Regulatory compliance and standard requirements

3,600 potential cyber security experts apply to government scheme

The UK government’s Upskill in Cyber programme is reporting great success just a month after launch, with almost half of applicants women Continue Reading

ChatGPT’s phishing ‘problem’ may not be overstated

Some data now suggests that threat actors are indeed using ChatGPT to craft malicious phishing emails, but the industry is doing its best to get out in front of this trend, according to the threat intelligence team at Egress Continue Reading

ICO under fire for taking limited action over serious data breaches

The ICO has come under fire from lawyers and data protection specialists for just issuing written warnings to two public bodies over serious data breaches that placed people’s lives at risk Continue Reading

Generative AI: Data privacy, backup and compliance

We look at generative AI and the risks it poses to data privacy for the enterprise, implications for backup, and potentially dangerous impacts on compliance Continue Reading

Phishing and ransomware dominate Singapore’s cyber threat landscape

Phishing and ransomware attacks continued apace in Singapore last year amid signs of improving cyber hygiene Continue Reading

Nearly quarter of a million malicious websites reported and removed through NCSC service

A suspicious email and text message reporting service in the UK has directly led to a quarter of a million malicious websites being removed Continue Reading

Podcast: Cloud security, compliance and data classification

The rise of cloud has led to a proliferation of enterprise data and a rise in risk. We talk to Vigitrust CEO Mathieu Gorge about how to ensure compliance in a multicloud world Continue Reading

ChatGPT is creating a legal and compliance headache for business

ChatGPT’s increased use in the workplace has led many to question its legal and compliance implications for businesses. Experts warn that the software poses major security and copyright risks Continue Reading

NCSC warns over ‘enduring’ LockBit threat

Although its activity volumes have been lower of late, LockBit is still a highly dangerous ransomware gang and is now the subject of a new international cyber advisory Continue Reading

Ransomware-stricken Capita to run Action Fraud successor

A £50m deal to replace the Action Fraud service has been handed to PwC and Capita, which is facing investigations over its handling of customer data in a ransomware incident Continue Reading

Podcast: Containers, Kubernetes, data protection and compliance

Containers offer benefits to application deployment, but they proliferate, so tracking them for compliance purposes can be a challenge. We talk to Mathieu Gorge, CEO of Vigitrust Continue Reading

TSB calls on Meta to intervene and protect users from fraud losses of £250m this year

TSB is the latest bank to demand more action from social media sector in helping to reduce online fraud Continue Reading

Arnold Clark data leak victims prepare legal action

More than 10,000 people who had their data stolen and leaked in a ransomware attack on the Arnold Clark car dealer network have signed up to a group legal action after facing elevated amounts of fraud Continue Reading

(ISC)² and CIISec set out to make cyber language more inclusive

Newly published guide on appropriate use of language in cyber security aims to help make the profession more inclusive for all Continue Reading

UK and US move closer to transatlantic data bridge deal

The British and American governments have committed, in principle, to a new data bridge agreement that will ease the free flow of personal data across the Atlantic Continue Reading

UK gets new rules to regulate crypto sector

The Financial Conduct Authority is introducing new rules to regulate the cryptoasset sector, after being handed a government remit to oversee crypto promotions Continue Reading

Regulatory ‘lacuna’ around facial recognition threatens rights

The UK is heading for a “legal quagmire” around live facial recognition if the government and regulators do not take action to rein in use of the technology before it becomes ubiquitous Continue Reading

Bishop Fox’s Vinnie Liu talks offensive security skills

There is growing demand for offensive security testing, but it needs a multi-layered skillset that can be hard to quantify. Bishop Fox’s CEO and co-founder explains why and some potential mitigation strategies Continue Reading

Podcast: Storage, backup, AI and data classification at RSA 2023

Much discussion at RSA 2023 about artificial intelligence, the risks to data protection, storage and compliance, plus risk and data classification, especially its impacts on access and data management Continue Reading

UKtech50 2023 winner: Michelle Donelan/Chloe Smith, secretary of state, DSIT

Computer Weekly looks at the achievements and successes of the Department for Science, Innovation and Technology, as its secretary of state is recognised as the most influential person in UK technology for 2023 Continue Reading

