IT governance

IT governance provides the core workflows and processes that help IT managers to oversee the successful functioning of the IT department, and to prove the value of IT to the business. Regulations and compliance are just as important as technological and management skills, and we highlight the best practice in IT governance and the example of successful IT leaders.

Feature 11 Jul 2023
Norwegian data privacy experts sound alarm over generative AI

Hundreds of millions of people embrace generative artificial intelligence, blissfully ignorant of what it’s doing to data privacy. Continue Reading
News 24 Apr 2023
Finland and Estonia deepen cross-border digital partnerships

Finland and Estonia, two global tech pioneers, are increasingly sharing their expertise Continue Reading

News 07 Mar 2023

Taking back control: Could a distributed model breed a better AI?

AI tools such as ChatGPT are trained on datasets scraped from the web, but you don’t have much say if your data is used. Technologist Bruce Schneier says it’s time to give control of AI training data back to the people Continue Reading
Podcast 06 Mar 2023

Podcast: 2023 compliance and storage outlook

Geopolitical instability casts its shadow as organisations must think about cyber attacks, data location and what to do if things change quickly. We talk to Mathieu Gorge, CEO of Vigitrust Continue Reading
News 06 Mar 2023

Lords Committee to investigate use of AI-powered weapons systems

House of Lords to investigate the use of artificial intelligence in weapons systems, following UK government publication of AI defence strategy in June 2022 Continue Reading
Opinion 05 Mar 2023

Computer says no. Will fairness survive in the AI age?

New forms of regulation will be needed to safeguard against the risks posed by AI Continue Reading
News 03 Mar 2023

White House unveils National Cybersecurity Strategy

The strategy will focus on ensuring closer collaboration on cyber security between government and industry, while giving software and other tech companies a bigger role in combatting threats due to their resources and expertise Continue Reading
News 02 Mar 2023

AI interview: Michael Osborne, professor of machine learning

Artificial intelligence researcher speaks with Computer Weekly about the implications of a market-driven AI arms race and the overwhelming dominance of the private sector over the technology Continue Reading
Feature 01 Mar 2023

Backup testing: The why, what, when and how

We look at backup testing – why you should do it, what you should do, when you should do it, and how, with a view to the ways in which it will be made easier by forthcoming developments in backup software Continue Reading
News 28 Feb 2023

Industrial safetytech startups secure £150m funding since 2020

Industrial safetytech investment reached a record high of $100m in 2021, and remains significantly ahead of pre-pandemic funding levels despite a dip in 2022 Continue Reading
News 28 Feb 2023

Post Office’s most senior executives hushed up Horizon errors, public inquiry told

The Post Office messaging strategy was designed to reassure staff that the Horizon accounting system was robust after Computer Weekly first revealed problems in 2009 Continue Reading
Opinion 28 Feb 2023

Security Think Tank: Training can no longer be a compliance exercise

Historically, security training has tended to take a compliance-based focus, a ‘tick-box’ exercise using generic, off-the-shelf courses. This needs to change, says Hayley Watson of Turnkey Consulting. Continue Reading
Opinion 28 Feb 2023

Software for environmental, social, and corporate governance

In the last few years there has been an explosion in software to track and report on ESG data in financial services. What are the main features to look out for? Continue Reading
News 27 Feb 2023

Advanced digital resiliency can save organisations millions

Businesses that build out their digital resiliency are not only more secure, they also have more opportunities to innovate with IT Continue Reading
Opinion 27 Feb 2023

Cyber training in 2023 needs to drive measurable change

2023 will see more focus on security training programmes that not only provide employees with an understanding of the risks they face but more importantly drive measurable behavioural change, says PA Consulting’s Richard Allen Continue Reading
News 27 Feb 2023

How Dell is future-proofing its business

Dell Technologies is building a more resilient supply chain, investing in growth areas like edge and multicloud, and responding to shifts in consumption models to position itself for long-term growth Continue Reading
News 24 Feb 2023

