IT governance

IT governance provides the core workflows and processes that help IT managers to oversee the successful functioning of the IT department, and to prove the value of IT to the business. Regulations and compliance are just as important as technological and management skills, and we highlight the best practice in IT governance and the example of successful IT leaders.

Feature 11 Jul 2023
Norwegian data privacy experts sound alarm over generative AI

Hundreds of millions of people embrace generative artificial intelligence, blissfully ignorant of what it’s doing to data privacy. Continue Reading
News 24 Apr 2023
Finland and Estonia deepen cross-border digital partnerships

Finland and Estonia, two global tech pioneers, are increasingly sharing their expertise Continue Reading

News 17 Jan 2023

Royal Mail promises ‘workarounds’ to restore services after ransomware attack

Royal Mail CEO Simon Thompson apologises to customers whose businesses are being disrupted by a ransomware attack and promises a ‘workaround’ will be in place in the near future Continue Reading
News 16 Jan 2023

The Security Interviews: Protecting your digital self

Our digital self – the virtual presence of who we are online – has a pervasive influence in the real world. People make judgements based on these digital depictions, so what can be done to ensure positive representation? Continue Reading
E-Zine 16 Jan 2023

CW EMEA: Protecting the privacy of schoolchildren

In this month’s CW EMEA, we look at how schools in Germany have stopped using Microsoft Office 365 over lack of clarity over how data is collected, shared and used. We also delve into how former UK spy boss Richard Dearlove leaked names of MI6 secret agent recruiters in China to back an aggressive right-wing US campaign against tech company Huawei. Read the issue now. Continue Reading
News 14 Jan 2023

Experts concerned over silence around government obligation to review UK surveillance laws

The government is required to review the UK’s surveillance law, the Investigatory Powers Act, but experts say they are in the dark about its plans. The National Crime Agency’s operation Venetic has highlighted the need for urgent reforms Continue Reading
News 13 Jan 2023

LockBit cartel suspected of Royal Mail cyber attack

The still-developing cyber incident at Royal Mail may be the work of the infamous LockBit ransomware operation Continue Reading
News 12 Jan 2023

Companies warned to step up cyber security to become ‘insurable’

Investing in better IT security to protect against cyber crime will make businesses more resilient against other risks Continue Reading
Opinion 12 Jan 2023

Europe’s cyber security strategy must be clear about open source

Europe’s cyber security policy on open source is lagging behind the US, and despite growing government awareness of the issues, that poses a problem Continue Reading
News 12 Jan 2023

Guardian confirms Christmas 2022 cyber attack was ransomware

Guardian Media Group bosses confirm the 20 December cyber attack that left staff locked out of its London office and disrupted several key systems was an untargeted ransomware attack Continue Reading
News 11 Jan 2023

Royal Mail services hit by major cyber attack

UK postal service Royal Mail is asking customers not to send any overseas letters or parcels while it deals with the impact of an ongoing cyber attack Continue Reading
News 11 Jan 2023

Internet shutdowns cost global economy $24bn in 2022

Deliberate disruption of people’s access to the internet by governments is having a substantial economic impact and contributing to a range of human rights abuses, primarily against protestors Continue Reading
News 11 Jan 2023

Microsoft fixes EoP zero-day on January Patch Tuesday

On the first Patch Tuesday of 2023, Microsoft fixed an elevation of privilege vulnerability in Windows Advanced Local Procedure Call, which has been actively exploited in the wild and may be co-opted into ransomware campaigns Continue Reading
News 10 Jan 2023

Insurer Beazley introduces catastrophe bond to ease cyber risk

Insurance company Beazley says that its $45m cyber catastrophe bond will help to protect its balance sheet and enable it to offer more cyber insurance cover Continue Reading
News 10 Jan 2023

Former subpostmaster Alan Bates, who ‘pulled up trees and moved mountains’, turns down OBE offer