Clop cyber gang claims MOVEit attack and starts harassing victims

The Clop cyber extortion and ransomware operation is demanding organisations pay a ransom to avoid data stolen via an exploited vulnerability in a file transfer product being leaked Continue Reading

Google launches hacker-backed SME security training scheme

Citing research that shows almost half of SMEs are struggling to recruit cyber security specialists, Google is launching a programme designed to upskill more people to fill thousands of vacant roles Continue Reading

Bank of International Settlement sets up channel secure from quantum breach

The Bank of International Settlement has worked with two of Europe's central banks to explore preventing the security risks posed by quantum computers Continue Reading

Discovering the Diversity Process Flow in cyber

The UK Cyber Security Council's Simon Hepburn explains the Council's new Diversity Process Flow framework, and outlines its potential implications for ethnic minorities in the cyber sector Continue Reading

Met Police director of intelligence defends facial recognition

The Met Police’s director of intelligence has appeared before MPs to make the case for its continuing use of facial-recognition technology, following announcements from the force and the Home Office that they intend to press on with its adoption Continue Reading

Generative AI – the next biggest cyber security threat?

Following the launch of ChatGPT in November 2022, several reports have emerged that seek to determine the impact of generative AI in cyber security. Undeniably, generative AI in cyber security is a double-edged sword, but will the paradigm shift in favour of opportunity or risk? Continue Reading

Security Think Tank: A brief history of (secure) coding

From controlling who was allowed to work with IBM mainframes to present-day DevSecOps techniques, the concept of secure coding has a longer history than you might think Continue Reading

Downstream breaches of Capita customers spreading

As many as 90 organisations that used Capita services have now reported data breaches arising from various security incidents at the outsourcer Continue Reading

Cisco joins growing Manchester cyber security hub

Networking kingpin signs up to Greater Manchester Digital Security Hub to support centre’s work on security resilience and skills Continue Reading

Five key steps where there is a risk of fraud investigation

When fraud investigators come knocking, there are some important ways in which management and senior IT professionals can make sure their company is best protected. Continue Reading

Cabinet Office publishes response to data sharing for digital ID consultation

The majority of respondents to government’s consultation on data sharing for digital identity are critical to the plans and concerned about data privacy, but Whitehall’s response says many of the responses ‘were driven by anti-digital commentaries’ Continue Reading

Almost all ransomware attacks target backups, says Veeam

Some 93% of ransomware attacks go for backups and most succeed, with 60% of those attacked paying the ransom, according to a Veeam survey Continue Reading

Kuwait bank introduces biometric payments card

Middle East bank launches payment cards with fingerprint sensor technology embedded Continue Reading

Cohesity Turing aims AI tools at backup and ransomware

Backup supplier continues to enrich its ecosystem with more artificial intelligence for backup and ransomware, with chat-like reporting functions and new security partners in its alliance Continue Reading

Facebook owner Meta fined record €1.2 billion over EU-US data transfers

Decision could have implications for other companies using Standard Contractual Clauses to share data between Europe and the US Continue Reading

How AI ethics is coming to the fore with generative AI

The hype around ChatGPT and other large language models is driving more interest in AI and putting ethical considerations surrounding their use to the fore Continue Reading

Let’s put an end to secrecy and cover-ups in ransomware attacks

The NCSC and the ICO are calling for organisations to bite the bullet and be more open about cyber security and ransomware incidents, and the community is firmly behind them Continue Reading

Australia to shore up cyber and digital capabilities in Budget 2023

Australia is spending more than A$2bn to strengthen cyber resilience, improve digital government services and fuel AI adoption, among other areas, in its latest budget Continue Reading

Journalists’ confidential communications subject to unlawful spying, court hears

Campaign group Liberty and the National Union of Journalists tell Court of Appeal the government has not gone far enough to protect confidential journalist information and sources from surveillance Continue Reading

Black Basta ransomware attack to cost Capita over £15m

Exceptional costs arising from the March 2023 Black Basta ransomware attack on the systems of outsourcer Capita will be somewhere between £15m and £20m, the organisation says Continue Reading

