IT governance

IT governance provides the core workflows and processes that help IT managers to oversee the successful functioning of the IT department, and to prove the value of IT to the business. Regulations and compliance are just as important as technological and management skills, and we highlight the best practice in IT governance and the example of successful IT leaders.

Feature 11 Jul 2023
Norwegian data privacy experts sound alarm over generative AI

Hundreds of millions of people embrace generative artificial intelligence, blissfully ignorant of what it’s doing to data privacy. Continue Reading
News 24 Apr 2023
Finland and Estonia deepen cross-border digital partnerships

Finland and Estonia, two global tech pioneers, are increasingly sharing their expertise Continue Reading

News 16 Sep 2022

Six new vulnerabilities added to CISA catalogue

CISA adds six new vulnerabilities to its most-wanted list, including one that dates back to 2010 Continue Reading
News 16 Sep 2022

Uber suffers major cyber attack

Details are trickling out of an apparent ‘near total’ compromise of ride-sharing service Uber by an alleged teenage hacktivist Continue Reading
News 15 Sep 2022

EU Cyber Resilience Act sets global standard for connected products

European Commission lays out proposed security regulations on device and software security to better protect consumers and drive global standards Continue Reading
News 15 Sep 2022

New player pioneers ‘active cyber insurance’ for UK market

Arrival of US-based insurer Coalition in London will supposedly offer SMEs more options when it comes to cyber security insurance Continue Reading
News 15 Sep 2022

Organisations failing to account for digital trust

The vast majority of businesses are well aware of the importance of digital trust, yet very few have a dedicated staff role responsible for it, report finds Continue Reading
News 15 Sep 2022

US charges three Iranians over CNI cyber attacks

Three Iranian nationals have been indicted over a spate of ransomware attacks against organisations in the US, UK, Israel and Iran Continue Reading
News 14 Sep 2022

Ex-CISA head Krebs: Disrupt ransomware support networks to win the war

Speaking at an event hosted by data protection specialist Rubrik, former CISA director Chris Krebs calls for the security community to work collectively to kick out the supports from under ransomware gangs Continue Reading
News 14 Sep 2022

Microsoft patches 64 vulnerabilities on September Patch Tuesday

Microsoft drops fixes for five critical vulnerabilities and one zero-day in its latest monthly update Continue Reading
News 13 Sep 2022

Cloud compromise a doddle for threat actors as victims attest

Two separate studies into the state of public cloud security reveal insight into the ease with which threat actors can compromise vast numbers of targets, and some of the challenges security teams are facing in the cloud Continue Reading
News 13 Sep 2022

Users warned over Azure Active Directory authentication flaw

Secureworks researchers found what they say is a serious vulnerability in an Azure Active Directory authentication method, but Microsoft says it should not pose a serious risk to users Continue Reading
News 13 Sep 2022

Multi-persona impersonation adds new dimension to phishing

Iranian APT used multiple personas on a single email thread to convince targets of the legitimacy of its phishing lures Continue Reading
E-Zine 13 Sep 2022

Source responsibly: Tech sector efforts to root out forced labour are failing

In this week’s Computer Weekly, we analyse the technology industry’s failure to extirpate forced labour and slavery from its supply chains. We find out how cyber security firm Okta is rebuilding customer trust after a major security incident. And we discover how Caterpillar is modernising its data management to offer better customer service. Read the issue now. Continue Reading
News 12 Sep 2022

Mandiant floats off into Google Cloud

As planned, the acquisition of Mandiant will see the threat intel and incident response giant become a part of Google’s Cloud business Continue Reading
News 12 Sep 2022

CISOs should spend on critical apps, cloud, zero-trust, in 2023

Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts Continue Reading
News 12 Sep 2022

Lloyd’s of London is digitally transforming through the front door

Centuries-old financial services organisation is transforming its complex IT infrastructure through digital data Continue Reading
Blog Post 09 Sep 2022

