Security policy and user awareness
-
Opinion
03 Jul 2024
Cyber Essentials at 10: Success or failure?
The Cyber Essentials scheme passed its 10th anniversary in June 2024. CyberSmart's Adam Pilton reflects on progress and argues that more needs to be done to raise security awareness among Britain's small business community Continue Reading
-
Opinion
02 Jul 2024
Security Think Tank: Securing today's ubiquitous cloud environment
The Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage Continue Reading
-
Opinion
16 Dec 2019
Security Think Tank: Data-centric security requires a holistic approach
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading
-
News
16 Dec 2019
Barco fixes ClickShare wireless flaw, but users still at risk
Supplier patches a major vulnerability in its popular ClickShare wireless presentation system with a firmware upgrade, but experts warn that users are not out of the woods yet Continue Reading
-
Opinion
16 Dec 2019
We can’t allow fake news and disinformation to upend our democracy
Fake news, misinformation and cyber attacks are part of our political process – now is the time to act Continue Reading
-
News
13 Dec 2019
Alarm bells ring, the IoT is listening
With Christmas bearing down on us, a series of vulnerability disclosures has drawn attention to the parlous state of IoT security, and serves as a timely warning to people planning to buy smart devices as gifts Continue Reading
-
Opinion
13 Dec 2019
Security Think Tank: Data-centric security requires context and understanding
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading
-
Opinion
11 Dec 2019
Security Think Tank: Risk-based response critical to protect data
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading
-
News
09 Dec 2019
Public sector still losing user devices in high numbers
The Ministry of Justice has lost 354 smartphones, PCs, laptops and tablets in the past 12 months, according to a Freedom of Information request, and other government departments are in the same boat Continue Reading
-
News
09 Dec 2019
China bans foreign computing kit from government contracts
All government offices and public institutions must eliminate foreign hardware and software within three years, according to a leaked directive dubbed 3-5-2 Continue Reading
-
News
06 Dec 2019
How commodities firm ED&F Man solved its threat detection challenges
After a minor server breach, leading commodities trader turned to Vectra’s Cognito service to expose hidden threats, spot privilege misuse, and conduct conclusive investigations Continue Reading
-
News
06 Dec 2019
Dutch government must facilitate and coordinate a broad eID system
The Dutch government should push for an electronic ID system for its citizens that works across the public and private sectors, according to a report Continue Reading
-
Opinion
06 Dec 2019
Security Think Tank: Is data more or less secure in the cloud?
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading
-
Opinion
05 Dec 2019
Security Think Tank: Time for a devolution of responsibility
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading
-
News
05 Dec 2019
Two Russians indicted over Dridex and Zeus malware
The US Department of Justice has indicted two Russian citizens over their alleged role in the distribution of the virulent Bugat, or Dridex, and Zeus banking trojans Continue Reading
-
News
05 Dec 2019
Cyber Girls First volunteers encourage girls to think high-tech
More than 80 schoolgirls spent a day learning about computer hackers and rocket science – Cyber Girls First hopes they will become the next generation of technologists Continue Reading
-
News
05 Dec 2019
Black Hat Europe: Mental health websites are leaking user data
At Black Hat Europe in London, researchers reveal the extent to which confidential data is being leaked to third parties by online mental health websites Continue Reading
-
News
04 Dec 2019
Black Hat Europe: Red teams and blue teams must evolve in the 2020s
The red team versus blue team dichotomy is somewhat arbitrary and risks pigeonholing skilled security professionals into certain roles, says Facebook’s Amanda Rousseau Continue Reading
-
Opinion
04 Dec 2019
Security Think Tank: Optimise data-centric strategies with AI
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading
-
Opinion
03 Dec 2019
Cyber security: How to avoid a disastrous PICNIC
Fieldfisher’s David Lorimer examines how individual employees often facilitate cyber attacks, and what can be done to reduce the risk Continue Reading
-
News
03 Dec 2019
Tenable buys Indegy to integrate IT and OT security
Acquisition of industrial security specialist Indegy will create a unified, risk-based platform spanning both IT and OT security for Tenable Continue Reading
