IT governance
IT governance provides the core workflows and processes that help IT managers to oversee the successful functioning of the IT department, and to prove the value of IT to the business. Regulations and compliance are just as important as technological and management skills, and we highlight the best practice in IT governance and the example of successful IT leaders.
-
Feature
11 Jul 2023
Norwegian data privacy experts sound alarm over generative AI
Hundreds of millions of people embrace generative artificial intelligence, blissfully ignorant of what it’s doing to data privacy. Continue Reading
-
News
24 Apr 2023
Finland and Estonia deepen cross-border digital partnerships
Finland and Estonia, two global tech pioneers, are increasingly sharing their expertise Continue Reading
-
News
20 Sep 2023
Organisations failing to proactively address insider cyber risk
Organisations are spending less than 10% of their annual security budgets on trying to solve one of the costliest problems in cyber: insider risk Continue Reading
-
News
20 Sep 2023
Multi-agency pilot aims to help innovators navigate regulatory landscape
Regulators join forces in pilot scheme to help businesses deploy new technologies in a way that complies with cross-industry regulations Continue Reading
-
News
19 Sep 2023
Braverman puts pressure on Meta to pause end-to-end encryption plans
The home secretary is calling on Meta to halt its plans to introduce encrypted messaging services on Facebook and Instagram until the company puts measures in place to detect abuse Continue Reading
-
News
19 Sep 2023
Okta confirms link to cyber attacks on Las Vegas casinos
Okta CISO David Bradbury confirms widespread speculation about the high-profile cyber attacks on two Las Vegas casino operators, revealing that the threat actors responsible had indeed abused its services as they earlier claimed Continue Reading
-
News
19 Sep 2023
38TB Microsoft data leak highlights risks of oversharing
An accidentally disclosed SAS token with excessive privileges enabled researchers to access nearly 40TB of Microsoft’s data, highlighting the risks of privilege mismanagement and oversharing Continue Reading
-
News
19 Sep 2023
Nominet and European counterparts link up on intelligence sharing
The new European TLD ISAC, a collaborative project between top-level domain providers across Europe, aims to enhance their collective security posture to better protect internet users Continue Reading
-
News
18 Sep 2023
Unregulated DeFi services abused in latest pig butchering twist
Pig butchering scammers are taking advantage of the unregulated nature of DeFi crypto trading apps to siphon off even more money from their victims, according to the latest findings of an ongoing investigation Continue Reading
-
News
18 Sep 2023
CMA focuses on data for AI foundation model
Foundational AI models require vast amounts of data. Without access to diverse datasets, the market for foundational models risks being stifled Continue Reading
-
Opinion
18 Sep 2023
Security Think Tank: A user’s guide to encryption
The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading
-
News
18 Sep 2023
Government seeks industry views on cyber threat to UK CNI
The Science, Innovation and Technology Select Committee is seeking evidence from the cyber sector as it launches an inquiry into the resilience of the UK's critical national infrastructure Continue Reading
-
News
15 Sep 2023
Few organisations have a clear strategy for AI
Few organisations are confident with the main concepts involved in developing AI-enabled business models Continue Reading
-
News
15 Sep 2023
Las Vegas mainstay Caesars Palace likely paid off ransomware crew
Caesars Entertainment, owner of the lavish Roman Empire-themed Caesars Palace casino in Las Vegas, has revealed it also suffered a ransomware attack, and appears to have paid off its hackers Continue Reading
-
News
15 Sep 2023
Manchester police data breach a classic supply chain incident
The developing data breach at Greater Manchester Police follows a cyber attack on the systems of a key supplier of ID services to the force Continue Reading
-
News
14 Sep 2023
BlackCat on the hook for cyber attack that crippled Vegas casinos
The ALPHV/BlackCat ransomware operation claimed responsibility for an attack that forced MGM Resorts to shut down systems at some of Las Vegas’ most popular gambling venues Continue Reading
-
News
14 Sep 2023
Google, Microsoft and Mozilla push browser updates to foil zero-day
A zero-day in Google’s Chrome browser was first reported by surveillance researchers at The Citizen Lab and Apple, but also affects other browsers Continue Reading
-
News
14 Sep 2023