Apple iPhone 14: Time to put our desire for shiny new things into perspective

Can the launch of the iPhone 14 have come at a worse time? The standard of living of people is falling, inflation is rising rapidly, the pound is crashing and fuel bills are sky high and set to ... Continue Reading
E-Zine 09 Sep 2022

CW Europe: Why Russia could become the world’s biggest market for illegal IT

Faced with international sanctions and the departure of many global IT suppliers from Russia, companies there are seeking alternative, and sometimes illegal, routes to access IT products. Also read how new requirements are driving scientists and engineers in Europe back to the lab to start developing 6G technology. Continue Reading
Opinion 09 Sep 2022

Security Think Tank: Adding trust to AppSec and DevSecOps

When building in trust and assurance into app development through standards, it is critically important not to stifle innovation Continue Reading
News 08 Sep 2022

NCSC CyberUK event heads to Belfast in 2023

National Cyber Security Centre’s annual CyberUK roadshow is crossing the Irish Sea to Belfast in April 2023 Continue Reading
News 08 Sep 2022

The changing role of CIO in Sweden

New technologies and evolving business models are changing the missions of IT leaders around the world – and in most cases, the result is slightly different from one country to another Continue Reading
Opinion 08 Sep 2022

Security Think Tank: Creating a DevSecOps-friendly cyber strategy

When slowing down is not an option, you need to find a security strategy that is DevSecOps friendly, says Airbus Protect’s Olivier Allaire Continue Reading
News 07 Sep 2022

Albania cuts diplomatic ties with Iran after cyber attack

In a global geopolitical first, the Albanian government has severed diplomatic ties with Iran and expelled its ambassador after it was targeted by an APT backed by Tehran Continue Reading
News 07 Sep 2022

Prince’s Trust teams with threat management specialist in skills push

Prince’s Trust hopes to address shortfall in cyber professionals and improve diversity in the industry Continue Reading
News 07 Sep 2022

Hotel group IHG confirms cyber attack after two-day outage

IHG, the operator of hotel chains Crowne Plaza, Holiday Inn, Intercontinental and Kimpton, says it has been targeted by an unknown threat actor Continue Reading
Opinion 07 Sep 2022

Security Think Tank: The many dimensions of DevSecOps

It is imperative to make our colleagues and customers know that when we talk DevSecOps, we are facing a multiphase challenge that starts at the very beginning of DevOps, and one that never ends Continue Reading
News 06 Sep 2022

Campaigners call on Truss to change UK’s archaic hacking laws

The CyberUp coalition, a campaign to reform the Computer Misuse Act, has called on Liz Truss to push ahead with needed changes to protect cyber pros from potential prosecution Continue Reading
News 06 Sep 2022

Bus company Go-Ahead fighting off cyber attack

Go-Ahead Group, which operates bus companies around the UK, says it is in the process of dealing with a cyber attack that may cause disruption to services Continue Reading
News 05 Sep 2022

How Okta is regaining customer trust after a cyber attack

In early 2022, cyber firm Okta was among several tech companies hit by the Lapsus$ gang. Vice-president of customer trust Ben King talks about how he has been working behind the scenes to rebuild confidence after the incident Continue Reading
Opinion 05 Sep 2022

Security Think Tank: Good procurement practices pave the way to app security

Application security is as much a question of good procurement practice as it is good development practice, says Petra Wenham of the BCS Continue Reading
News 01 Sep 2022

Local authorities experience 10,000 attempted cyber attacks every day

Local authorities across the UK face a daily deluge of cyber incidents, with phishing and DDoS attacks the most prevalent, according to an insurance broker Continue Reading
News 01 Sep 2022

Swedish Electronics Protection Act coincides with major cyber spend

Swedish cyber security law comes at a time of heavy government investment Continue Reading
Opinion 01 Sep 2022

