In this article, we outline the main elements of DORA, as well as key recommendations for preparing effectively for this important new regulation.

In the ever-expanding world of cloud computing, one thing has become glaringly clear: identities are no longer just user profiles—they are the keys to the kingdom. As businesses race to harness the power of the cloud, they must also confront a growing menace: the risk posed by poorly managed identities. Imagine leaving your front door unlocked in a neighborhood known for break-ins — that’s what weak identity management is like in the cloud.

Read also: A money launderer for the Lazarus hackers arrested in Argentina, US offers $2.5M for the Angler hacker, and more.

The enterprise technology landscape has changed significantly, driven by the rapid adoption of cloud technologies, evolving IT infrastructures, and evolving exploitation activities. This transformation requires that organizations take an updated approach to vulnerability management—one that goes beyond the traditional focus on patch management to encompass a broader spectrum of risks.

Securing the cloud has become increasingly complex as organizations adopt hybrid and multi-cloud resources to meet their demanding business requirements. It’s also more crucial than ever: From 2022 to 2023, CrowdStrike identified a 75% increase in cloud intrusions.

Tool sprawl is an expensive aspect of technical debt. IDC recently found that 43% of organizations doing business in the Americas have 500 or more software applications in their portfolios today (Application Services — Worldwide Regions, 2023, IDC #US50490416, April 2023). In the area of monitoring and observability tools alone, 50% of companies reported having between 11 and 40 tools.

As developers, we're constantly juggling features, fixes, and deadlines. Yet, a lurking issue has been surprisingly overlooked: the continued use of vulnerable Log4j and Spring Framework versions in many projects. Despite the high-profile exposure of Log4Shell and Spring4Shell vulnerabilities, a shocking number of applications are still running on these ticking time bombs. This isn't just a minor oversight — it's a major risk.

The rise of SaaS applications and solutions has revolutionized the way we work. However, the unsanctioned use of these tools, known as shadow IT and shadow SaaS, poses a significant risk to corporate networks. A recent study reveals that the top risks associated with these practices include data loss (65%), lack of visibility and control (62%), and data breaches (52%). In fact, one in ten companies surveyed suspect that the use of tools without the consent of their IT teams has led to a data breach.

CrowdStrike is excited to announce we have been named a leader in Frost & Sullivan’s Cloud Workload Protection Platform (CWPP) Radar for the second consecutive year. This recognition validates our continued innovation and growth in cloud security and our commitment to providing a unified cloud security approach and powerful workload security capabilities.

Ever since systems started restricting access through passwords, the trial and error method has been used to crack them. But even today, brute force attacks remain a serious danger for organizations. According to the 2024 Data Breach Investigations Report by Verizon, the brute force technique accounts for 21% of all basic web application attacks.