As vehicle safety regulations loom, carmakers fret over cyber risks
Global, UN-backed car safety and security regulations come into force next year, and automotive bosses say they are not only unprepared, but “swamped” by a tide of compliance and security risks Continue Reading
-
News
13 Sep 2023
GitHub fixes race condition that could have led to ‘repojacking’
A subtle flaw in how GitHub handled repository creation and user renaming could have had serious consequences for the open source community, but has now been fixed. Learn more about how it worked Continue Reading
-
News
13 Sep 2023
BianLian ransomware gang holds Save the Children hostage
The dangerous and prolific BianLian ransomware gang claims to have stolen almost 7TB of data from NGO Save the Children, but thankfully the charity’s vital work on the ground appears to be unaffected Continue Reading
-
News
13 Sep 2023
Storm-0324 gathers over Microsoft Teams
An initial access broker associated with several different ransomware operations is now conducting Microsoft Teams phishing attacks Continue Reading
-
News
13 Sep 2023
NCSC and ICO sign MoU to forge deeper collaborative links
The scope of the MoU signed by the NCSC and the ICO includes collaboration on new cyber regulations and guidance, and how to support cyber attack victims appropriately and minimise regulatory penalties Continue Reading
-
News
13 Sep 2023
Patch Tuesday: Microsoft fixes zero-days in Word and Streaming Service
September 2023 brings a light Patch Tuesday, with two zero-days and five critical vulnerabilities listed in the latest release Continue Reading
-
News
13 Sep 2023
ExtraHop open sources 16 million rows of threat domain data
NDR specialist ExtraHop says making its entire machine learning dataset available for anybody to view will help organisations better defend against cyber attacks originating from malicious domains generated by algorithms Continue Reading
-
News
12 Sep 2023
US casino giant MGM Resorts battles 36-hour outage after cyber attack
Multiple systems at US hotel and casino operator MGM went down in the wake of the incident on 10 September, crippling several of Las Vegas’ most prominent casinos Continue Reading
-
Opinion
12 Sep 2023
Consciousness to address AI safety and security
The co-founder of KikenAI discuses why he has decided to make the technology for protecting LLMs open source Continue Reading
-
News
11 Sep 2023
Professional ransomware gangs clearly a threat, but attacks can be easily stopped
NCSC and NCA report reveals insight into business models and underpinnings of ransomware gangs and their affiliates, but also urges defenders to take heart, as stopping a ransomware attack is not that hard to do Continue Reading
-
News
11 Sep 2023
UK boardrooms and CISOs increasingly aligned on cyber risks
Board members and CISOs in UK organisations seem to be working together much better, but while this is an encouraging sign, there remain some areas of concern over how the two relate to each other Continue Reading
-
Feature
08 Sep 2023
AI-powered cloud SIEM: Real-time threat intel boosts defences
Thanks to their advanced data analysis and predictive capabilities, AI and ML will be valuable protective tools going forward. Learn about the potential of AI-backed cloud SIEM technology Continue Reading
-
News
08 Sep 2023
Apple patches Blastpass exploit abused by spyware makers
Apple has patched two vulnerabilities that formed an exploit chain which has been allegedly abused by spyware company NSO Continue Reading
-
News
08 Sep 2023
Deputy PM urges UK plc not to lose focus on cyber
In a speech at TechUK, deputy prime minister Oliver Dowden urges the cyber security community not to lose focus, and to do more to further collaboration across sectors Continue Reading
-
Feature
08 Sep 2023
SME disaster recovery: Five key points to consider
We look at key DR considerations for SMEs, including RPOs, RTOs, infrastructure needed for effective continuity and the right combination of cloud and in-house provision Continue Reading
-
News
07 Sep 2023
Government AI taskforce appoints new advisory board members
An initial progress report published by the Taskforce provides detail on new appointments to its external advisory board as well as rebrand to focus on “frontier” artificial intelligence Continue Reading
-
News
07 Sep 2023
Microsoft finds Storm-0558 exploited crash dump to steal signing key
Microsoft has published new information on how the Chinese state threat actor Storm-0558 was able to exploit a rare race condition following a crash dump in order to acquire a consumer signing key Continue Reading
-
News
06 Sep 2023
Meet the professional BEC op that targeted Microsoft 365 users for years