Security Think Tank: Effective DevSecOps requires collaboration

Application security and effective DevSecOps can only be achieved through collaboration with the business – the ultimate goal is to make it safer to do business, which requires considering integrated risk management and identity and access management alongside cyber security and application security Continue Reading
News 30 Aug 2022

IAM house Okta confirms 0ktapus/Scatter Swine attack

Following last week’s disclosureby Group-IB researchers of a major phishing campaign, Okta has warned its customers to be on their guard Continue Reading
Definition 29 Aug 2022

corporate governance

Corporate governance is the combination of rules, processes and laws by which businesses are operated, regulated and controlled. Continue Reading
News 25 Aug 2022

Criminal 0ktapus spoofed IAM firm in massive phishing attack

Researchers at Group-IB have published research on a major phishing campaign that ensnared victims at the likes of Cloudflare and Twilio Continue Reading
News 25 Aug 2022

Millions of Plex users may be at risk in password breach

Up to half of Plex’s 30 million users may have had their personal data stolen by an unknown threat actor Continue Reading
News 25 Aug 2022

LockBit 3.0 cements dominance of ransomware ecosystem

Ransomware attacks were up 47% in July compared with the previous month, according to the latest threat data from NCC Group, with the LockBit family largely to blame Continue Reading
News 24 Aug 2022

Most CISOs think they’ve been attacked by a nation state

Most organisations have made changes to their cyber strategies and policies following Russia’s invasion, and almost two-thirds suspect they have been directly targeted or impacted by a nation-state cyber attack Continue Reading
News 24 Aug 2022

Alleged Twitter security failings spell trouble ahead

Twitter’s former security head, Peiter Zatko, has alleged a number of serious cyber failures at the social media platform, raising the spectre of investigations and sanctions Continue Reading
News 23 Aug 2022

NCSC shares cyber guidance for large infrastructure builds

Balfour Beatty and McAlpine are among the large construction firms to have input into latest NCSC guidance for ensuring the security of major infrastructure projects Continue Reading
Feature 22 Aug 2022

Data classification: What it is and why you need it

To be compliant, to ensure data is optimally protected, that it is available, that it can be analysed and that it is stored most cost-effectively – these are reasons why data classification is vital to organisations Continue Reading
Podcast 22 Aug 2022

State of open source: Computer Weekly Downtime Upload podcast

In this special edition of the Computer Weekly Downtime Upload podcast, OpenUK’s Amanda Brock speaks to Cliff Saran about open source challenges Continue Reading
News 22 Aug 2022

Kaspersky threat data added to Microsoft Sentinel service

Microsoft and Kaspersky have agreed a collaboration to integrate Kaspersky’s threat data feeds into Microsoft’s cloud-native SIEM/SOAR service Continue Reading
News 22 Aug 2022

Lloyd’s to end insurance coverage for state cyber attacks

Lloyd’s of London has instructed its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels of risk Continue Reading
News 19 Aug 2022

Google employees demand end to collection of abortion data

In the wake of the US Supreme Court rolling back abortion rights, Google employees are calling on the company to stop collecting abortion-related data, so that it can never be shared with police Continue Reading
News 19 Aug 2022

Cozy Bear targets MS 365 environments with new tactics

Cozy Bear, or APT29, is trying out new tricks as it seeks access to its targets’ Microsoft 365 environments Continue Reading
News 18 Aug 2022

LexisNexis sued by immigration advocates over data practices

Four immigration advocacy groups launch lawsuit in Illinois alleging data broker’s collection, aggregation and sale of people’s personal data, including non-public information, to corporations and government bodies Continue Reading
News 18 Aug 2022

It takes a breach to force boards to take notice of cyber, says UK government

Too often, it takes a major incident for business leadership to pay attention to cyber issues, according to a government-commissioned study of victims Continue Reading
Opinion 18 Aug 2022