Alan Bates, who fought for decades to expose the Post Office Horizon IT scandal, says it would be inappropriate to accept an OBE when former Post Office CEO Paula Vennells still holds her CBE Continue Reading
News 08 Jan 2023

Vulnerable organisations to get free Cyber Essentials support

Charities and legal aid firms are among those to be offered free security checks and certifications from the National Cyber Security Centre Continue Reading
News 06 Jan 2023

Proposed digital fraud refund rules risk excluding many victims

Proposals to establish a fraud refund mechanism in the UK risk excluding many victims of digitally enabled fraud, a major bank has warned Continue Reading
News 06 Jan 2023

Russia’s Turla falls back on old malware C2 domains to avoid detection

Mandiant says it has observed the Russian APT UNC2410, also known as Turla, re-registering expired or sinkholed domains previously used by financially motivated cyber criminals Continue Reading
News 05 Jan 2023

Generative AI: Preparing for next-gen artificial intelligence

ChatGPT is one of a new breed of AI models that promises to deliver machine-based creativity Continue Reading
News 05 Jan 2023

Cyber gang abused free trials to exploit public cloud CPU resources

A South Africa-based cyber crime gang exploited free trials and introductory offers to run cryptominers via public cloud services, then did a runner without paying Continue Reading
News 05 Jan 2023

Warning over ransomware attacks spreading via Fortinet kit

Following the disclosure of a critical vulnerability in October 2022, Fortinet VPN devices were exploited in two known ransomware attacks, with access likely sold on the dark web Continue Reading
News 05 Jan 2023

Fallout from Guardian cyber attack to last at least a month

The Guardian newspaper’s offices remained shut into the New Year following a supposed ransomware attack, with disruption likely to last some time Continue Reading
Feature 05 Jan 2023

Securing low Earth orbit represents the new space race

The barriers to launching satellites into low Earth orbit are falling fast, and that brings new cyber security challenges Continue Reading
News 03 Jan 2023

Test of digital ID tech at Surrey nightclub proclaimed success

The majority of visitors to a Camberley venue who piloted a digital identification app developed by 1account said they found it easy to use and preferred it to standard physical ID Continue Reading
News 30 Dec 2022

Top 10 Computer Weekly Downtime Upload podcasts of 2022

The team began with a sombre episode about Ukraine and went on to tackle the more familiar topics of diversity, datacentre sustainability and data. New for 22: Cliff Saran’s interviews with IT thought leaders Continue Reading
Feature 29 Dec 2022

Cyber security professionals share their biggest lessons of 2022

In the run-up to 2023, cyber security professionals are taking the time to reflect on the past few months and share their biggest lessons of 2022 Continue Reading
News 29 Dec 2022

Top 10 technology and ethics stories of 2022

Here are Computer Weekly’s top 10 technology and ethics stories of 2022 Continue Reading
News 29 Dec 2022

Top 10 Nordic IT stories of 2022

Here are Computer Weekly's top 10 Nordic IT articles of 2022 Continue Reading
News 29 Dec 2022

Top 10 technology startup stories of 2022

Here are Computer Weekly’s top 10 technology startup stories of 2022 Continue Reading
Opinion 29 Dec 2022

How does red teaming test the ultimate limits of cyber security?

An expert ethical hacker reveals how he goes about carrying out a red team exercise Continue Reading
News 28 Dec 2022

Complaints that NCA failed in duty of candour over EncroChat warrants ‘incredible’, court hears

NCA lawyers argue that a decision by an NCA intelligence officer to disclose notes of a key meeting after two-and-a-half years boosts her credibility as a witness Continue Reading
News 28 Dec 2022

Top 10 Middle East IT stories of 2022

Here are Computer Weekly's top 10 Middle East IT articles of 2022 Continue Reading
News 23 Dec 2022

Top 10 financial services IT stories of 2022

Here are Computer Weekly’s top 10 financial services IT articles of 2022, looking back at the moves and changes over the past year Continue Reading
News 23 Dec 2022

