Cybersecurity methods are usually focused on protecting an organization from external risk factors, but insider attacks can be just as dangerous and costly as those that originate outside an organization. In fact, insider threats pose serious security risks because they typically involve individuals with authorized access to the organization’s systems, data, or networks.

Cloud configuration remains a critical priority for organizations leveraging cloud services, which today, is practically universal. Cloud misconfigurations, in turn, can lead to security vulnerabilities and compliance issues. That’s why it’s more important than ever for organizations to get this fundamental security function right. Here’s what you need to know about cloud misconfiguration, from what causes it to how to remediate it when it does occur. ‍

With the rise in cyberattacks, robust measures are essential to reduce attack surfaces and respond swiftly to threats. Compliance with regulations like the Digital Operational Resilience Act (DORA) is crucial to prevent severe penalties and ensure business continuity. This blog post looks at DORA and introduces our white paper about this important new European regulation.

With cyber attacks increasing in frequency and damage, it’s more important than ever for organizations to understand that an incident of any scale is more of a “when” than an “if.” That means that, as part of a comprehensive security strategy, organizations should not only focus on keeping threats out but also ensure that if a threat turns into an incident, they’re prepared to swiftly respond and recover.

We recently presented the webcast "Find Your Best Fit, Solving the Cybersecurity Framework Puzzle." Tyler Reguly, who is a senior manager of research and development at Fortra and a former professor at his alma mater, Fanshawe College, served as the host. Tyler offered his wisdom about integrating CIS Controls into a comprehensive cybersecurity plan for your organization.

For many years, Cloudflare has used advanced fingerprinting techniques to help block online threats, in products like our DDoS engine, our WAF, and Bot Management. For the purposes of Bot Management, fingerprinting characteristic elements of client software help us quickly identify what kind of software is making an HTTP request. It’s an efficient and accurate way to differentiate a browser from a Python script, while preserving user privacy.

The Digital Operational Resilience Act (DORA) is set to reshape the landscape of financial services in the European Union. But its impact extends beyond EU borders, particularly affecting UK-based Information and Communication Technology (ICT) service providers. Let’s explore how DORA might influence these providers and what steps they should consider taking.

On Sunday, June 2nd 2024, a fix commit was pushed for a vulnerability in GNU’s popular Wget tool. Two weeks later, the vulnerability was assigned the ID CVE-2024-38428 and later was classified as a critical vulnerability – with a CVSS score of 9.1. In this blog, we take a dive deep into this threat by seeing what caused it, what consequences it might have, and how it can be mitigated.

In theory, patch management should be trivially easy for a company to manage.

Almost every company has a system for organizing file storage, which employees use regularly. Streamlining data storage in a corporate environment is not just about improving business processes; it is also about ensuring security. It is challenging to protect data if you do not know where it is stored, what it contains, its value, who owns it, who has access to it, and what its most significant threats are. This is where Data-Centric Audit and Protection (DCAP) systems come into play.