Why you should start your post-quantum encryption migration now

Some say we have the best part of a decade to prepare for the security risks that quantum computing presents to current encryption tech, but PA Consulting experts believe that timeframe is shrinking dramatically Continue Reading
News 16 Aug 2022

South Staffs Water is victim of botched Clop attack

South Staffordshire Water moves to reassure customers that their supplies remain safe after its attackers screw up their initial assault Continue Reading
News 16 Aug 2022

Why organisations need to harmonise their CIO and CISO roles

Unless properly managed, conflicting responsibilities between the chief information officer and the chief information security officer can cause project delays and budget overruns, says Netskope’s Mike Anderson Continue Reading
News 15 Aug 2022

Lawyers and journalists sue CIA and Mike Pompeo over Assange surveillance claims

CIA and its former director sued over allegations that they authorised unlawful spying on US citizens when they visited WikiLeaks founder Julian Assange at the Ecuadorian Embassy in London Continue Reading
News 15 Aug 2022

How clean data helps Southern Water identify vulnerable customers

Escalating prices means households around the country are having to tighten spending, with many struggling to pay their bills. Water4All, a consortium led by Southern Water, is using data to identify low-income and vulnerable households so they can be better supported Continue Reading
News 15 Aug 2022

Report reveals consensus around Computer Misuse Act reform

A study produced by the CyberUp campaign reveals broad alignment among security professionals on questions around the Computer Misuse Act, which it hopes will give confidence to policymakers as they explore its reform Continue Reading
News 12 Aug 2022

Online Safety Bill ‘not fit for purpose’, say tech experts

IT specialists lack confidence that legislation compelling tech firms to tackle online harms will work as intended, with only a small minority believing ‘harmful but legal’ content can be effectively and proportionately policed by internet platforms Continue Reading
News 11 Aug 2022

NHS may take a month to recover from supply chain attack

Ransomware attack victim Advanced warns its NHS customers they could be waiting until early September to fully recover their operations Continue Reading
News 10 Aug 2022

Microsoft fixes two-year-old MSDT vulnerability in August update

August’s Patch Tuesday drop fixes more than 120 CVEs, including another MSDT RCE zero-day that is being actively exploited. Continue Reading
News 10 Aug 2022

‘Coopetition’ a growing trend among ransomware gangs

Sophos shares data from its new X-Ops unit at Black Hat in Las Vegas, revealing a growing number of ransomware victims being attacked by multiple gangs at the same time Continue Reading
News 10 Aug 2022

UK to surveil convicted migrants with facial recognition

A Home Office scheme to biometrically scan the faces of convicted migrants who have already carried out punishments has come under fire from privacy and human rights groups for being discriminatory Continue Reading
News 09 Aug 2022

Cyber insurance getting harder to obtain

Organisations looking to shore up their security postures face more and more barriers to obtaining cyber insurance Continue Reading
News 08 Aug 2022

NHS recovering key services after attack on supplier

Incident at software provider Advanced took out multiple NHS services before the weekend, including the 111 advice service Continue Reading
News 05 Aug 2022

Reliance on PSN may have exacerbated cyber attack impact

As it seeks a new supplier to reinvigorate the migration away from the Public Services Network, the Cabinet Office says relying on the legacy network may be putting public sector bodies at heightened risk in cyber attacks Continue Reading
Opinion 05 Aug 2022

The dangers of the UK’s illogical war on encryption

The unintended consequences of the Online Safety Bill will have a dramatic effect on our ability to communicate securely, including in Ukraine, where it is needed most Continue Reading
News 04 Aug 2022

SBRC to administer NCSC training across Scotland

The Scottish Business Resilience Centre has been awarded a £500,000 contract to extend cyber resilience training across more than 250 at-risk organisations Continue Reading
Opinion 04 Aug 2022

Reimagining ethical digital technology

With ever-increasing digitisation leading to greater dependence on a range of digital technologies, enterprises need to urgently look at how they can incorporate ethical and social considerations into the tech they develop Continue Reading
News 03 Aug 2022