Top 10 IT leadership interviews of 2022

Computer Weekly talks to more IT leaders than any other publication, so we can share insights into the latest in strategy and best practice from the top CIOs, CTOs and CDOs Continue Reading
News 23 Dec 2022

Top 10 Benelux IT stories of 2022

Here are Computer Weekly’s top 10 Benelux articles of 2022 Continue Reading
News 22 Dec 2022

Top 10 cyber security stories of 2022

The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides Continue Reading
News 22 Dec 2022

Top 10 crime, national security and law stories of 2022

Here are Computer Weekly’s top 10 crime, national security and law stories of 2022 Continue Reading
News 22 Dec 2022

Top 10 cyber crime stories of 2022

Cyber crime continued to hit the headlines in 2022, with impactful cyber attacks abounding, digitally enabled fraud ever more widespread and plenty of ransomware incidents Continue Reading
Opinion 21 Dec 2022

Post-Brexit cyber dynamics in the UK and Europe: diverging paradigms?

The UK faces a choice in terms of its ongoing cyber security relationship with the EU – to preserve its collaboration with the EU by adopting an aligned approach or to adopt a divergent approach Continue Reading
News 20 Dec 2022

TSB hit with huge fine after IT migration disaster

TSB has been fined nearly £50m due to failings during its IT migration catastrophe Continue Reading
Opinion 19 Dec 2022

Security Think Tank: 2022 brought plenty of learning opportunities in cyber

At the end of another busy 12 months, Turnkey Consulting’s Andrew Morris sums up some of the most important takeaways for cyber pros Continue Reading
News 16 Dec 2022

Shiseido data breach victims plan legal action over fake companies

Employees and former employees of cosmetics firm Shiseido whose data was stolen in a recent breach are planning group legal action after their information was used to establish fraudulent companies in their names Continue Reading
News 16 Dec 2022

UK unis implement new IP traffic policies to combat ransomware

Jisc will introduce new measures to protect UK universities and research institutions from ransomware attacks that exploit the Remote Desktop Protocol remote-access feature Continue Reading
News 15 Dec 2022

Digital Ethics Summit: Who benefits from new technology?

Experts at the 2022 Digital Ethics Summit say expedited development cycles and obviously over-hyped PR material, in tandem with the public’s near-total exclusion from conversations around technology, is creating distrust towards the tech sector Continue Reading
News 14 Dec 2022

Criminal Cases Review Commission calls on more convicted subpostmasters to come forward

The Criminal Cases Review Commission wants more former subpostmasters to come forward if they think they were prosecuted by the Post Office based on data from the error-prone Horizon computer system Continue Reading
News 14 Dec 2022

Private health provider data could be shared with NHS England

Plans are advancing to create a single source of healthcare data in England combining both private providers and the NHS to avoid a repeat of the Ian Paterson scandal Continue Reading
News 14 Dec 2022

NHS gets new guidance on public benefits of data sharing

NHS national data guardian Nicola Byrne has published new guidance on how health and social care bodies should approach the task of evaluating public benefit when using data for purposes beyond individual care Continue Reading
News 14 Dec 2022

Ethical hackers flex their muscles in 2022

Ethical hackers working through HackerOne programmes found 21% more vulnerabilities in 2022 than in 2021 Continue Reading
News 14 Dec 2022

Microsoft fixes two zero-days in final Patch Tuesday of 2022

December’s Patch Tuesday is typically a light month for Microsoft, and this year proved no exception, but there are still several critical issues worth addressing, and two zero-days for defenders to pore over Continue Reading
News 14 Dec 2022

New cyber approaches ease Registers of Scotland’s AWS migration

As the holder of the oldest national public land register in the world, Registers of Scotland has a storied history dating back centuries. Find out how Palo Alto Networks is keeping its processes and data secure as it goes all-in on Amazon Web Services Continue Reading
Opinion 14 Dec 2022

Security Think Tank: How much digital trust can you place on zero-trust?

