IT governance
IT governance provides the core workflows and processes that help IT managers to oversee the successful functioning of the IT department, and to prove the value of IT to the business. Regulations and compliance are just as important as technological and management skills, and we highlight the best practice in IT governance and the example of successful IT leaders.
-
Feature
11 Jul 2023
Norwegian data privacy experts sound alarm over generative AI
Hundreds of millions of people embrace generative artificial intelligence, blissfully ignorant of what it’s doing to data privacy. Continue Reading
-
News
24 Apr 2023
Finland and Estonia deepen cross-border digital partnerships
Finland and Estonia, two global tech pioneers, are increasingly sharing their expertise Continue Reading
-
News
18 Nov 2022
Post Office scandal inquiry’s expert IT witness ‘troubled’ by his findings
Controversial Post Office Horizon system lacked the integrity required to trust accounting data and contained ‘joke’ coding akin to an ‘overly engineered mousetrap’, inquiry told Continue Reading
-
News
18 Nov 2022
CyberPeace Institute helps NGOs improve their security resilience
Adrien Ogée of the CyberPeace Institute talks about his work supporting NGOs and humanitarian organisations, and how the security community at large can help protect the world’s most vulnerable people Continue Reading
-
News
17 Nov 2022
Brexit deregulation will make UK next Silicon Valley, vows Hunt
Chancellor vows to revolutionise how the IT industry is regulated to spur competition, investment and innovation in a technological ‘Big Bang’ Continue Reading
-
News
17 Nov 2022
Another Log4Shell warning after Iranian attack on US government
The breach of a US federal body by an Iranian threat actor exploiting the Adobe Log4j Log4Shell vulnerability has prompted a fresh flurry of patching Continue Reading
-
News
17 Nov 2022
NHS Digital confirms final settlement of £3.95m with HMRC following conclusion of IR35 investigation
The health service’s digital arm has paid HMRC £3.95m in unpaid tax to cover the cost of its IR35 compliance errors Continue Reading
-
Opinion
17 Nov 2022
Gartner: Three key tasks needed to decommission applications
A guide to slimming down a full portfolio of applications that are expensive to maintain and difficult to adapt to business needs Continue Reading
-
News
16 Nov 2022
Global network fragmentation a source of increasing risk
Risk consultancy’s report says the weaponisation of cyber space and geopolitical clashes herald a breakdown of global networks into distinct regional or national architectures Continue Reading
-
Opinion
16 Nov 2022
Security Think Tank: Ransomware defences: An extended to-do list
Strategies to extend ransomware protection beyond backups and intrusion detection must centre dark web monitoring, among other things Continue Reading
-
News
15 Nov 2022
APP fraud volumes expected to double by 2026, says report
Losses to authorised push payment fraud in the UK are expected to climb to over $1.5bn in the next four years. Meanwhile, the NAO accuses the Home Office of lagging on progress to tackle the issue Continue Reading
-
News
15 Nov 2022
Met Police removes nearly two-thirds of people from gangs matrix
Legal action by human rights group Liberty forces Met Police to overhaul its gangs violence matrix database Continue Reading
-
News
14 Nov 2022
Sadiq Khan launches Data for London Advisory Board
Board will look at how to join up and share data between public and private London organisations in an effort to build a stronger data economy and improve public services Continue Reading
-
Opinion
14 Nov 2022
Security Think Tank: Let’s be transparent about ransomware
Greater transparency regarding ransomware attacks, including details about attack methods used and what kinds of assets were compromised, would likely help the community prevent future attacks Continue Reading
-
Feature
14 Nov 2022
How to prepare for ransomware
What are the best practices you should use to protect against ransomware attacks and manage such attacks when they do happen? Continue Reading
-
Opinion
11 Nov 2022
Cyber insurance: The good, the bad and the ugly
Most cyber insurance contracts are innately flawed because they exclude losses arising from state-backed cyber attacks, and this will make proper attribution even more important in the future, says Cisco Talos’ Martin Lee Continue Reading