UK police have ‘culture of retention’ around biometric data

A culture of retention around biometric data in UK policing is damaging public trust, says UK biometrics commissioner, who is calling for clear regulation to govern police use of biometric technologies Continue Reading
News 22 Feb 2023

UK HSE to launch regulatory sandbox for industrial safety tech

The sandbox will see the regulator work with industry and tech startups to accelerate the development and adoption of a range of safety-related technologies, with a particular emphasis on data and analytics Continue Reading
News 22 Feb 2023

UK forces lead live-fire cyber war exercise

The seven-day Defence Cyber Marvel 2 exercise put cyber responders from 11 countries through their paces Continue Reading
News 22 Feb 2023

Half of cyber leaders to switch jobs by 2025, citing stress

A substantial number of cyber security leaders are plotting their great escape, saying the industry is leaving them too stressed to go on, according to a study Continue Reading
News 21 Feb 2023

Royal Mail resumes full export service after cyber attack

Royal Mail resumes the last of its international services as it recovers from a ransomware attack, while the Post Office offers postmasters compensation for their lost business Continue Reading
News 21 Feb 2023

Care provider’s IT capability expands to support wider sector and beyond

Care Plus’s IT operation went from being under NHS control to an autonomous department selling its services Continue Reading
Opinion 21 Feb 2023

Cyber security training: Insights for future professionals

Future cyber security professionals need soft skills as well as technical ones, says security educator Sudeep Subramanian Continue Reading
News 20 Feb 2023

Veeam bundles backup products into Veeam Data Platform

Backup and data protection specialist Veeam upgrades and rebrands, with a focus on the challenges of ransomware and rapid recovery, and a claimed 500 new functions Continue Reading
News 20 Feb 2023

Twitter 2FA changes bring more risks than benefits

Twitter’s approach to nudging users away from insecure SMS-based 2FA is being questioned over its logic Continue Reading
Feature 20 Feb 2023

Accreditation key to enterprise security

We look at how industry-recognised certification enables security chiefs to improve the strength of their security team Continue Reading
News 17 Feb 2023

CIO interview: Hans van der Waal, director of global IT, Travelex

Travelex has weathered a storm that saw it sink into administration, before emerging to solidify its digital foundations for the future Continue Reading
Podcast 16 Feb 2023

Enterprise open source: A Computer Weekly Downtime Upload podcast

We speak to Spotify’s open source tech lead, Per Ploug, on supplier relationship management in open source Continue Reading
News 16 Feb 2023

Mock crime prediction tool profiles MEPs as potential criminals

Developed by Fair Trials, the example crime prediction tool uses the same information as police systems to assess the likelihood of someone committing a crime in the future Continue Reading
News 16 Feb 2023

Financial advisory firm Succession Wealth probes cyber attack

Aviva-owned wealth consultancy and financial advisory practice Succession Wealth was hit by an undisclosed security incident on 8 February Continue Reading
Opinion 16 Feb 2023

Security Think Tank: New trends and drivers in cyber security training

Self-paced, interactive, bite-sized learning is becoming the optimum path for cyber security training in the workplace, says John Tolbert of KuppingerCole Continue Reading
News 15 Feb 2023

Home Office partners with BAE Systems on border analytics

BAE Systems wins three-year contract worth £38m to help Home Office develop Cerberus, a project to secure UK borders through advanced data systems and analytics Continue Reading
News 15 Feb 2023

Multi-purpose malwares can use more than 20 MITRE ATT&CK TTPs

Report warns of the development of increasingly sophisticated, multi-purpose malwares, and calls on defenders to play close attention to the MITRE ATT&CK framework to ward them off Continue Reading
Opinion 15 Feb 2023

What charities should know about ransomware and reputational threats

The NCSC recently called for charities to elevate their cyber security practice. Find out why charities are a soft target for cyber criminals, and what they can do to fight back Continue Reading
News 15 Feb 2023