-
Opinion
03 Dec 2019
Security Think Tank: In-depth protection is a matter of basic hygiene
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading
-
News
03 Dec 2019
Chinese web users take more risks than Brits or Americans
A research paper published by the University of Birmingham seems to show that differences in cultural values have an impact both on risky behaviour online and legal regulation Continue Reading
-
News
02 Dec 2019
Top Android apps at risk from StrandHogg vulnerability
Researchers at Promon say all of the 500 most-downloaded Android apps are at risk from a newly discovered vulnerability Continue Reading
-
News
29 Nov 2019
TfL locks down Oyster accounts to ward off credential stuffing
Mandatory password reset for all travellers who use Oyster and contactless payment systems follows minor breach incident earlier in 2019 Continue Reading
-
News
29 Nov 2019
Hack Friday: This Christmas, fight back against cyber criminals
It’s nearly Christmas, and cyber attacks and fraud attempts in the retail sector are ramping up. Is it time to panic? And is there anything we can do beyond hammering home the message around basic cyber security hygiene? Continue Reading
-
Feature
28 Nov 2019
Get ready for CCPA: Implications for UK businesses
The California Consumer Privacy Act, a wide-ranging data privacy and consumer protection law, comes into effect on 1 January 2020. How does CCPA differ from the EU GDPR regulations and what are the responsibilities for UK businesses operating in the US? Continue Reading
-
News
28 Nov 2019
Top APAC security predictions for 2020
More attacks on critical infrastructure, supply chain vulnerabilities and file-less attacks are some of the security threats that enterprises should keep an eye on next year Continue Reading
-
News
26 Nov 2019
Enterprises muddled over cloud security responsibilities
A McAfee study suggests that 2020 will be a big year for cloud adoption, but confusion still persists over who is responsible for securing it Continue Reading
-
News
25 Nov 2019
Uber app exploit posed safety risk to passengers
A flaw in Uber’s system meant thousands of trips in London were taken with unauthorised drivers at the wheel Continue Reading
-
News
25 Nov 2019
Conservatives propose national cyber crime force
Manifesto also says Tories would “empower the police to safely use new technologies like biometrics and artificial intelligence, along with the use of DNA, within a strict legal framework” Continue Reading
-
News
22 Nov 2019
Some 29,000 UK web domains suspended for criminal activity
Domain suspensions for criminal activity over the past year has dropped for the first time since 2014 Continue Reading
-
Opinion
21 Nov 2019
Security Think Tank: Stopping data leaks in the cloud
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading
-
News
20 Nov 2019
Mimecast blocked 99 billion suspicious emails in third quarter
Latest threat intelligence report reveals the scale of the threat posed by malicious emails, with the transport, legal and financial sectors hit hardest Continue Reading
-
News
20 Nov 2019
Massive increase in fraud attacks on TSB customers during IT meltdown
There was a massive spike in attempts by fraudsters to steal from TSB customers when the bank’s IT systems failed in 2018 Continue Reading
-
News
20 Nov 2019
Conservatives slammed over social media trickery
The Conservative Party has been caught spreading online disinformation during the General Election campaign for a second time Continue Reading
-
News
19 Nov 2019
Public sector risks downplayed by senior IT leaders
Sophos reveals a significant cyber security perception gap between senior IT and security leaders in the public sector and their front-line teams Continue Reading
-
News
14 Nov 2019
Cyber criminals tool up for Christmas fraud season
Organised criminals are trying to cash in on the festive retail boom with both brand new and tried-and-tested techniques Continue Reading
-
News
13 Nov 2019
Business leaders fibbing to cover up lax security posture
Nominet study finds evidence that many businesses tout the robustness of their security posture as a selling point even though their security teams lack confidence in themselves Continue Reading
-
News
13 Nov 2019
Attack on Labour shows need for DDoS defence but should alarm few
After being hit by two DDoS attacks in the space of 24 hours, many commentators are convinced the UK’s Labour Party is the victim of foreign interference in the General Election campaign. It probably isn’t Continue Reading
-
Feature
13 Nov 2019
Taking responsibility for security in the cloud