-
News
11 Nov 2022
Volume of self-reported breaches to ICO jumps 30%
The number of self-reported breaches to the UK’s Information Commissioner’s Office soared by nearly 30% in the 12 months to 30 June 2022 Continue Reading
-
News
11 Nov 2022
MoD recruits Immersive Labs to bolster cyber resilience
UK’s Ministry of Defence will run cyber drills and address its security talent gap with Immersive Labs’ CyberPro, Cyber Crisis Simulator and Application Security products Continue Reading
-
Opinion
11 Nov 2022
Security Think Tank: To stop ransomware, preparation is the best medicine
You can’t ‘stop’ ransomware, but you can do a lot to keep yourself from becoming ensnared when it strikes Continue Reading
-
News
10 Nov 2022
Scrutinising AI requires holistic, end-to-end system audits
Understanding the full impacts of artificial intelligence requires organisations to conduct end-to-end social and technical audits of their systems, but the process comes with a number of challenges Continue Reading
-
News
10 Nov 2022
Cyber criminals have World Cup Qatar 2022 in their sights
Volumes of malicious cyber activity around the upcoming FIFA World Cup are already starting to tick upwards and are likely to continue to do so Continue Reading
-
Opinion
10 Nov 2022
All means all when it comes to encryption
Nigel Thorpe, technical director at SecureAge, makes the case for encrypting everything all of the time when it comes to protecting data Continue Reading
-
News
09 Nov 2022
UK’s National Cyber Advisory Board convenes for first time
Government convenes National Cyber Advisory Board to further its goals of making the UK one of the safest places to live and work online Continue Reading
-
News
09 Nov 2022
Microsoft serves smorgasbord of six zero-days
November’s Patch Tuesday fixes significantly fewer vulnerabilities of late, but includes six actively-exploited zero-days, three of them of critical severity Continue Reading
-
News
09 Nov 2022
Fujitsu expert witness in subpostmaster trial ‘manoeuvred’ into role, public inquiry told
A former Fujitsu technology expert who defended the Horizon system’s robustness in court was unhappy after being ‘manoeuvred’ into acting as an expert witness, public inquiry hears Continue Reading
-
Opinion
09 Nov 2022
Security Think Tank: Anti-ransomware strategies should be as easy as ABC
When developing and implementing ransomware protection strategies, the importance of paying thorough attention to security measures you might consider elementary cannot be understated Continue Reading
-
News
08 Nov 2022
Six subpostmaster convictions referred for appeal in Scotland
Six former subpostmasters in Scotland will have appeals against criminal convictions heard after being referred by Scotland’s Criminal Cases Review Commission Continue Reading
-
07 Nov 2022
US president ramps up China chip sanctions
War of words between China and US has ramifications across the tech sector. Continue Reading
-
Definition
07 Nov 2022
accountability
Accountability is an assurance that an individual or an organization is evaluated on its performance or behavior related to something for which it is responsible. Continue Reading
-
News
07 Nov 2022
Public sector IT projects need ethical data practices from start
Data ethics needs to be integrated into public sector IT projects from the very start, and considered throughout every stage of the process, to be effective Continue Reading
-
News
07 Nov 2022
Department for Education escapes £10m fine over data misuse
Department entrusted data on 28 million children to a company called Trustopia, which turned out to be anything but trustworthy, but has escaped a £10m fine under new rules Continue Reading
-
Opinion
07 Nov 2022
To fight ransomware, we must treat digital infrastructure as critical
Ransomware defence is failing because we don’t view our digital infrastructure in the same way as our physical infrastructure, argues Elastic’s Mandy Andress Continue Reading
-
News
04 Nov 2022
Microsoft: Nation-state cyber attacks became increasingly destructive in 2022
The willingness of nation-state actors to conduct destructive cyber attacks is a source of grave concern, as Microsoft’s latest annual Digital Defence Report lays bare Continue Reading
-
Opinion
04 Nov 2022
Security Think Tank: Ransomware and CISOs’ balancing act