Microsoft fixes three zero-days in February update

February’s Patch Tuesday update contains fixes for three previously unpublicised zero-days in Microsoft Office, Windows Graphics Component and Windows Common Log File System Driver Continue Reading
News 14 Feb 2023

Vidar, nJRAT re-emerge as prominent malware threats in January

Trojans and infostealers once again dominate the list of most commonly observed threats, according to Check Point’s latest telemetry Continue Reading
News 14 Feb 2023

UK authorities clamp down on illegal crypto ATMs

The Financial Conduct Authority and West Yorkshire Police have disrupted a number of illegal crypto ATMs Continue Reading
News 14 Feb 2023

OSC&R framework to stop supply chain attacks in the wild

The backers of a new MITRE ATT&CK style framework called OSC&R hope to help organisations get to grips with threats to their software supply chains Continue Reading
Opinion 14 Feb 2023

How to protect your business from fraud during a recession

This winter, the chilly winds of a global recession have fraudsters turning up the heat. PJ Rohall of SEON Fraud Fighters shares some guidance on how to bundle up against fraud Continue Reading
Opinion 13 Feb 2023

What’s the technology talent and recruitment outlook for 2023?

Despite layoffs from technology companies demand for IT staff in 2023 is expected to be robust, but organisations may turn towards contractors and off-shoring Continue Reading
News 13 Feb 2023

Russian spear phishing campaign escalates efforts toward critical UK, US and European targets

Russian hacking group Seaborgium refines its tactics in a continuation of attacks against targets including not-for-profit organisations with geopolitical affiliations Continue Reading
Podcast 13 Feb 2023

Tech sector lay-offs in the round – Computer Weekly Downtime Upload podcast

The team talks about tech sector job losses in the round, with possible bright spots for corporate IT and contractors, and data and hybrid working strategies at the Very Group Continue Reading
News 13 Feb 2023

KPMG launches metaverse and digital twin hub in Saudi Arabia

The Saudi Arabian government’s commitment to investing in metaverse technology has attracted a KPMG centre of excellence to its shores Continue Reading
News 13 Feb 2023

Security buyers lack insight into threats, attackers, report finds

The majority of cyber security purchasing decisions are made without proper insight into the attackers organisations are facing, according to a Mandiant report Continue Reading
News 13 Feb 2023

Police tech needs clear legal rules, says biometrics regulator

Police use of artificial intelligence and facial recognition needs to be controlled by strict rules and mechanisms to ensure public trust Continue Reading
Feature 13 Feb 2023

Cyber security training: How to be as secure as is practicably possible

If you cannot secure all the people all the time, how should a business approach cyber security training and awareness programmes? Continue Reading
News 10 Feb 2023

Social media platform Reddit breached in phishing attack

An unspecified threat actor obtained access to internal documents, code and business systems at Reddit after stealing employee credentials in a phishing attack Continue Reading
News 09 Feb 2023

New Border Force unit to deploy more surveillance tech in Channel

Newly established Small Boats Operational Command (SBOC) will deploy a range of surveillance technologies in the English Channel in an attempt to deter crossings Continue Reading
News 09 Feb 2023

UK imposes sanctions on Conti ransomware gang leaders

Seven Russian nationals associated with the Conti and Ryuk ransomware operations have been sanctioned by the UK Continue Reading
Opinion 08 Feb 2023

Security Think Tank: Poor training is worse than no training at all

Bad security training is a betrayal of users, a security risk, and ultimately a waste of money, but there are some reasons to be optimistic about the future, say Mike Gillespie and Ellie Hurst of Advent IM Continue Reading
News 08 Feb 2023

Campaigners lament lack of movement on Computer Misuse Act reform

Westminster has opened a new consultation on proposed reforms to the Computer Misuse Act of 1990, but campaigners who want the law changed to protect cyber professionals have been left disappointed Continue Reading
News 07 Feb 2023