New EU due diligence law needs amending to stop tech sector abuse

European corporate due diligence directive seeking to transform how companies approach their human rights and environmental risk is welcome, but without further changes, it will fail to effectively curb tech firms’ harmful practices, claims international non-profit Continue Reading
News 02 Aug 2022

UK safety tech sector sees strong revenue and employment growth

Safety tech is now one of the fastest-growing sectors in the UK tech industry, with jumps in revenue, investment and employment Continue Reading
News 29 Jul 2022

Austrian data firm accused of selling malware, conducting cyber attacks

Microsoft has accused DSIRF, an Austrian data services firm, of involvement in a string of cyber attacks Continue Reading
News 28 Jul 2022

H0lyGh0st ransomware gang faces challenges, but still a threat

Digital Shadows reports on the recently identified H0lyGh0st ransomware outfit, a new threat actor operating out of North Korea that faces some clear challenges, but is nevertheless still a live threat Continue Reading
News 28 Jul 2022

NCSC startups scheme turns focus to operational technology, SME security

NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses Continue Reading
News 28 Jul 2022

Home Office selects CGI as strategic delivery partner

IT services supplier will act as strategic delivery partner for the Home Office’s plans to modernise and join up UK law enforcement’s digital capabilities Continue Reading
News 28 Jul 2022

Hibs push for the backup premier league with Acronis

Hibernian FC signs Acronis to get top division data protection and make the most of ticketing information and match footage as it tries to gain more value from the data it holds Continue Reading
News 27 Jul 2022

Consumers left out of pocket as security costs soar

As the average cost of a security incident reaches an all-time high of nearly $4.5m, an IBM Security study reveals how these costs are being passed on to ordinary people Continue Reading
News 27 Jul 2022

US doubles bounty on Lazarus cyber crime group to $10m

US State Department doubles a previously announced reward for information on North Korean cyber criminals, including the notorious Lazarus group Continue Reading
News 27 Jul 2022

Retail software firm PrestaShop warns users about SQL injection attacks

Open source e-commerce platform PrestaShop warns thousands of small retailers that their customers’ credit card details may be at risk of compromise Continue Reading
News 27 Jul 2022

Cyber security training ‘boring’ and largely ignored

Two-thirds of employees don’t bother to pay attention to cyber security training – and the fault does not lie with them Continue Reading
Opinion 27 Jul 2022

Security Think Tank: Don’t rely on insurance alone

Cyber insurance is a useful addition to the cyber protection toolbox. However, it cannot be regarded as a replacement for the controls that should be in operation, says Turnkey Consulting’s Tom Venables Continue Reading
News 26 Jul 2022

Secret court asked to quash a decade of MI5 surveillance warrants following ‘systemic breaches’

The culture at MI5 was to ‘prioritise’ missions ‘over everything else’, including compliance with safeguards designed to protect the public, the UK’s most secret court heard yesterday Continue Reading
News 26 Jul 2022

No More Ransom initiative helps 1.5 million people in six years

One and a half million people have now taken advantage of free ransomware decryption tools offered by a joint European project Continue Reading
News 26 Jul 2022

Meta publishes first-ever human rights report

Meta details its approach to protecting and promoting human rights, but civil society groups say the company has failed to grapple with the human rights risks associated with its own business model Continue Reading
News 26 Jul 2022

Ducktail infostealer targets Facebook Business users

Newly uncovered Ducktail operation targets individuals with access to Facebook Business service and tries to steal their accounts Continue Reading
News 25 Jul 2022

Home Office ‘unlawfully’ approved MI5 bulk surveillance warrants

MI5 provided ‘false information’ to the Home Office to secure bulk surveillance warrants, the Investigatory Powers Tribunal heard Continue Reading
News 25 Jul 2022