Ransomware has the potential to cause irreversible business damage, so CISOs should consider not only protection but also response and recovery Continue Reading
-
News
03 Nov 2022
Confirmation bias led Post Office to prosecute subpostmasters without investigation, inquiry told
Former Post Office tech leader tells public inquiry that confirmation bias led to hundreds of subpostmasters being prosecuted for financial crimes without proper investigation Continue Reading
-
News
03 Nov 2022
Automated threats biggest source of cyber risk for retailers
Threat actors targeting retailers during the coming holiday season are increasingly turning to automated forms of cyber attack, according to a report Continue Reading
-
News
03 Nov 2022
Global coalition reaffirms commitment to fight ransomware
Representatives of 36 countries, as well as the EU, attended the second International Counter Ransomware Initiative Summit in Washington DC Continue Reading
-
News
02 Nov 2022
Shadow digital secretary outlines Labour’s tech priorities
Labour’s digital and technology plans focus on reining in the power of the tech giants, boosting connectivity across the UK, and improving online safety Continue Reading
-
News
02 Nov 2022
Dropbox code compromised in phishing attack
Cloud storage service says malicious actors successfully accessed some of its code within GitHub, but insists customer data is secure Continue Reading
-
News
02 Nov 2022
UK spent £6.4m on secret cyber package for Ukraine
Westminster has revealed for the first time the existence of a previously top-secret security programme that has been helping Ukraine fend off Russian cyber attacks Continue Reading
-
Opinion
02 Nov 2022
Security Think Tank: Know your networks, know your suppliers
To combat the ransomware scourge, we must work harder to monitor and learn from the increasingly complex threat environment, keep a closer eye on supply chains, and share our insights Continue Reading
-
News
01 Nov 2022
A third of UK cyber leaders want to quit, report says
Nearly a third of UK security leaders are considering leaving their current role, and more than half are struggling to keep on top of their workload Continue Reading
-
News
01 Nov 2022
NCSC looks back on year of ‘profound change’ for cyber
The NCSC ramped up its support for UK plc in the past 12 months, but it was events beyond the UK’s borders that proved the most impactful Continue Reading
-
Opinion
31 Oct 2022
How to build consumer trust with a privacy-by-design approach
Undertaken with the right mindset and technology, privacy by design delivers value to consumers and builds trust for the long term Continue Reading
-
Opinion
31 Oct 2022
The risk of losing our EU data adequacy agreement is real
While some may welcome the government’s ambition to shake up the UK’s data protection regime, Westminster should be wary of drifting too far from the path charted by our US and European partners Continue Reading
-
Feature
31 Oct 2022
AI experts question tech industry’s ethical commitments
The massive proliferation of ethical frameworks for artificial intelligence has done little to change how the technology is developed and deployed, with experts questioning the tech industry’s commitment to making it a positive social force Continue Reading
-
News
31 Oct 2022
Prepare today for potentially high-impact OpenSSL bug
OpenSSL trailed a critical vulnerability patch last week, which will be only the second such flaw ever found in the open source encryption project. Unfortunately, the first was Heartbleed Continue Reading
-
Opinion
31 Oct 2022
Security Think Tank: Container security: why so different?
Done well, container security can be a model for securing the enterprise, and businesses that focus their teams on solving it can help accelerate positive change in other areas Continue Reading
-
Feature
31 Oct 2022
The tech helping organisations manage their finances
With a worsening economic climate, software has an important role in helping finance departments control budgets and spending Continue Reading
-
News
28 Oct 2022
Post Office warned of Horizon software-induced ‘tragedy’ in 1999
Problems experienced during live trials of the Post Office Horizon system predicted the ‘tragedy’ that unfolded Continue Reading
-
Opinion
28 Oct 2022
How has container security changed since 2020, and have we taken it too far?
