to liberalise data protection laws in the service of innovation and growth Continue Reading
Feature 26 Aug 2021

Boots leading drive for ‘professionalisation of IT’ in retail

Boots becomes member of the BCS, the Chartered Institute for IT, as CIO Rich Corbridge accelerates drive for the ‘professionalisation of IT’ Continue Reading
News 26 Aug 2021

Tech giants commit to Biden's cyber security action plan

Some of the world’s most prominent tech giants have made a series of commitments to enhance the US’ national cyber security posture following a high-profile meeting with president Biden Continue Reading
News 26 Aug 2021

Government unveils post-Brexit data flow proposals

The government will pursue data partnerships with countries including Australia, South Korea and the US as part of a post-Brexit data regime that may also see substantial changes to the UK’s data protection law Continue Reading
Opinion 26 Aug 2021

Security Think Tank: Steps to a solid data privacy practice

Petra Wenham of the BCS shares her expertise on building, or rebuilding, a solid business data privacy practice in a post-Covid-19 world Continue Reading
News 26 Aug 2021

NZ privacy lead John Edwards named new information commissioner

DCMS has named John Edwards, currently New Zealand privacy commissioner, to succeed Elizabeth Denham as UK information commissioner Continue Reading
News 25 Aug 2021

Algorithmic accountability needs meaningful public participation

Global analysis by Ada Lovelace Institute and other research groups finds algorithmic accountability mechanisms in the public sector are hindered by a lack of engagement with the public Continue Reading
News 25 Aug 2021

Calling the cops for ransomware attacks doesn’t help, say cyber pros

A new study for the #Ransomaware campaign reveals some insight into why so few victims report ransomware attacks Continue Reading
News 25 Aug 2021

UK loses £1.3bn to fraud and cyber crime so far this year

New figures from the National Fraud Intelligence Bureau show a threefold spike in reported financial losses to fraud and cyber crime in the first six months of 2021 Continue Reading
News 24 Aug 2021

13 million malware attacks on Linux seen in wild

Cryptominers, web shells and ransomware are the most common varieties of malwares targeting Linux systems, thanks to its prevalence as the backbone of most public cloud services Continue Reading
News 24 Aug 2021

Half of MS Exchange servers at risk in ProxyShell debacle

Up to 50% of MS Exchange users in the UK are exposed to three vulnerabilities that are now being actively exploited Continue Reading
Opinion 24 Aug 2021

The ransomware debate – to pay or not to pay?

The debate around banning ransomware payments is highly nuanced, and we must take care to avoid overt victim-blaming, in favour of an open and honest approach, says SASIG’s Martin Smith Continue Reading
News 24 Aug 2021

Over a million opt out of NHS data-sharing

Failure to communicate benefits of data-sharing proposals and privacy concerns are prompting large numbers of people to opt out of a proposed NHS Digital scheme Continue Reading
News 24 Aug 2021

Campaign groups claim police have bypassed Parliament with plans for live facial-recognition tech

Civil society groups call for Parliament to scrutinise the use of live facial-recognition cameras Continue Reading
News 23 Aug 2021

Cities worldwide band together to push for ethical AI

The chief digital and technology officers of London and Barcelona speak to Computer Weekly about their joint initiative launched with other cities to promote the ethical deployment of artificial intelligence in urban spaces Continue Reading
Opinion 20 Aug 2021

Security Think Tank: Data privacy not in isolation, but on a spectrum

The gap between data privacy and data governance is narrowing, and security leaders need to be aware of the implications, says KuppingerCole’s Anne Bailey Continue Reading
News 19 Aug 2021

Pub apps harvesting swathes of customer data unnecessarily

Some pub and restaurant chain apps demand data such as gender and marital status, raising eyebrows among privacy campaigners Continue Reading
News 19 Aug 2021

IT leaders fear ‘trickle-down’ of nation-state cyber attacks

Three-quarters of IT decision-makers are concerned that the tactics, techniques and procedures used by nation-state attackers could be used against them Continue Reading
News 18 Aug 2021

UK government criticised for proposed facial-recognition guidance

Privacy campaigners say the government's updated 'surveillance camera code of practice' does not do enough to mitigate abuses of facial-recognition technology Continue Reading
Opinion 18 Aug 2021

Security Think Tank: Data privacy and ethics in a post-Covid world

The radical change caused by the pandemic requires new approaches to data privacy practice, says PA Consulting’s Daniel Gordon Continue Reading
News 17 Aug 2021

Educational publisher Pearson fined for data breach cover-up

Securities and Exchange Commission says publisher misled its investors over the extent of a 2018 data breach Continue Reading
News 17 Aug 2021

Security Think Tank: Building privacy-preserving apps and platforms

ISACA’s Gaurav Deep Singh Johar explores how to embed privacy practices into digital platform architecture Continue Reading
Feature 16 Aug 2021

When is SIEM the right choice over SOAR?