The so-called W3LL cyber crime operation ran a phishing empire that has played a large role in compromising Microsoft 365 accounts for years. Its activities are now coming to light thanks to Group-IB researchers Continue Reading
-
News
06 Sep 2023
Okta customers targeted in new wave of social engineering attacks
Authentication specialist Okta has warned customers to be on alert for a campaign of social engineering attacks exploiting highly privileged users Continue Reading
-
News
05 Sep 2023
Executive interview: ManageEngine president Rajesh Ganesan on the ‘three Ws’ of digital change
Today's IT management model must assume that the workforce can operate from any workplace and use any workload with ease and security, as the security and service management software supplier explains Continue Reading
-
News
05 Sep 2023
Researchers find flaw in Mend.io security platform
WithSecure’s research team uncovered an authentication flaw in an application security platform developed by Mend.io, which has now been fixed Continue Reading
-
News
05 Sep 2023
Law firm Fieldfisher launches data breach management tool
UK and European data breach law specialist Fieldfisher has enlisted legal tech specialist Lawcadia to supply a 24-hour data breach notification assessment platform Continue Reading
-
News
05 Sep 2023
Hacked Electoral Commission failed Cyber Essentials audit
The Electoral Commission failed an NCSC Cyber Essentials audit on multiple counts at about the same time as cyber criminals breached its systems in 2021, it has emerged Continue Reading
-
News
05 Sep 2023
NCSC names ex-NCC man as new CTO
New NCSC CTO Ollie Whitehouse joins from NCC Group, having also worked at BlackBerry and Symantec Continue Reading
-
News
04 Sep 2023
LockBit ransomware gang allegedly leaks MoD data after hit on supplier
The UK government appears to have become entangled in a LockBit ransomware attack after data was leaked from a third-party supplier online Continue Reading
-
News
01 Sep 2023
Police Scotland five-year digital strategy approved
Police Scotland’s new strategy outlines how the force will approach and invest in its digital transformation over the next five years, but notes its ability to achieve its ambitions is subject to the availability of funding Continue Reading
-
News
01 Sep 2023
IT experts issue new warnings over Online Safety Bill plans to weaken end-to-end encryption
BCS, The Chartered Institute for IT, argues the government is seeking a technical fix to terrorism and child abuse without understanding the risks and implications Continue Reading
-
Opinion
01 Sep 2023
The quantum threat: Implications for the Internet of Things
The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading
-
News
31 Aug 2023
Home Office and MoD seeking new facial-recognition tech
The UK’s Defence and Security Accelerator is running a ‘market exploration’ exercise on behalf of the Home Office to identify new facial-recognition capabilities for security and policing bodies in the UK Continue Reading
-
News
30 Aug 2023
Met police data platform deployed with data protection issues
Met Police deploys integrated record management system despite data protection ‘compliance issues' that would inhibit its ability to retrieve data, meet its statutory logging requirements, and respond to subject access requests Continue Reading
-
News
29 Aug 2023
Top-performing CISOs reserve time for professional development
Survey of chief information security officers conducted by Gartner sheds light on habits shared by the top-performing members of the profession Continue Reading
-
News
24 Aug 2023
Bletchley Park to host UK government AI safety summit
An international collaboration event on artificial intelligence safety is being run at the site that was home to the world’s first programmable computer Continue Reading
-
News
23 Aug 2023
St Helens Council in Merseyside hit by ransomware attack
St Helens Borough Council is investigating a suspected ransomware incident targeting its systems, and is advising residents to be on the alert for follow-on phishing attacks Continue Reading
-
News
22 Aug 2023
Met Police data platform £64m over budget
A freedom of information request has revealed that the Met’s Connect integrated record management system is running tens of millions over budget, and has already generated more than 25,000 support requests so far Continue Reading
-
News
22 Aug 2023
Clop’s MOVEit attacks drive ransomware volumes to record high
Such has been the scope of Clop’s activity since May that ransomware attack volumes have more than doubled year on year, according to the latest data Continue Reading
-
News
21 Aug 2023
Cyber attack on Aussie energy services firm may hit UK CNI
