Search here...
Speak to a cibersecurity expert
Get in touch for a no obligation quote

    Author: Balwurk

    Balwurk > Articles by: Balwurk

    Vulnerability Management in Organisations: Common Mistakes and Best Practices

    Scanning tools, technical testing, monitoring platforms and automated alerts have become common across many organisations and, as a result, most are now able to identify vulnerabilities.  However, this has not translated into an equivalent reduction in the number of incidents. The problem rarely lies in the lack of…

    Read More
    Shadow IT and Shadow AI: The invisible risk organisations cannot afford to ignore

    Shadow IT and Shadow AI: The invisible risk organisations cannot afford to ignore

    For years, cybersecurity strategies have largely focused on external threats: ransomware, phishing, vulnerability exploitation or supply chain attacks.  However, there is a risk that continues to grow inside organisations, often without malicious intent, without visible alerts and without going through normal security processes.  That risk…

    Read More
    In GRC, the Most Dangerous Risk Is No Longer Non-Compliance. It Is False Compliance

    In GRC, the Most Dangerous Risk Is No Longer Non-Compliance. It Is False Compliance

    The problem is no longer the lack of policies or audits  One of the main concerns for organisations used to be failing to comply with regulatory requirements. Failing audits, lacking documented policies, or not meeting the expectations of customers and regulators was seen as…

    Read More

    NIS2 vs CRA vs DORA what each regulation really requires

    In recent years, the European Union has significantly strengthened its cybersecurity regulatory framework. NIS2, the Cyber Resilience Act (CRA) and DORA are often discussed together, which leads many organisations to treat them as equivalent.  They are not! Each of these regulations addresses different dimensions…

    Read More

    Vulnerability management: what it is and why it continues to fail in companies

    Vulnerability management is far from being a new problem, but even so, it continues to be one of the weakest points in most organisations.  There are numerous tools and alerts, but the number of exposed vulnerabilities continues to grow, and incidents continue to…

    Read More
    European cybersecurity regulation: what will change for businesses in the coming years

    European cybersecurity regulation: what will change for businesses in the coming years

    The European Union has been consolidating a regulatory approach that places digital security at the centre of economic activity. Initiatives such as the Cyber Resilience Act (CRA), the NIS2 Directive and the DORA Regulation do not emerge in isolation; they…

    Read More

    Partnership between Balwurk and Codacy

    We are proud to announce the recently formed partnership with Codacy, a global leader in Application Security and code quality. By combining their expertise, the two companies are dedicated to helping organizations establish trust in their software by taking a…

    Read More
    Cybersecurity in Portugal: many companies still confuse security with compliance

    Cybersecurity in Portugal: many companies still confuse security with compliance

    Portugal is not behind when it comes to cybersecurity. In recent years, the sector has shown progress and greater maturity in several areas, but even so, there is a common trait that runs across different organizations: the tendency to confuse…

    Read More
    Cybersecurity tools: why technology alone does not guarantee the protection of digital assets

    Cybersecurity tools: why technology alone does not guarantee the protection of digital assets

    Companies are increasingly investing in cybersecurity tools such as firewalls, antivirus solutions, EDR, SIEM and monitoring platforms, among other solutions, all of which are essential components of any digital ecosystem. However, it is important to keep in mind that technology,…

    Read More
    Pentesting vs. Red Team: what is the difference and when to choose each approach

    Pentesting vs. Red Team: what is the difference and when to choose each approach

    Although often associated, Pentesting and Red Teaming are distinct methodologies, with different objectives, scopes, and outcomes. The correct application of each can determine whether an organization merely identifies technical vulnerabilities or actually validates its ability to withstand real and persistent…

    Read More
    Balwurk launches framework to assess generative AI risk in enterprises

    How to assess the risk of adopting generative AI: Balwurk’s open framework

    Generative AI is rapidly becoming part of companies’ daily operations. While some organizations are naturally more cautious than others, almost all end up using it for reasons of productivity and task simplification. The problem is that, in many cases, this…

    Read More
    Pentesting: how to calculate the return on investment in cybersecurity

    Pentesting: how to calculate the return on investment in cybersecurity

    In the context of cybersecurity, a recurring question about Pentesting is: “Why execute a Pentest on a recurring basis?” At first glance, it may seem only like an additional expense or an obligation resulting from regulatory requirements. However, Pentesting stands…

    Read More