LockBit cartel finally claims Royal Mail ransomware attack

The LockBit ransomware gang claims it has stolen sensitive data from Royal Mail and will leak it later this week if its demands go unmet Continue Reading
News 07 Feb 2023

Benelux CIO interview: Marijn Grevink, leader of digital transformation, Mars

In an interview with Computer Weekly, the digital head at Mars, Marijn Grevink, takes the wrapper off digital transformation at the company in the Netherlands Continue Reading
News 06 Feb 2023

Online banks still riddled with cyber security flaws, report says

Online bank Virgin Money was found to have the weakest online and application security measures in a Which? study but Nationwide, TSB and The Co-Operative Bank all failed on multiple points, too. Continue Reading
News 06 Feb 2023

Post Office branches struggling after Royal Mail cyber attack

Royal Mail has restored almost all of its international services to some extent, but remains unable to accept parcels bought over the counter in a Post Office branch Continue Reading
News 06 Feb 2023

The Security Interviews: How to overcome data protection compliance challenges

Complying with the vast swathe of data protection legislation around the world is complex, especially for smaller organisations without the necessary expertise. Could the compliance process be simplified, and if so, how? Continue Reading
News 06 Feb 2023

Ransomware operator turns their fire on two-year-old VMware bug

A vulnerability in VMware ESXi servers that users should have patched in 2021 is now being exploited to spread ransomware Continue Reading
News 03 Feb 2023

LockBit gang confirms Ion cyber attack as disruption continues

The LockBit ransomware cartel has taken responsibility for this week’s attack on financial software firm Ion, and is threatening to leak stolen data on Saturday 4 February Continue Reading
News 03 Feb 2023

FCA cracks down on misleading promos by social media influencers

Social media is becoming a major part of the FCA’s work in clamping down on misleading financial advertising and promotions, with multiple influencers rapped for their behaviour Continue Reading
Opinion 03 Feb 2023

Security Think Tank: In 2023, we need a new way to cultivate better habits

Regular, small adjustments to behaviour offer a better way to keep employees on track and cultivate a corporate culture of cyber awareness, writes Elastic’s Mandy Andress Continue Reading
News 03 Feb 2023

MEPs vote to amend platform worker directive

MEPs have voted in favour of amendments to the European Commission’s platform worker directive that would introduce a presumption of employment and increase algorithmic transparency Continue Reading
News 02 Feb 2023

Goodbye NHS Digital – a new era of NHS technology is upon us

As NHS Digital is officially merged into NHS England, Computer Weekly takes a look at the history of the organisation and what the merger could mean for the future of NHS IT Continue Reading
News 02 Feb 2023

Suspected LockBit ransomware attack causes havoc in City of London

A suspected LockBit ransomware attack on trading software firm Ion has caused chaos for City of London traders Continue Reading
News 02 Feb 2023

Arnold Clark customer data was stolen in Play ransomware attack

Arnold Clark confirms data leaked on dark web was stolen from its systems in ransomware attack Continue Reading
News 01 Feb 2023

Cisco fixes two bugs that could have led to supply chain attacks on users

Two vulnerabilities uncovered in Cisco hardware could have opened the door to serious supply chain cyber attacks, according to the Trellix researchers who found them Continue Reading
News 01 Feb 2023

Cloud security top risk to enterprises in 2023, says study

A PwC study finds senior executives expect cyber attacks on cloud services to increase significantly this year Continue Reading
News 01 Feb 2023

Malware variant can block contactless payments

Kaspersky warns that the latest variant of the Prilex malware can block contactless payments to force people to insert cards, enabling criminals to steal money Continue Reading
News 01 Feb 2023

UK Cyber Council and ISACA launch audit, assurance programme

The UK Cyber Security Council has teamed up with ISACA to partner on a new audit and assurance programme for security pros Continue Reading
Opinion 01 Feb 2023

Tips on improving cyber training for home workers

How better security training can help firms tackle new cyber threats facing remote workers Continue Reading
News 31 Jan 2023