Energy One, an Australia-based supplier of tech services to the energy sector, is investigating the possibility that some UK customers may have been caught up in an ongoing cyber attack on its systems Continue Reading
-
News
18 Aug 2023
BSI launches sustainability-focused startup accelerator
Startups selected to participate in the BSI and Cambridge Institute of Sustainability Leadership’s joint sustainability startup accelerator are working in a diverse range of areas and using a variety of technologies to positively affect society Continue Reading
-
News
17 Aug 2023
Researchers demo fake airplane mode exploit that tricks iPhone users
Exploit chain that tricks a victim into believing their iOS device is offline in airplane mode when it is not could open the door to grave privacy concerns Continue Reading
-
News
16 Aug 2023
NCSC expands Cyber Incident Response service more widely
The NCSC has added a level to its CIR programme to enable more cyber attack victims to take advantage of the service, which offers access to assured incident response specialists Continue Reading
-
News
16 Aug 2023
ITAM influence on cyber risk becoming a factor in credit ratings
Credit agency S&P Global Ratings warns that organisations that pay inadequate attention to IT asset management as a factor in their cyber risk management processes may find their creditworthiness takes a dive Continue Reading
-
News
15 Aug 2023
Biometrics and surveillance camera commissioner resigns
Dual biometrics and surveillance camera watchdog will step down at the end of October 2023, noting that while he agreed to stay on until the Data Protection and Digital Information Bill received royal assent, continuing delays to its passage means he will not be able to effectively discharge his functions Continue Reading
-
News
15 Aug 2023
Norfolk and Suffolk police hit by FoI-linked data breach
Latest UK police data breach relates to crime suspects, victims and witnesses across East Anglia, and comes just days after a similar incident at the Northern Irish service Continue Reading
-
News
14 Aug 2023
US Cyber Board to probe cloud security after latest Exchange hack
CSRB review of cloud security comes in the wake of a major Chinese cyber attack on US government bodies orchestrated through Microsoft’s cloud services Continue Reading
-
News
11 Aug 2023
Google Help workers claim layoffs are retaliation for unionising
More than 100 Google Help workers claim that Google and Accenture’s decision to layoff two-thirds of the team was done in retaliation for their attempts to form a union, while companies claim decision was made well in advance of unionisation attempt Continue Reading
-
News
11 Aug 2023
Biden administration bans investment in Chinese high tech
Executive Order prohibits investment firms from supporting Chinese firms specialising in AI, quantum and advanced semiconductors Continue Reading
-
News
10 Aug 2023
Google speeds up security update frequency for Chrome
Changes to Google’s security update policy are supposed to help close the gap in which cyber criminals can exploit n-day vulnerabilities Continue Reading
-
News
10 Aug 2023
PSNI investigating second breach after laptop stolen
Just hours after accidentally disclosing the personal details of 10,000 personnel, the Police Service of Northern Ireland has notified a second data breach after a police issue laptop and documents were stolen from a parked car Continue Reading
-
News
09 Aug 2023
AI interview: Krystal Kauffman, lead organiser, Turkopticon
Remote Mechanical Turk workers are responsible for training artificial intelligence algorithms and completing other data-related business processes - we hear about the workplace issues they face Continue Reading
-
News
09 Aug 2023
Microsoft addresses Office vulnerability attacked by Russian spooks in latest update
Microsoft has issued fixes for over 70 vulnerabilities in its August Patch Tuesday drop, including remedies for CVE-2023-36884, which was disclosed without a fix in July and has been the subject of Kremlin-backed cyber attacks Continue Reading
-
News
09 Aug 2023
Northern Irish police expose staff data in botched FoI response
Human error is being blamed for the leak of personally identifiable information on all serving officers and civilian staff at the Police Service of Northern Ireland Continue Reading
-
News
08 Aug 2023
UK voter data hacked in cyber attack on election watchdog
An unknown threat actor who attacked the UK’s Electoral Commission had access to data on millions of UK voters for over a year, the watchdog has revealed Continue Reading
-
News
08 Aug 2023
Workplace monitoring needs worker consent, says select committee