While containers are now one of the most popular ways to deploy applications, it is fair to say that the adoption and implementation of security best practice to govern their use has not kept up Continue Reading
-
News
27 Oct 2022
Government ups cyber support for elderly, vulnerable web users
DCMS announces a funding boost to help the elderly, disabled and other vulnerable groups stay safe online and avoid being misled by disinformation Continue Reading
-
Feature
27 Oct 2022
Will the OCSF create an open and collaborative cyber industry?
The Open Cybersecurity Schema Framework promises to transform security data analysis and collection, but there are challenges around adoption Continue Reading
-
News
27 Oct 2022
NHS to get new national CISO
The Department for Health and Social Care is seeking a new national CISO, who will be tasked with providing strategic cyber leadership, direction and expertise across DHSC and the wider NHS Continue Reading
-
News
27 Oct 2022
LinkedIn adds new features to safeguard user privacy, security
Social media platform is adding a number of features and systems designed to protect legitimate users from inauthentic profiles and activity Continue Reading
-
News
27 Oct 2022
Santander calls for cooperation to tackle APP fraud
New report puts forward key recommendations that the banking sector, government and other industries could take to tackle authorised push payment fraud Continue Reading
-
News
26 Oct 2022
ICO warns against using biometrics for ‘emotional analysis’
ICO warning highlights risk of ‘systemic bias’ and discrimination associated with organisations using biometric data and technologies for emotion analysis Continue Reading
-
Opinion
26 Oct 2022
The Conservatives are laughing at cyber security pros
If causing a security breach is a resigning matter, then you shouldn’t expect to get your old job back a week later. Unless you’re a Conservative home secretary, apparently Continue Reading
-
News
25 Oct 2022
One in five tech workers subject to workplace surveillance
Digital surveillance is now a common feature of the UK’s post-pandemic economy, says Prospect Union, adding to growing calls for workers to be given a greater say over how technologies are deployed in the workplace Continue Reading
-
News
25 Oct 2022
US authorities charge two Chinese spies over telco security probe
Two Chinese nationals have been charged with attempting to obstruct the criminal prosecution of a prominent Chinese telecoms firm Continue Reading
-
News
25 Oct 2022
Germany: European Court of Justice asked to rule on legality of hacked EncroChat phone evidence
Berlin’s Regional Court has asked the European Court of Justice to answer questions about whether the use of hacked EncroChat phone evidence complies with European law Continue Reading
-
News
25 Oct 2022
Digital-first businesses more willing to accept some fraud
Companies founded in the past 20 years appear more willing to accept higher levels of fraudulent activity during the customer onboarding process, according to a report Continue Reading
-
News
24 Oct 2022
Complacency biggest cyber risk to UK plc, says ICO
Information commissioner John Edwards warns against complacency as his office issues a multimillion-pound fine to a building company that failed to prevent a ransomware attack Continue Reading
-
Feature
24 Oct 2022
Improving finance and accounting software with AI
Artificial intelligence algorithms and datasets have potential value across many areas in finance and accounting, but usage isn’t yet widespread Continue Reading
-
Feature
20 Oct 2022
What do the US’s new software security rules mean for UK organisations?
The White House announced recently that all software supplied to the US government and its agencies needs to be secure, so what does this mean for the UK and EU security sectors? Continue Reading
-
News
20 Oct 2022
The Security Interviews: Why now for ZTNA 2.0?