The events of the past couple of years have highlighted many considerations that should be taken into consideration when pursuing a zero-trust strategy, says ISACA’s Steven Sim Kok Leong Continue Reading
News 13 Dec 2022

EU issues draft data adequacy decision in favour of US

The European Commission has concluded that the United States does ensure an adequate level of protection for personal data transferred from the European Union and will now launch the process towards the adoption of an adequacy decision Continue Reading
News 13 Dec 2022

More Uber data exposed in possible supply chain attack

A second incident affecting ride-sharing app Uber appears to have originated through a third party in a supply chain attack Continue Reading
E-Zine 13 Dec 2022

AI experts question tech industry’s ethical commitments

In this week’s Computer Weekly, the proliferation of ethical frameworks has done little to change how artificial intelligence is developed – we look at the challenges. We examine the future of the UK semiconductor sector as the government launches a review. And we hear how NatWest has put data at the heart of customer strategy. Read the issue now. Continue Reading
News 12 Dec 2022

Cloud-based fingerprint system for UK police nears completion

Police Digital Service announces that a new cloud-based fingerprint system developed under its Transforming Forensics programme is nearly complete, but data protection concerns around the use of US-based cloud providers remain Continue Reading
Opinion 12 Dec 2022

Security Think Tank: Embrace prioritisation, people, imperfections

Security and IT professionals should try to make peace with their imperfections in 2023, says Nominet CISO Paul Lewis Continue Reading
News 09 Dec 2022

Iranian APT seen exploiting GitHub repository as C2 mechanism

A subgroup of the Iran-linked Cobalt Mirage APT group has been caught taking advantage of the GitHub open source project as a means to operate its latest custom malware Continue Reading
News 09 Dec 2022

Online Safety Bill returns to Parliament

MPs and online safety experts have expressed concern about encryption-breaking measures contained in the Online Safety Bill as it returns to Parliament for the first time since its passage was paused in July Continue Reading
Opinion 09 Dec 2022

Security Think Tank: 2022 changed how we thought about resilience

Increasing cyber resilience is at the heart of the people-processes-technology triangle, and 2022 saw shifts in all three of these aspects, says PA Consulting’s Sharon Shochat Continue Reading
News 08 Dec 2022

Consumers to get new protections against dodgy apps

Government’s new code of practice will impose new privacy and security measures on app store operators and developers Continue Reading
News 08 Dec 2022

Apple to tap third party for physical security keys

Apple is launching a number of new security protections, including the addition of third-party-provided hardware security keys Continue Reading
News 07 Dec 2022

Clinicians who raised patient safety risks claim Berkshire NHS trust deleted email evidence

A tribunal hearing considering claims that an NHS trust destroyed email evidence and had put the safety of geriatric patients at risk, was cut short after clinicians faced “life-changing” costs Continue Reading
News 07 Dec 2022

Rackspace email outage confirmed as ransomware attack

An ongoing outage affecting Rackspace email customers is the result of a ransomware attack Continue Reading
News 07 Dec 2022

Google, MS, Oracle vulnerabilities make November ’22 a big month for patching

Vulnerabilities affecting the likes of Google, Microsoft and Oracle proved particularly troublesome in November Continue Reading
Opinion 07 Dec 2022

Security Think Tank: As cyber pros, we need to articulate our needs better

There is always a lot to learn about security, but one of the most important lessons may not relate to technology at all, says Petra Wenham Continue Reading
News 07 Dec 2022

Post Office scandal – “cock-up or cook-up”?