GitHub warns Desktop, Atom users after code-signing certificates pinched

Threat actors stole encrypted code-signing certificates for GitHub’s Desktop and Atom applications in December 2022, prompting warnings for users Continue Reading
News 31 Jan 2023

MI5 unlawfully collected and held millions of people’s data

Secretive court finds MI5 knowingly acted unlawfully in use of bulk surveillance warrants, and the Home Office continued granting warrants despite information the agency was operating outside the law Continue Reading
Opinion 31 Jan 2023

Three outsourcing trends to look out for in 2023

ISG's Andreas Fahr outlines three IT sourcing trends to look out for in the coming year. Continue Reading
News 31 Jan 2023

MPs warned of AI arms race to the bottom

Expert tells Parliamentary committee that tech companies developing artificial intelligence are cutting corners and placing safety on the backburner, opening up ‘enormous risks’ for the future of AI Continue Reading
News 30 Jan 2023

Data of 10 million JD Sports customers accessed in cyber attack

Data on 10 million people who shopped online at JD Sports over a two-year period was accessed and potentially stolen in a cyber attack Continue Reading
News 27 Jan 2023

Lords question ‘extensive’ government online safety powers

Digital minister Paul Scully defends government Online Safety plans to give secretary of state powers to direct Ofcom Continue Reading
News 25 Jan 2023

NCSC exposes Iranian, Russian spear-phishing campaign targeting UK

Spear-phishing campaigns likely linked to Iranian and Russian espionage activity are targeting persons of interest in the UK, warns the NCSC Continue Reading
News 25 Jan 2023

Arnold Clark cyber attack claimed by Play ransomware gang

A cyber attack that struck car dealer Arnold Clark prior to Christmas has been claimed as the work of the Play ransomware cartel Continue Reading
News 25 Jan 2023

Boards struggle to resolve cyber risk in digital supply chains

Accelerated digitisation of supply chains is introducing more cyber risk for which many organisations seem unprepared, according to the BSI’s annual report on supply chain risk Continue Reading
Definition 24 Jan 2023

Capex (capital expenditure)

A capital expenditure (Capex) is money invested by a company to acquire or upgrade fixed, physical, non-consumable assets, such as buildings and equipment or a new business. Continue Reading
News 24 Jan 2023

UK insurers need to up their game on cyber gaps, says PRA

Gaps and limitations in how insurers respond to cyber risk need to be addressed, according to the Bank of England regulator, the Prudential Regulation Authority Continue Reading
News 24 Jan 2023

Nationwide Building Society CIO to join Co-operative Bank

Gary Delooze to join Co-operative Bank as CIO after six years heading up Nationwide Building Society’s IT department Continue Reading
News 24 Jan 2023

SSRF attacks hit 100,000 businesses globally since November

There has been a dramatic increase in attacks exploiting the ProxyNotShell/OWASSRF exploit chains to target Microsoft Exchange servers Continue Reading
News 24 Jan 2023

Fake online contest makes Yahoo! most phished brand of Q4 2022

Yahoo! was the most frequently phished brand during the last three months of 2022, according to a report Continue Reading
News 23 Jan 2023

CIO interview: Ed Higgs, group director of IT shared services, Rentokil Initial

The pest control provider has consolidated 77 datacentres globally to just three – but with a corporate culture of acquisitions, there’s still a lot more to do Continue Reading
News 23 Jan 2023

Trellix automates patching for 62,000 vulnerable open source projects

Since revealing startling statistics about the prevalence of a 15-year-old Python vulnerability, Trellix says it has helped fix almost 62,000 vulnerable projects in the past four months Continue Reading
Opinion 23 Jan 2023

The rise of fraud in pop culture is impacting consumers’ digital trust

Shows such as The Tinder Swindler and Inventing Anna were big money-earners for Netflix in 2022, but Onfido’s Mike Tuchen says their popularity risks damaging consumer trust Continue Reading
News 23 Jan 2023