With organisations facing escalating online threats, security teams need to improve their defences using zero-trust network access to preserve the integrity of their systems. Palo Alto Networks’ Simon Crocker shares his views on zero-trust network access Continue Reading
-
News
20 Oct 2022
Parliamentary committee launches inquiry into AI governance
MPs will examine the impacts of artificial intelligence throughout the UK economy and how governance of the technology can be improved ahead of the government publishing its formal regulatory proposals Continue Reading
-
News
19 Oct 2022
Ransomware crews regrouping as LockBit rise continues
Overall ransomware activity dropped off in the third quarter of 2022, but increasing attack volumes in September may herald a difficult few months ahead Continue Reading
-
News
19 Oct 2022
Treat cyber crime as a ‘strategic threat’, UK businesses told
The government’s new National Cyber Advisory Board aims to help elevate cyber discussion and spur action in the business community Continue Reading
-
News
18 Oct 2022
Virtually all vulnerable open source downloads are avoidable
Some 96% of known vulnerable open source downloads could have been avoided altogether, according to a report Continue Reading
-
17 Oct 2022
EU rolling out measures for online safety and artificial intelligence accountability
European Council approves passage of the Digital Services Act to protect our rights online as European Commission announces proposals to help those negatively affected by AI to claim compensation. Continue Reading
-
News
17 Oct 2022
Biden ramps up China chip sanctions
The war of words between China and the US has ramifications across the high-tech sector. We report on the latest developments Continue Reading
-
Feature
17 Oct 2022
API management: Assessing reliability and security
Once an API is published, its developer then has responsibility to ensure it is kept up to date and is secure Continue Reading
-
News
14 Oct 2022
Annual costs of Hackney ransomware attack exceed £12m
Hackney Council reveals new insight into the ongoing cost of a ransomware attack that devastated its systems two years ago Continue Reading
-
News
14 Oct 2022
Office 365 email encryption flaw could pose risk to user privacy
A vulnerability in Microsoft Office 365 Message Encryption could leave the contents of emails dangerously exposed, but with no fix coming it’s up to users to decide how at risk they are Continue Reading
-
News
14 Oct 2022
Advanced: Healthcare data was stolen in LockBit 3.0 attack
Advanced has revealed a total of 16 of its health and social care sector customers had their data exfiltrated in a recent ransomware attack Continue Reading
-
News
13 Oct 2022
Perpetrators of subpostmaster suffering in Horizon scandal must face public inquiry
Victims demand that the perpetrators of the Post Office Horizon IT scandal face the public inquiry Continue Reading
-
News
12 Oct 2022
Microsoft fixes lone zero-day on October Patch Tuesday
Microsoft patched a solitary zero-day vulnerability in its latest monthly drop, but fixes for two others disclosed in the past few weeks are nowhere to be seen Continue Reading
-
News
12 Oct 2022
ICO selectively discloses reprimands for data protection breaches
Data protection experts question ICO’s selective approach to publishing formal reprimands for contravening the law, after FoI request reveals the Cabinet Office was among the organisations reprimanded Continue Reading
-
Opinion
11 Oct 2022
Reducing the cyber stack with API security
Budgets are tight, making it difficult to secure spend, but is there an argument for jettisoning fragmented approaches to securing APIs in favour of a dedicated end-to-end approach? Doubling down on API security could help businesses not just reduce risk, but also costs Continue Reading
-
News
11 Oct 2022
Contractor left Toyota source code exposed for five years
Source code related to Toyota’s T-Connect service was left exposed on GitHub for over five years by a contractor Continue Reading
-
News
10 Oct 2022
Ukraine and EU explore deeper cyber collaboration
A Ukrainian delegation has met with officials from the EU’s ENISA cyber agency to explore deeper cooperation on cyber security issues Continue Reading
-
Opinion
10 Oct 2022
Security Think Tank: Design security in to reap container benefits
Provided container security basics are built into your development and runtime environment from the start, containerised services and applications can provide rapid – and secure – achievement of business objectives Continue Reading
-
News
06 Oct 2022
EU rolling out measures for online safety and AI liability
The European Council has approved the passage of the Digital Services Act to protect people’s rights online, while the European Commission has announced proposals to help those negatively affected by artificial intelligence to claim compensation Continue Reading