The second phase of the Post Office Horizon IT scandal raised more questions over who did what, when and where, with shocking revelations at every turn Continue Reading
News 06 Dec 2022

Legacy IT magnifies cyber risk for Defra, says NAO

Some 30% of Defra’s applications are currently unsupported, magnifying cyber risk as the government department struggles to make progress on a digital transformation programme Continue Reading
News 06 Dec 2022

EU fails to protect human rights in surveillance tech transfers

Transfers of surveillance technology from the European Union to African governments are carried out without due regard for the human rights impacts, the European Ombudsman has found after a year-long investigation into the European Commission’s management of an aid fund Continue Reading
News 06 Dec 2022

Don’t become an unwitting tool in Russia’s cyber war

Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack? Continue Reading
News 05 Dec 2022

Fake investment ads persist on Meta’s social networks

Online adverts for investment scams relating to property and crypto assets are still getting past measures designed to stop them Continue Reading
News 05 Dec 2022

DCMS to assess UK semiconductor industry

The ongoing global chip crisis, geopolitician tension with China and deal-blocking are the backdrop to this latest assessment Continue Reading
News 05 Dec 2022

Cohesity doubles down on cyber-defence failings via backup

Datahawk service and Data Security Alliance bring clean data restores, ransomware artefact detection, data vaulting and data audit for a clearer understanding of attack impact Continue Reading
News 05 Dec 2022

French cyber consultancy Hackuity sets up UK operation

Risk-based vulnerability management company is to establish a UK base of operations in the hope of expanding its enterprise client base Continue Reading
News 02 Dec 2022

Post Office boosted its ‘coffers’ as Horizon system threw up unexplained shortfalls, inquiry told

The Post Office was ‘keen’ to make subpostmasters cover unexplained accounting shortfall as its business struggled, public inquiry hears Continue Reading
News 02 Dec 2022

Twitter ‘replacement’ Hive Social shuts off service in privacy alert

Hive Social, a recently established social media network, has temporarily closed its servers to address deep structural privacy issues identified by ethical hackers Continue Reading
News 01 Dec 2022

MI6 chief’s hacked emails attacked MI5 and betrayed British spy operations in China

Former UK spy boss Richard Dearlove leaked names of MI6 secret agent recruiters in China to back an aggressive right-wing US campaign against tech company Huawei. His emails were hacked and then leaked – probably by Russian intelligence Continue Reading
News 01 Dec 2022

LastPass probes new cyber incident related to August attack

The August 2022 cyber attack on LastPass seems to have begat another incident, according to company CEO Karim Toubba Continue Reading
News 30 Nov 2022

Microsoft 365 banned in German schools over privacy concerns

German schools cannot legally use Microsoft Office 365 over lack of clarity about how data is collected, shared and used, as well as the potential for unlawful transfer of European citizens’ personal data to the US Continue Reading
News 30 Nov 2022

South Staffs Water customer data leaked after ransomware attack

Personal data of water utility’s direct debit customers exposed on the dark web following a Clop ransomware attack Continue Reading
News 30 Nov 2022

NIS regulations to be extended to cover MSPs

The UK government is moving ahead with plans to update the Network and Information Systems regulations to bring outsourcers and MSPs into scope Continue Reading
News 30 Nov 2022

Parity AI talks about auditing recruitment algorithms for bias

Algorithmic auditing firm Parity speaks to Computer Weekly about the process of auditing artificial intelligence for bias, following its partnership with AI-powered recruitment platform Beamery Continue Reading
Opinion 30 Nov 2022

Think technology, process, human risk to manage ransomware

Effective ransomware handling boils down to three core areas – technology, process and human risk Continue Reading
Opinion 29 Nov 2022

Chartered status and aligned standards are crucial for the UK's cyber sector

As the UK moves closer to ushering in the world’s first chartered cyber professionals, the UK Cyber Security Council’s Simon Hepburn outlines the sector’s defining moment Continue Reading
News 29 Nov 2022

‘Legal but harmful’ clause dropped from Online Safety Bill

Online Safety Bill’s ‘legal but harmful’ provision will be dropped by the UK government in favour of public risk assessments, tools to help users control the content they consume, and new criminal offences around self-harm Continue Reading
News 25 Nov 2022

Data management, backup becoming the CISO's responsibility

More and more CISOs are taking on responsibility for wider data management strategies, and this trend looks set to grow next year Continue Reading
Feature 24 Nov 2022