Employers looking to monitor their employees through connected devices should only to so with the consent of those affected due to negative impacts such surveillance can have on work intensification and mental health Continue Reading
-
News
08 Aug 2023
Many UK organisations considering ChatGPT bans on employee devices
More than 60% of organisations in the UK have either banned, or are considering banning, the use of generative AI tools on employee- or business-owned devices Continue Reading
-
News
07 Aug 2023
NHS trust suspends two governors as whistleblower email dispute continues
Governors at an NHS trust have been suspended after asking questions about emails used to bring a General Medical Council investigation against a whistleblower Continue Reading
-
News
07 Aug 2023
Microsoft fixes Azure flaw that was subject of researcher criticism
Microsoft has confirmed a potentially-dangerous flaw in the Azure platform has now been fully fixed, and moved to reassure customers that despite criticism it is committed to responsible disclosure and timely fixes Continue Reading
-
News
07 Aug 2023
Rise in fraudsters spoofing the websites of leading UK banks
Despite safeguards to protect customers from scams, UK retail banks are still seeing high volumes of fake phishing websites exploiting their brands, and the problem seems to be increasing in scope and scale Continue Reading
-
News
04 Aug 2023
Log4Shell, ProxyShell still among most widely exploited flaws
Statistics released by the collective Five Eyes cyber agencies reveals insight into the most exploited vulnerabilities of 2022, and unsurprisingly there are some old ‘friends’ on the list Continue Reading
-
News
04 Aug 2023
Biden’s SBOM mandate a ‘shot heard around the world’, report says
Two years and three months after Joe Biden mandated new standards in supply chain security, over 40% of UK respondents to a survey say they have implemented new SBOM policies in direct response Continue Reading
-
News
03 Aug 2023
Scottish NHS trust ducks fine after staff shared patient data via WhatsApp
NHS Lanarkshire has been issued a formal reprimand by the ICO after staff members used WhatsApp to share patients’ personal data with one another Continue Reading
-
News
03 Aug 2023
Microsoft attacked over ‘grossly irresponsible’ security practice
The CEO of Tenable has launched a scathing attack on Microsoft, asserting that the organisation is deliberately keeping its Azure cloud customers in the dark about dangerous vulnerabilities and accusing it of a culture of ‘toxic obfuscation’ Continue Reading
-
News
02 Aug 2023
Ivanti MDM users told to patch against two dangerous flaws
Users of Ivanti’s mobile device management platform have been warned to act now to patch two vulnerabilities that were chained by a threat actor in a series of cyber attacks on the Norwegian government Continue Reading
-
News
02 Aug 2023
Improved rural connectivity could add £65bn to UK economy
Study from leading operator and economic consultancy points to potential massive economic boost to UK rural communities through increased digital connectivity and if long-standing obstacles are removed Continue Reading
-
Opinion
02 Aug 2023
Vigilance advised if using AI to make cyber decisions
The AI arms race is heating up, and the battle lines are being redrawn. Still, organisations should proceed cautiously and remain vigilant in scrutinising AI’s ability to ensure accurate, safe, and informed decision-making. Continue Reading
-
Opinion
31 Jul 2023
AI has a place in cyber, but needs effective evaluation
Organisations that don’t leverage AI-based security solutions will find themselves more vulnerable than those that do., but cyber pros still need to ensure they can effectively evaluate AI-enhanced tech to ensure it meets their use case Continue Reading
-
Feature
31 Jul 2023
Gartner: Steps to improving test data management
Product teams face issues around poor practices in test data management and failure to comply with data regulations – we look at ways to address those issues Continue Reading
-
News
28 Jul 2023
Risks of opening up AI
Meta has annouced that its Llama 2 large language model will be freely available under a community licence with certain restrictions Continue Reading
-
News
28 Jul 2023
Scottish university hit by Rhysida ransomware gang
Data allegedly stolen from the University of Western Scotland has been put up for sale on the dark web by a ransomware gang going by the name Rhysida Continue Reading
-
Opinion
28 Jul 2023
Does AI have a future in cyber security? Yes, but only if it works with humans
Do AI and ML hold the promise of helping cyber pros achieving the holy grail of operating quicker, cheaper, and with higher efficiency? We shouldn’t hold our breath, says Nominet’s Paul Lewis Continue Reading