From accidental leaks to full-on data breaches, maintaining security across cloud services is becoming a headache for enterprises. What questions should organisations be asking of their cloud service provider and, ultimately, whose responsibility is cloud security anyway? Continue Reading
-
News
13 Nov 2019
Cyber risk insurance is more than just insurance
Insurance companies such as Chubb are offering incident response services and security tools to help companies improve their cyber security posture and better cope with cyber attacks Continue Reading
-
News
12 Nov 2019
Nordic SMEs lack the money needed for cyber security
Businesses and governments in Denmark and Norway are working together to address a cyber security shortfall for SMEs in each country Continue Reading
-
News
12 Nov 2019
PCI DSS payment security compliance drops again
Worldwide, barely one-third of companies are maintaining full compliance with the PCI DSS security standard – and the numbers are falling Continue Reading
-
News
12 Nov 2019
‘Robust’ security foils cyber attack on Labour Party
Labour claims to have been the victim of a cyber attack, but says it is confident no data leaked Continue Reading
-
News
12 Nov 2019
Shared responsibility model key to solving 5G security problem
Both buyers and sellers need to cooperate to solve the thorny issues around 5G security Continue Reading
-
News
08 Nov 2019
Security pros urged to get ahead of incoming BlueKeep exploits
The BlueKeep RDP vulnerability is beginning to be exploited in the wild, and security teams have no excuse for not trying to get in front of it, says Microsoft Continue Reading
-
Opinion
08 Nov 2019
Security Think Tank: Base cloud security posture on your data footprint
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading
-
Opinion
07 Nov 2019
Security Think Tank: Cloud security is a shared responsibility
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading
-
News
07 Nov 2019
Amazon Ring video doorbell flaw left users open to attack
A vulnerability in Amazon’s Ring video doorbells left the internet-of-things devices open to a variety of attacks Continue Reading
-
Opinion
07 Nov 2019
Security in the supply chain – a post-GDPR approach
A year and a half after the introduction of the EU’s General Data Protection Regulation, Fieldfisher's James Walsh reviews the fundamentals of supply chain security Continue Reading
-
News
06 Nov 2019
Trend Micro insider breach exposes need for data-centric protection
Simple measures could have saved consumer security product supplier from insider breach Continue Reading
-
Opinion
06 Nov 2019
What changes are needed to create a cyber-savvy culture?
PA Consulting's Cate Pye considers the people and process changes that are necessary to build a security aware business culture Continue Reading
-
Opinion
06 Nov 2019
Security Think Tank: Adapt security posture to your cloud model
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading
-
Blog Post
05 Nov 2019
Making sense of the current UK Cybersecurity Skills scene
But that is for the future. For the here and now I strongly recommend participation in the DPA cybersecurity skill sub-group in order to make sense of what it happening and ensure that your needs, ... Continue Reading
-
Opinion
05 Nov 2019
Security Think Tank: The cloud needs security by design
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading
-
News
05 Nov 2019
ICO launches data security campaign for UK General Election
Information commissioner Elizabeth Denham launches campaign to remind the public of their rights when personal data is used for political purposes Continue Reading
-
Opinion
04 Nov 2019
Security Think Tank: Secure the cloud when negotiating contracts
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading
-
News
04 Nov 2019
Sumo Logic buys into cloud security software market
Jask’s cloud-native autonomous security operations software will be integrated into Sumo Logic’s intelligence platform Continue Reading
-
Blog Post
03 Nov 2019
Insurability is the key to Cybermaturity
Most organisations are uninsurable. They spend large amounts on security products and services technology but they are not doing that which reduces the risk of a successful cyberattack, limits the ... Continue Reading
-
Opinion
01 Nov 2019
Security Think Tank: In the cloud, the buck stops with you
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading
-
News
01 Nov 2019
Banks let customers down with mixed approaches to security
Treasury Committee report recommends new measures to tackle financial fraud Continue Reading
-
News
30 Oct 2019
What will succeed the National Cyber Security Strategy?