OVHcloud aims to bring Glacier-like cloud archive to Europe

OVHcloud makes Cold Archive GA with deep archive storage cheaper than AWS’s offer and all based on IBM 3592 tape hardware spread across four sites with Atempo backup Continue Reading

Chat control: EU lawyers warn plans to scan encrypted messages for child abuse may be unlawful

Leaked legal advice warns that European ‘chat control’ proposals to require tech companies to scan private and encrypted messages for child abuse are likely to breach EU law Continue Reading

Capita pension clients told data may have leaked

Capita has told trustees of some of the pension funds for which it provides outsourced services that their customer data may have been stolen by the Black Basta ransomware operation Continue Reading

Santander reports increase in scams and admits fraud head was impersonated

Santander has reported an increase in impersonation scams, and admitted its own head of fraud was impersonated by a fraudster Continue Reading

Cyber Action Plan for Wales launched

The devolved Welsh government has set out four priorities in an action plan designed to foster cyber resilience, talent and innovation across the country Continue Reading

Government anti-fraud strategy targets the tech behind the scams

The UK government’s anti-fraud strategy proposes to make it much harder for criminals to target their victims by cracking down on the exploitation of technology Continue Reading

Data classification tools: What they do and who makes them

Data classification is necessary for all organisations for reasons that range from simply putting data on the most cost-efficient media to ensuring legal and regulatory compliance Continue Reading

US competition watchdog issues generative AI warning

Generative AI can be used to manipulate people into making harmful decisions, says US Federal Trade Commission in warning to firms building and using AI-powered tools Continue Reading

UK Cyber Security Council launches certification mapping tool

Cyber careers body aims to offer clarity for professionals seeking to advance through security certification Continue Reading

Tackling the challenges of data sovereignty in a multi-cloud world

This is a guest post by Andy Ng, vice-president and managing director for Asia South and Pacific region at Veritas Technologies The shift to public cloud adoption is alluring, driven by the ... Continue Reading

Government is playing ‘psychic war’ in battle over end-to-end encryption

Peers hear that the UK government is being deliberately ambiguous about its plans to require technology companies to scan the content of encrypted messages Continue Reading

Police Scotland receive formal notice about cloud system

Scotland’s biometrics watchdog has issued Police Scotland with an information notice over its deployment of a cloud-based digital evidence system, following disclosure of major data protection concerns by Computer Weekly Continue Reading

CISOs under-supported, under pressure, Trellix finds

The vast majority of CISOs say they are finding it difficult to get sign-off on the resources they need to do their job Continue Reading

Podcast: Ransomware, data protection and compliance

Ransomware is a huge and ever-present threat, but there are ways to avoid it and to mitigate its effects. We get key practical steps from Mathieu Gorge, CEO of Vigitrust Continue Reading

How non-fungible tokens can be used to manage health data

Non-fungible tokens will give patients more ownership and control over their health data and improve its transparency in healthcare research, according to SingHealth clinicians Continue Reading

Most IT staff uncomfortable deploying surveillance tech at work

The IT teams responsible for deploying and running digital surveillance in workplaces say they are uncomfortable with “extremely common” practice of spying on colleagues, research finds Continue Reading

Security Think Tank: Going beyond IAM for cloud security

Managing access and privilege across complex and powerful cloud tooling is not a straightforward task; but there are some key considerations that can help security teams stay on top of identities in the cloud Continue Reading

UK biometrics watchdog questions police cloud deployments

The UK biometrics commissioner has warned that policing and justice bodies must be able to demonstrate ‘immediately and unequivocally’ that their cloud deployments are lawful Continue Reading

CyberUK 23: New advice on smart city security issued

The NCSC and key allies have drawn up new guidance to help communities balance the cyber security risks involved with creating smart cities Continue Reading

Online Safety Bill could pose risk to encryption technology used by Ukraine

CEO of encrypted messaging service Element says Online Safety Bill could pose a risk to the encrypted comms systems used by Ukraine Continue Reading

New GovAssure cyber regime launches across UK government

An enhanced cyber security regime is being put in place to better protect UK government IT systems from growing threats Continue Reading