Indefinite storage: What it is and why you might need it

Indefinite storage addresses the issue that archived data may need to be kept well beyond the lifespan of the technology it was written for Continue Reading
Opinion 24 Nov 2022

Your staff are the frontline in your ransomware fight

As part of a solid cyber defence plan, the CISO must make sure that the frontline within the organisation is prepared for an attack, says Theodore Wiggins of Airbus Protect Continue Reading
News 23 Nov 2022

UK police arrest 120 in largest-ever cyber fraud crackdown

The administrator and more than 100 users of the iSpoof.cc cyber fraud website have been arrested in a major counter-fraud operation led by the Metropolitan Police Continue Reading
News 23 Nov 2022

AI accountability held back by ‘audit-washing’ practices

Algorithmic auditing will be useless in holding artificial intelligence accountable until there are common standards, approaches and goals that scrutinise systems at each stage of development and deployment, says think-tank Continue Reading
News 23 Nov 2022

South Korea data adequacy pact brings £15m Brexit bonus

UK government finalises a data adequacy agreement with South Korea, saying it will unlock a post-Brexit business bonus of just under £15m Continue Reading
News 23 Nov 2022

Red team tool developer slams ‘irresponsible’ disclosure

UK security firm MDSec defends its Nighthawk command and control penetration testing framework after suggestions were made that it could be appropriated by threat actors Continue Reading
News 22 Nov 2022

Ducktail spins new tales to hijack Facebook Business accounts

The increasingly active Ducktail cyber crime operation is refining its operations, seeking new methods to compromise its victims’ Facebook Business accounts Continue Reading
News 22 Nov 2022

Killnet DDoS hacktivists target Royal Family and others

Russia-aligned hacktivists targeted multiple UK websites, including those of the Royal Family, in a new campaign of DDoS attacks Continue Reading
Feature 22 Nov 2022

Cloud storage: Key storage specifications

We look at the key specs in cloud storage, including availability – such as five nines – bandwidth, IOPS and latency, capacity and tiering functionality, egress charges and security Continue Reading
E-Zine 21 Nov 2022

CW APAC: Trend Watch: Artificial intelligence in APAC

Artificial intelligence is becoming more commonplace across business. In this handbook, focused on the adoption of the technology in the Asia-Pacific region, Computer Weekly looks at what still stands in its way, Dell’s deep learning model, how AI can realise its potential in healthcare, and the pros and cons of using AI and ML applications in the cloud. Continue Reading
News 21 Nov 2022

Bug Bounty Calculator helps organisations fine-tune their payouts

Newly launched comparison tool will supposedly help operators of vulnerability disclosure or bug bounty programmes to ensure their payments match market rates and expectations, and attract the right sort of attention Continue Reading
News 21 Nov 2022

NHS federated data platform must avoid repeating Care.data mistakes, says national data guardian

UK’s national data guardian agrees with the ambitions of the platform, but warns that the programme must avoid ‘common pitfalls around trust and transparency’ Continue Reading
News 21 Nov 2022

AI adopted without due consideration for workers, MPs told

MPs have been warned that the rapid roll-out of artificial intelligence in workplaces has changed UK enterprises’ management practices so much that current employment law is no longer fit for purpose Continue Reading
News 21 Nov 2022

NHS trust that deleted up to 90,000 emails cleared of deliberately concealing evidence

A tribunal found in a high-profile case brought by whistleblower Chris Day that an NHS trust had not deliberately concealed evidence when a director deleted up to 90,000 emails before he was due to testify Continue Reading
Feature 21 Nov 2022

Ransomware, storage and backup: Impacts, limits and capabilities

We look at the impact of ransomware on storage and backup, how storage and data protection can best be used to combat ransomware, and how they fit in the fight against it Continue Reading
News 18 Nov 2022

Is Elon Musk’s Twitter safe, and should you stop using it?

With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use Continue Reading
News 18 Nov 2022

New gold standard to protect good faith hackers

HackerOne’s new Gold Standard Safe Harbour statement will supposedly act as a guarantee for good faith hacking Continue Reading