As the National Cyber Security Strategy nears the end of its working life, the government is considering what comes next, and is asking probing questions of its successes and failures Continue Reading
-
Opinion
28 Oct 2019
Security Think Tank: Embedding security in governance
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading
-
Feature
28 Oct 2019
Security puzzle calls for some joined-up thinking
The age of digitisation brings new risks to organisations, so security needs to be more integrated Continue Reading
-
Blog Post
24 Oct 2019
Hack the Kop – the Reds are sitting ducks
Liverpool may be flying high at the top of the Premier League table right now, but when they get home after a hard-fought 90 minutes, their fans are the most likely to have had their personal data ... Continue Reading
-
News
24 Oct 2019
Endpoint security is a procurement issue, says HP, IDC study
Report warns that buyers are falling at the first hurdle on security by not including it in their endpoint RFPs and tenders Continue Reading
-
News
23 Oct 2019
Take responsibility for cyber security basics, urges NCSC CEO
At the launch of its third annual review, NCSC head Ciaran Martin appealed for individuals and businesses to address the fundamentals of cyber security hygiene to help lighten the load Continue Reading
-
News
22 Oct 2019
Banks move to contain impact of Samsung biometric flaw
NatWest and Nationwide have moved to lock down their mobile banking apps after Samsung warned of a biometric security flaw on its Galaxy and Note S10 devices Continue Reading
-
News
22 Oct 2019
Malware volumes decline, but risks are higher
More insidious and targeted strains of malware are going after high-quality targets, rather than a large volume of targets Continue Reading
-
News
22 Oct 2019
Attacker hit VPN firm Avast through its VPN
Avast has published details of how attackers attempted to gain access to its network over a five month period Continue Reading
-
Blog Post
22 Oct 2019
Secure Bacon Butties With Gherkin But No Gherkins
Had my first visit to The Gherkin recently at a “mini” Netevents security briefing in London. I can certainly recommend the brioche-bun bacon butties with a view of the London rain from the 38th ... Continue Reading
-
News
22 Oct 2019
Over-30s tend to do better at cyber security than younger colleagues
Attitudes to workplace cyber security differ by age group, but not in the way one might imagine, according to a new study by NTT Security Continue Reading
-
News
21 Oct 2019
Equifax lawsuit offers more evidence against passwords
Equifax’s internal security policies were a mess and directly led to one of the largest recorded data breaches in history, according to a lawsuit, demonstrating fundamental insecurities inherent in the use of passwords Continue Reading
-
News
21 Oct 2019
Trend Micro buys cloud security firm to broaden offering
Acquisition of Cloud Conformity will address often overlooked cloud security fundamentals Continue Reading
-
News
21 Oct 2019
Sodinokibi emerging as a diverse, multi-vector threat to businesses
McAfee shares insight into the Sodinokibi ransomware campaign gleaned from its network of honeypots Continue Reading
-
News
18 Oct 2019
Huge rise in rogue banking apps driving fraud attacks
Fraud perpetrated through fake mobile apps purporting to be from legitimate banks has seen a statistically significant spike, says RSA Continue Reading
-
News
17 Oct 2019
NHSX could transform NHS security capabilities
The health sector is increasingly confident that NHSX can deliver a streamlined, effective cyber security policy for the health service Continue Reading
-
Opinion
17 Oct 2019
Security Think Tank: Focus on metrics to manage risk
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading
-
News
16 Oct 2019
Pitney Bowes ‘considering options’ after malware attack
Mailing and shipping services firm in recovery mode after key systems were encrypted by a malware attack Continue Reading
-
Opinion
16 Oct 2019
Security Think Tank: Embed security professionals in your risk strategy
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading
-
News
15 Oct 2019
Attackers hunt iPhone jailbreakers in click fraud campaign
Research by Cisco’s Talos threat intel unit has identified a new click fraud campaign targeting people looking to jailbreak their iPhone devices Continue Reading
-
Opinion
15 Oct 2019
Security Think Tank: Risk management must go beyond spreadsheets