UK plc sees fewer cyber breaches and attacks, but lacks resilience

Latest government figures reveal UK businesses and charities reported lower volumes of cyber breaches and attacks over the past 12 months, but the statistics mask widespread underreporting and the true state of cyber readiness and resilience appears poor Continue Reading

Surrey and Sussex police spared fines after recording 200,000 phone calls without people’s knowledge

Police forces escape potential £1m fines following change of policy by ICO to protect the finances of public sector bodies Continue Reading

CyberUK 23: NCSC launches Cyber Advisor service for SMEs

The UK’s NCSC has launched an industry assurance scheme designed to address the needs of SMEs, and is calling for potential advisors to step up and help out Continue Reading

Global finance firms take part in NATO cyber attack simulation

Global financial services organisations take part in NATO annual event which simulates cyber attacks on critical infrastructure Continue Reading

CyberUK 23: NCSC conference centres cyber collaboration

The NCSC’s annual CyberUK conference gets underway in Belfast this week, with collaboration and cooperation high on the agenda Continue Reading

Focus on these three risky behaviours to boost cloud security

Some 80% of cloud security alerts are triggered by just 5% of security rules. Security teams can substantially improve their resilience by zeroing in on a small set of risky behaviours, according to a report Continue Reading

Why IAM systems are crucial for securing multicloud architecture

As business tools evolve into cloud-based services, organisations are finding themselves becoming ever more reliant on the cloud, but how can data be secured across so many different platforms? Continue Reading

UK presses on with post-Brexit data protection reform

The revised version of the Data Protection and Digital Information Bill has had its second reading in Parliament as the government presses on with post-Brexit changes, but critics remain sceptical that the EU will be convinced to maintain the UK's data adequacy agreement Continue Reading

Charity data stolen in ransomware attack on supplier

A number of charities in Ireland and the UK have had their data compromised following a ransomware attack on an IT supplier Continue Reading

UK joins key allies to launch secure-by-design guidelines

The UK has joined international partners in sharing new advice to help technology companies embed security into the product design and development process Continue Reading

6 open source GRC tools compliance professionals should know

Today's organizations need to meet a variety of regulatory compliance requirements. Here's a look at six open source GRC tools and what features each one offers. Continue Reading

With cyber attacks on the rise, businesses should prepare for quantum hacks now

Advances in quantum computing have brought the world is on the cusp of a technological revolution, but it is not without risk. Find out why you should start to prepare for post-quantum cryotography today. Continue Reading

UK police double down on ‘improved’ facial recognition

The Met and South Wales Police have doubled down on their use of facial recognition technology after research found improved accuracy in their algorithms when using certain settings, but civil society groups maintain that the tech will still be used in a discriminatory fashion Continue Reading

April Patch Tuesday fixes zero-day used to deliver ransomware

A zero-day in the Microsoft Common Log File System that has been abused by the operator of the Nokoyawa ransomware is among 97 vulnerabilities fixed in April’s Patch Tuesday update Continue Reading

Okta integrates with Singapore’s national digital ID system

The integration with Singpass will let Okta customers authenticate consumers using Singapore’s national digital ID system and is expected to expand the company’s reach in regulated industries Continue Reading

Anne Keast-Butler named as new director of GCHQ

The government has appointed current MI5 deputy director general Anne Keast-Butler to head signals and cyber agency GCHQ Continue Reading

KFC, Pizza Hut data stolen in January ransomware attack

Yum!, the parent organisation behind KFC and Pizza Hut in the UK, has disclosed that employee data was accessed and exfiltrated in a January 2023 ransomware attack Continue Reading

IBM's Nataraj Nagaratnam on the cyber challenges facing cloud services

Governments are introducing increasingly prescriptive data protection policies, but with organisations becoming ever more reliant on multiple cloud service platforms for essential business needs, how can they ensure they meet regulatory requirements? Continue Reading

Prioritise automated hardening over traditional cyber controls, says report

A report from strategic risk specialist Marsh McLennan advises security buyers to funnel their budgets towards automated cyber security hardening techniques, saying they have a much better chance of reducing risk in a meaningful way Continue Reading

Italy’s ChatGPT ban: Sober precaution or chilling overreaction?