-
Feature
05 Oct 2022
Air gaps for backup and how they help against ransomware
The air gap is a basic of backups and storage. We look at what’s meant by an air gap, the rise of the logical air gap, and its place in the fight against ransomware Continue Reading
-
News
05 Oct 2022
Italian Supreme Court calls for prosecutors to disclose information on Sky ECC hacking operation
Italy’s Supreme Court says Italian prosecutors and police should disclose information on how they obtained intercepted messages from the Sky ECC cryptophone network Continue Reading
-
Opinion
05 Oct 2022
Use site reliability engineering to address cloud instability
How do you prepare for a worst-case scenario, when the public cloud hosting critical components of your IT infrastructure fails? Continue Reading
-
News
04 Oct 2022
Public sector aims to close digital skills gap with private sector
Digital leaders from the public sector have stressed the need to build up the digital skills and capabilities of civil servants to successfully deliver the government’s digital transformation ambitions, but not at the expense of supplier ecosystems Continue Reading
-
News
04 Oct 2022
Tories to replace GDPR
IT industry reacts to the government’s plan to replace the pan-European data protection regulation Continue Reading
-
News
30 Sep 2022
Surveillance tech firms complicit in MENA human rights abuses
Research finds companies are profiting from surveillance technologies that facilitate human rights abuses against migrants, asylum seekers and refugees in the Middle East and North Africa, with little to no oversight Continue Reading
-
News
28 Sep 2022
Whistleblower Peter Duffy calls for oversight of NHS records to prevent evidence tampering
A whistleblower has called for greater oversight in the handling of ‘safety-critical digital information’ across the NHS, in light of a number of cases that raise questions about data governance and record-keeping within the health service Continue Reading
-
Opinion
28 Sep 2022
Security Think Tank: Three steps to a solid DevSecOps strategy
Read about how buyers can manage third-party risk when procuring applications, how to secure the software development process, and even how to affect cultural change among developers not used to thinking cyber first Continue Reading
-
News
28 Sep 2022
Most hackers exfiltrate data within five hours of gaining access
Insights from more than 300 sanctioned adversaries, otherwise known as ‘ethical’ hackers, reveal that around two-thirds are able to collect and exfiltrate data within just five hours of gaining access Continue Reading
-
News
26 Sep 2022
How Russian intelligence hacked the encrypted emails of former MI6 boss Richard Dearlove
Hack by Russian-linked ColdRiver group exposed former MI6 chief Richard Dearlove’s contacts and email communications with government, military, intelligence and political officials Continue Reading
-
Opinion
23 Sep 2022
It’s time for engineering teams to own DevSecOps
It may seem counterintuitive, but maybe organisations should consider delegating responsibility for DevSecOps to engineering teams, not security teams, argues Elastic’s Mandy Andress Continue Reading
-
News
23 Sep 2022
Threat actors abused lack of MFA, OAuth in spam campaign
Microsoft threat researchers have reported on a series of cyber attacks in which enterprises with lax IAM policies had their systems hijacked to conduct spam email campaigns Continue Reading
-
News
22 Sep 2022
Ofcom turns its attention to the hyperscalers
The regulator sees its role expanding into emerging areas of communications technologies and public cloud services Continue Reading
-
News
22 Sep 2022
Privacy Pledge signatories dream of alternative internet
A group of privacy-focused organisations have come together to establish a set of principles for taking the internet back from big tech and surveillance capitalism Continue Reading
-
News
21 Sep 2022
NCSC publishes cyber guidance for retailers
The NCSC has published tailored advice to support online retailers, hospitality providers and utility services in protecting themselves and their customers from cyber crime Continue Reading
-
News
20 Sep 2022
Thousands of customers affected in Revolut data breach
Digital challenger bank has warned its customers to be vigilant after their data was exposed in a cyber attack Continue Reading
-
News
20 Sep 2022
IHG attackers phished employee to deploy destructive wiper
A couple from Vietnam who claim to be behind a destructive wiper cyber attack on hotel operator IHG told the BBC how they orchestrated their operation Continue Reading
-
News
20 Sep 2022
Reports Uber and Rockstar incidents work of same attacker
Rockstar Games was hit over the weekend by an attacker who claimed to have accessed its Slack channel to steal data on an upcoming release, and may be the same person who compromised Uber Continue Reading