-
News
27 Jul 2023
European Commission starts investigation into Microsoft Teams bundling
The commission will investigate if the bundling of Microsoft’s collaboration software with its office productivity suite breaks competition rules Continue Reading
-
News
27 Jul 2023
Cyber criminals pivot away from ransomware encryption
Cyber breaches that saw data theft and extortion without an encryption or ransomware component account for more and more incidents, in a possible indication that ransomware gangs are changing up their business models Continue Reading
-
Opinion
27 Jul 2023
AI-enhanced cyber has potential, but watch out for marketing hype
As AI is a hot topic right now, it is no surprise there are some cyber solutions coming to market that have been thrown together in haste, but that said, genuine AI-powered security products do exist and their abilities could yet prove transformative. Continue Reading
-
News
27 Jul 2023
US cyber breach reporting rules to have global impact
Organisations that operate as Foreign Private Issuers in the US will have to get to grips with strict new cyber breach reporting regulations handed down by the SEC in Washington Continue Reading
-
News
27 Jul 2023
Meta results show impact of data fines and datacentre upgrade strategy
The owner of Facebook is battling with regulators over transferring EU data to the US. It is also seeing less improvements on CPUs Continue Reading
-
News
25 Jul 2023
Cisco, BT and others launch network security coalition
Network Resilience Coalition focuses on bringing together global expertise to improve data and network security Continue Reading
-
News
25 Jul 2023
Tetra radio users’ comms may have been exposed for years
A number of flaws in the encryption algorithms used in the secure Tetra radio communications standard have potentially left users exposed to snooping Continue Reading
-
News
24 Jul 2023
Citrix NetScaler users told to patch new zero-day urgently
A vulnerability disclosed and patched last week by Citrix appears to be being exploited by China-backed threat actors as a zero-day, prompting warnings from government cyber bodies Continue Reading
-
News
24 Jul 2023
Tribunal investigates complaint that journalists’ phones were unlawfully monitored
The Investigatory Powers Tribunal has agreed to investigate complaints by Northern Ireland investigative journalists Trevor Birney and Barry McCaffrey that they were unlawfully placed under surveillance Continue Reading
-
News
24 Jul 2023
Bank of England’s project to replace ‘beating heart’ is foundation for continuous development
The Bank of England has reached a major milestone in its core system replacement programme, with next landmark in sight Continue Reading
-
News
24 Jul 2023
Security AI and automation may reduce cost of data breaches
Organisations that go all in on security AI and automation tend to incur lower financial costs when they experience a data breach incident, according to an IBM report Continue Reading
-
Feature
24 Jul 2023
Generative AI: Automating storage and backup management
We look at how generative artificial intelligence is being deployed to automate monitoring of repetitive tasks and report on enterprise storage and backup, but also the limits to its implementation Continue Reading
-
Opinion
21 Jul 2023
The problem with ‘secure’ messaging
Secure instant messaging is becoming a norm for business communications but it raises three important security and compliance questions Continue Reading
-
Feature
21 Jul 2023
What the Product Security and Telecommunications Infrastructure Act means for UK industry
For years, many network-connected devices have lacked adequate security, putting their users and others at risk of cyber attacks. The UK’s PSTI Act aims to prevent this by mandating minimum security requirements, but what impact will this have on industry? Continue Reading
-
News
20 Jul 2023
Online Safety Bill screening measures amount to ‘prior restraint’
The Open Rights Group is calling on Parliament to reform the Online Safety Bill, on the basis that its content-screening measures would amount to “prior restraint” on freedom of expression Continue Reading
-
News
20 Jul 2023
How the DSMA balances security and privacy with press freedom
In a world of information sharing and 24-hour news cycles, the Defence and Security Media Advisory committee have to balance national security and data privacy with freedom of the press Continue Reading
-
Opinion
19 Jul 2023
We have lift off… The opportunities and risks of generative AI
How you can use AI to benefit your business while navigating the risks Continue Reading