Royal Society calls on public sector to pilot privacy tech

The Royal Society says public sector bodies should lead the way in piloting privacy-enhancing technologies to unlock the value of data without compromising privacy and data rights, but lack of standards and incentives mean adoption is slow Continue Reading
News 23 Jan 2023

NCSC warning over cyber risk to charity sector

Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC Continue Reading
News 22 Jan 2023

Royal Mail making limited progress on ransomware recovery

Royal Mail asks customers to hold back from sending post overseas as some services get back on track, while a report warns that disruptive attacks on critical infrastructure are set to become more common Continue Reading
News 20 Jan 2023

Veeam survey finds ransomware blocks digital transformation

Annual report shows secular trend to the cloud and increased use of containers, but prevalence of ransomware attacks means digital transformation is hindered Continue Reading
E-Zine 20 Jan 2023

CW APAC January 2023 – Trend Watch: CIO Trends

As we enter a new year, it remains vital for IT leaders to keep track of the latest developments across the industry. In this handbook, focused on CIO trends in the Asia-Pacific region, Computer Weekly looks at predictions for 2023, how the Australian Red Cross managed a donation surge, Mondelez’s digital transformation and Singapore’s public sector IT strategy Continue Reading
News 19 Jan 2023

International post resumes thanks to Royal Mail ‘workarounds’

Royal Mail has resumed limited international services after putting in place operational workarounds to bypass the impact of a ransomware attack Continue Reading
News 19 Jan 2023

KFC, Pizza Hut parent shuts UK restaurants after cyber attack

A ransomware attack on Yum! Brands, the parent organisation of restaurants including KFC and Pizza Hut, was forced to shut approximately 300 outlets in the UK following a ransomware attack by an unspecified group Continue Reading
News 19 Jan 2023

Mailchimp suffers third breach in 12 months

Email marketing service Mailchimp has suffered its third data breach in a year, but has been praised for being open about its latest attack Continue Reading
News 19 Jan 2023

UK seeks to ban sharing ‘positive’ Channel crossing videos online

Under UK government amendments to the Online Safety Bill, video footage that shows people crossing the Channel in a ‘positive light’ could be added to a list of illegal content that all tech platforms must proactively prevent from reaching users, while senior managers could face further criminal sanctions Continue Reading
News 19 Jan 2023

Newham Council rejects use of live facial-recognition tech by police

Live facial-recognition technology should not be used by police in Newham until biometric and anti-discrimination safeguards are in place, according to a motion passed unanimously by the council, but the Met Police and the Home Office have indicated they will not suspend its use Continue Reading
News 19 Jan 2023

Outdated IT infrastructure poses growing risk to UK Security Vetting

Delays to UKSV’s important work in safeguarding the country’s national security are in part down to a legacy IT estate in dire need of modernisation, says the NAO Continue Reading
News 18 Jan 2023

Ukraine CERT leaders touch down in London for talks

The UK’s NCSC has been hosting Ukrainian cyber security leaders for a round of bilateral talks on improving resilience Continue Reading
News 18 Jan 2023

Ukraine cyber teams responded to more than 2,000 attacks in 2022

The Ukrainian authorities responded to more than 2,000 major cyber incidents during 2022, and are blocking thousands more potential attacks every day Continue Reading
News 17 Jan 2023

Benelux CIO interview: Richard Ventre, SHV Holdings

In his role at Netherlands-based SHV Holdings, Richard Ventre is tackling the challenge of enabling a diverse set of digital transformations across a range of industries Continue Reading
News 17 Jan 2023

Cloudflare urged to clamp down on pirates, counterfeiters

A whitepaper produced by brand protection specialist Corsearch calls on Cloudflare to do more to stop online content piracy and sales of counterfeit goods Continue Reading
News 17 Jan 2023

Crest throws support behind CyberUp CMA reform campaign

Cyber accreditation association Crest International has lent its support to the CyberUp campaign for reform to the Computer Misuse Act of 1990 Continue Reading