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading
-
Opinion
14 Oct 2019
Security Think Tank: Consider risk holistically, not just from an IT angle
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading
-
Feature
11 Oct 2019
McAfee’s push for secure cloud adoption
Organisations must do more to secure their cloud environments as malicious actors increasingly focus their attention on exploiting cloud vulnerabilities, says McAfee Continue Reading
-
Feature
10 Oct 2019
Data management strategies are evolving – so must enterprises
A growing number of data-driven initiatives, alongside heightened demand for security in governance, data management and compliance, has led to the rise of a more holistic approach – integrated risk management Continue Reading
-
Opinion
09 Oct 2019
Small business guide: How to keep your organisation secure from fraudsters and hackers
Doing a few things well can keep your organisation protected from common cyber attacks and fraudsters Continue Reading
-
Opinion
09 Oct 2019
Security Think Tank: The operational approach to integrated risk management
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading
-
Opinion
08 Oct 2019
Security Think Tank: Get basic security policy right, and the rest will follow
Paying attention to basic aspects of cyber security such as policy and permission will give you a sold base to build from Continue Reading
-
Opinion
07 Oct 2019
Security Think Tank: Risk is unavoidable in digital transformation
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading
-
News
03 Oct 2019
Local authorities hit by 800 cyber attacks every hour
Local authorities and councils in the UK have reported being hit by more than 263 million cyber attacks in the first six months of this year Continue Reading
-
News
03 Oct 2019
New threat group behind Airbus cyber attacks, claim researchers
Context Information Security’s threat intel and response teams says it has evidence that the recent supply chain attacks on Airbus are the work of a newly identified group called Avivore Continue Reading
-
News
27 Sep 2019
Nodersok malware campaign is infecting thousands, Microsoft warns
Thousands of Windows endpoints in the US and Europe have been infected by a new fileless malware campaign in the past few weeks Continue Reading
-
News
27 Sep 2019
Five million DoorDash customers’ details lost in data breach
Takeaway delivery service was breached in May 2019, resulting in the data of millions of users and delivery drivers being stolen Continue Reading
-
News
27 Sep 2019
GDPR compliance: Whose job is it and is it really possible?
Nobody seems to have a good handle on business GDPR compliance, how many businesses are compliant, or indeed what compliance really is, but according to security experts, it very much depends on who you talk to Continue Reading
-
News
24 Sep 2019
Enterprises exposed to data loss by cloud configuration errors
Only 1% of misconfigured cloud environments are spotted and attackers are capitalising on this, claims McAfee Continue Reading
-
News
24 Sep 2019
Google pushes back on scale of YouTube phishing threat
Millions of YouTubers may be at risk after some high-profile influencers reported their accounts were compromised in an apparent phishing attack, but the platform’s owner, Google, is not so sure Continue Reading
-
News
18 Sep 2019
Universities tempting targets for cyber criminals, warns NCSC
As hundreds of thousands of students prepare for the new academic year, universities have been warned that they are at high risk of cyber attack Continue Reading
-
News
18 Sep 2019
WannaCry variants accidentally protecting against WannaCry
New variants of the infamous WannaCry malware continue to emerge, and many of them have accidentally turned themselves into a somewhat effective, although ill-advised, vaccine against infection Continue Reading
-
News
18 Sep 2019
Emotet phishing botnet returns from summer vacation
The Emotet phishing trojan-turned-botnet is back in action after a three-and-a-half month break, say threat researchers Continue Reading
-
News
17 Sep 2019
Ecuador citizens’ data breach holds lessons for enterprises
What caused the mass breach of Ecuadorian citizens’ data, and what can businesses learn from it? Continue Reading
-
Blog Post
17 Sep 2019
PSD2 security deadline extension is not a reason for further can kicking
The extension of a compliance deadline for PSD2 should not be a signal for banks to reduce preperations Continue Reading