Italy’s data protection authority issued a temporary ban on ChatGPT citing data protection concerns and alleged breaches of the GDPR. Is this a reasonable precaution, or a chilling restriction on personal freedoms? Continue Reading

TikTok fined in UK over unlawful use of children’s data

The ICO has fined TikTok £12.7m for breaches of data protection law, including unlawfully collecting data on children under 13 Continue Reading

National Cyber Force carrying out daily hacking operations to disrupt hostile threats

Government discloses details about the National Cyber Force’s disruption activities against terrorists, organised criminals and nation states – and names first NCF chief as James Babbage Continue Reading

Australia’s media and telecoms sector saw most data breaches in 2022

The media and telecoms industry accounted for the bulk of stolen credentials in Australia in 2022, underscoring the need to shore up the country’s cyber security posture Continue Reading

NCSC issues revised security Board Toolkit for business leaders

National Cyber Security Centre calls on CEOs and senior business leaders to take a more hands-on approach to cyber resilience with the launch of revised board-level tools Continue Reading

Preventing artificial deception in the age of AI

The proposals contained in Westminster’s AI whitepaper are a good start, but more creative thinking and investment will be required to achieve a truly pro-innovation regulatory environment Continue Reading

How organisations can weaponise data privacy

Organisations should turn data privacy into a competitive advantage and look beyond regulatory compliance to build a privacy programme that aligns with business targets, says Gartner Continue Reading

Europol warns cops to prep for malicious AI abuse

In a report looking at how large language models can be used by criminals, Europol’s Innovation Lab calls on law enforcement agencies to prepare themselves for wide-ranging impacts on their work Continue Reading

Ethical hackers urged to respond to Computer Misuse Act reform proposals

The deadline for submissions to the government’s consultation on reform of the Computer Misuse Act is fast approaching, and ethical hackers and security experts need to make their voices heard, says Bugcrowd Continue Reading

Is TikTok really a security threat to your business?

In this week’s Computer Weekly, with the UK government becoming the latest administration to ban TikTok, we ask whether the controversial social media app is really a security threat to enterprises. Technology guru Bruce Schneier tells us about the need to take back control of AI and the personal data it relies on. And we look at how firms are trying – and failing – to make AI work for online content moderation. Read the issue now. Continue Reading

France latest to ban TikTok on government devices

Following bans in the UK and US, France has moved to enact restrictions on TikTok, and other social media apps, on government devices Continue Reading

Why Veeam thinks ransomware warranty payouts are unlikely

Veeam Data Platform v12 offers a financial guarantee to customers that can’t restore after ransomware attacks, but the backup supplier is convinced it won’t be making many payouts Continue Reading

Nordics move towards common cyber defence strategy

Nordic countries agree to work together to improve their cyber defences amid increasing threat Continue Reading

UK TikTok ban gives us all cause to consider social media security

The UK government’s ban on TikTok should give all organisations cause to look into what information social media platforms are collecting on us, and what they are using it for Continue Reading

UK government to create code of practice for generative AI firms

The code will look to strike a balance between copyright holders and generative AI firms so that both parties can benefit from the use of copyrighted material in training data Continue Reading

TikTok banned on UK government devices

The UK government has followed in the footsteps of its US and European counterparts and banned the use of Chinese social media app TikTok on official devices Continue Reading

MI5 to oversee new National Protective Security Authority

The new National Protective Security Authority will address various national security threats including state-sponsored cyber espionage against UK targets Continue Reading

Technology minister Michelle Donelan defends data reforms

Secretary of state Michelle Donelan has defended the government’s new data reforms as providing certainty for businesses while simultaneously retaining high standards of data protection, but industry figures are having mixed reactions Continue Reading

How ForgeRock is tackling identity management

ForgeRock CEO Fran Rosch has set the identity and access management software supplier on a path to deliver a frictionless identity experience without compromising security or privacy Continue Reading

Nine in 10 enterprises fell victim to successful phishing in 2022

Egress annual email security risk report breaks down impacts of email-based phishing attacks and data loss, and the effect these can have on organisations in terms of staff retention and morale Continue Reading