Better instrumentation leads to better IT security but monitoring can quickly overload IT teams. Automation can help, but it may not always be needed Continue Reading
News 13 Aug 2021

How to get API deployments right

Application programming interfaces are not the panacea for digital transformation and could even lead to escalating costs for problems that are better addressed through integration Continue Reading
News 12 Aug 2021

ICO consults on new international data transfer agreement

Information Commissioner’s Office to consult on its draft international data transfer agreement and guidance, which will replace standard contractual clauses to protect personal data during overseas transfers Continue Reading
Opinion 06 Aug 2021

Firms struggle to manage their innovation ecosystems

A lack of governance and performance mechanisms is hindering firms from getting the most out of suppliers in their innovation ecosystems Continue Reading
Feature 04 Aug 2021

Disaster recovery for SMEs: Five key areas to consider

We look at key disaster recovery considerations for SMEs, including why backup is not enough, how to create a disaster recovery plan, best-practice DR testing and DR as a service Continue Reading
Opinion 02 Aug 2021

Five tips to ensure your crisis comms plan is ready for a cyber attack

Business leaders take note: standard crisis communications plans are inadequate if you have fallen victim to a cyber attack. HPL’s Ted Birkhahn shares five tips to make sure you are ready to face the public Continue Reading
News 29 Jul 2021

HMRC hits Home Office with £33.5m bill over ‘careless’ application of IR35 rules

The Home Office is the latest ministerial department to be hit with a multimillion-pound tax demand from HMRC after errors were discovered in its implementation of the IR35 rules Continue Reading
News 28 Jul 2021

Almost half unaware of GP data-sharing plans

Around half of adults in England – approximately 20 million people – remain unaware of the scope of the NHS GPDPR programme, prompting calls for a public education campaign Continue Reading
Opinion 28 Jul 2021

Security Think Tank: Consider cyber policies and procedures as you welcome employees back

With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading
News 27 Jul 2021

US lawmakers call for probe into ‘arrogant’ spyware firm

US members of Congress have called for an investigation into NSO Group, the spyware supplier at the centre of a massive surveillance scandal Continue Reading
News 27 Jul 2021

TikTok sets up cyber security hub in Dublin

Dublin-based cyber centre will oversee the security of TikTok’s users across Europe Continue Reading
News 26 Jul 2021

No More Ransom initiative saves £850m over five years

Initiative’s free ransomware decryption tools have been used by more than six million people since 2016 Continue Reading
News 23 Jul 2021

Kaseya obtains universal ransomware decryptor

Kaseya says it obtained a ransomware decryptor key from a trusted third party, but there is no word on whether a ransom was paid Continue Reading
News 22 Jul 2021

Plans to address legal but harmful content ‘threaten free speech’

House of Lords report criticises the government’s forthcoming Online Safety Bill for imposing duty of care on tech platforms to deal with ‘legal but harmful’ content, which it says threatens freedom of expression online Continue Reading
Feature 21 Jul 2021

Five ways to ensure remote working security and compliance

A mix of on-site and remote working has become a fact of life for many organisations. We look at five key things you should consider to ensure compliance and security Continue Reading
News 21 Jul 2021

Cloud Foundry Foundation rebalances commercial code contributions

Most open source contributions in Cloud Foundry come from developers whose companies commercialise the platform Continue Reading
News 21 Jul 2021

France’s Macron among alleged Pegasus targets

Data relating to devices used by French president Emmanuel Macron and the head of the World Health Organization, among others, has been uncovered in a dataset linked to government use of spyware Continue Reading
News 20 Jul 2021

Government shares vision for digitised energy system as it pursues net-zero emissions target

Strategy is geared towards readying the UK energy system for the transition from fossil fuels to renewable power through digital transformation Continue Reading
News 20 Jul 2021

NCSC’s Cameron urges deeper cyber alliance-building

Speaking to an event in Israel, NCSC CEO Lindy Cameron has praised joint UK-Israeli efforts on security collaboration Continue Reading
Opinion 20 Jul 2021

Sparsely staffed offices: the new post-pandemic cyber gap

With many offices still operating at limited capacity, a red teaming expert reveals how his job is getting easier, and why this is a problem Continue Reading
News 20 Jul 2021

NHS Digital tightens rules for GPDPR data scrape

The proposed collection of patient data held by GPs will now only commence when three key criteria have been fulfilled, says NHS Digital Continue Reading
Opinion 20 Jul 2021

Security Think Tank: A return to the office is not a return to normal

With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading
News 19 Jul 2021

UK, US confirm Chinese state backed MS Exchange Server attacks

UK and US governments, alongside the EU and Nato, have formally attributed the March 2021 Microsoft Exchange Server attacks to Chinese state-backed actors Continue Reading
Feature 19 Jul 2021

Tips to minimise vulnerabilities in web and mobile apps

Agile software development can sometimes be at odds with secure by design principles. We look at how organisations are balancing security with coding Continue Reading