NCSC seeks community input for Cyber Advisor service

The NCSC is proposing to establish a new Cyber Advisor service to train up experts in security guidance, and is inviting interested parties to come forward Continue Reading
News 25 Jul 2022

The Security Interviews: Why you need to protect abandoned digital assets

The war in Ukraine and subsequent boycott of Russia resulted in a swathe of digital infrastructure being abandoned, becoming a potential vulnerability for many organisations, says Cyberpion’s Ran Nahmias Continue Reading
Blog Post 22 Jul 2022

Pro-business AI regulations need to be global

There is little doubt that artificial intelligence and machine learning will revolutionise decision-making. But how these new technologies make decisions is a mystery and the black art that goes on ... Continue Reading
News 22 Jul 2022

LinkedIn most impersonated brand in phishing attacks

Social network LinkedIn, along with Microsoft and DHL, are just some of the brands that are most frequently imitated by cyber criminals conducting phishing attacks Continue Reading
News 22 Jul 2022

Forrester: European cloud adoption accelerates

The rise in public cloud usage across the UK and EU will speed up new cloud-specific regulations Continue Reading
News 21 Jul 2022

Buy ‘plug-n-play’ malware for the price of a pint of beer

Three-quarters of malwares and almost 90% of exploits retail on the dark web for about £8.40 or less, according to a report Continue Reading
News 21 Jul 2022

Russia-linked APTs targeted fleeing Ukrainian civilians

Mandiant and the US authorities have shared details of a phishing campaign that spoofed humanitarian information on evacuation procedures to target Ukrainians fleeing Russian bombardment Continue Reading
News 21 Jul 2022

UK government introduces data reforms legislation to Parliament

Proposed changes to UK’s data protection regime include new grounds for data processing, significant powers for the secretary of state to direct the regime’s application, and fewer restrictions on law enforcement’s use of data Continue Reading
News 20 Jul 2022

Transatlantic PET contest open for entries

A joint UK-US innovation prize challenge for developers of privacy-enhancing technologies has opened for entries Continue Reading
News 20 Jul 2022

Cato aims to bust cyber myths as it extends network protections

Cato Networks is beefing up its platform’s security features with ransomware and data loss protections, and the firm’s security strategy lead Etay Maor is using the occasion – and his unique access to billions of data points from the firm’s network – to explode some cyber myths Continue Reading
News 20 Jul 2022

Barnet Council to bring work outsourced to Capita back in-house by 2026

London borough is bringing swathes of outsourced services back in-house next year, with more to follow by 2026 Continue Reading
News 20 Jul 2022

Russia’s Cozy Bear abusing Dropbox, Google Drive to target victims

Russian APT known as Cozy Bear has become adept at quickly incorporating popular cloud storage services into its attack chain to avoid detection Continue Reading
News 19 Jul 2022

Pro-business AI framework spans sector-specific regulations

But should organisations deploying artificial intelligence comply with EU or UK proposals? Continue Reading
News 18 Jul 2022

US cyber agency CISA to open London office

The US Cybersecurity and Infrastructure Security Agency has chosen London to host its first office outside America Continue Reading
Feature 18 Jul 2022

What to look for when taking out a cyber insurance policy

We look at the steps organisations need to take when buying cyber insurance Continue Reading
News 15 Jul 2022

NHS trust ‘deliberately’ deleted up to 90,000 emails before tribunal hearing

A high-profile case brought by NHS whistleblower Chris Day raises questions about the adequacy of information governance practices in NHS hospital trusts Continue Reading
News 15 Jul 2022

Drivers’ union calls for immediate dismissal of Uber executive

Uber’s continued employment of an executive directly involved in efforts to resist regulatory oversight puts the ride-hailing firm in breach of its 2018 licence conditions, says drivers’ union Continue Reading
News 15 Jul 2022

Log4Shell on its way to becoming ‘endemic’

US government report concludes that, like Covid, Log4Shell will be with us for a long time to come Continue Reading