Sponsored Content by Brightspot

How to protect your content platform—and your business—from cyberattacks

Your CMS connects you with your readers, your employees and your partners. It’s the drumbeat of your organization. A compromised CMS, however, is a highly sought-after target for cyber criminals—and potentially a significant area of vulnerability for your business. 

Digital transformation efforts have been underway for decades, but over the last several years, businesses had to expedite their digitization journeys as they shifted from survival mode at the beginning of the pandemic to new remote and hybrid ways of working. This hybrid mode of communication and access continues today.

McKinsey called this expedition the “The Quickening”—where some businesses took a years-long roadmap and reduced execution to a few months in order to navigate the pandemic effectively. While this record-breaking agility in developing and implementing new technologies in the face of a fast-changing digital landscape should be celebrated, it also has been met with new challenges, including the rise in frequency and sophistication of cyberattacks.

From 2013 to 2022 there was an 800% increase in the number of DDoS attacks worldwide. One study says that Q1 2023 saw 47% more attacks than the same time period a year prior. Fast forward to today, hardly a week goes by without some new story reporting that tens of thousands of WordPress sites have been exposed to security vulnerabilities through a plugin breach or sites running outdated versions of Drupal have fallen prey to hackers coming in through the backdoor.

In short, organizations need to start planning for when they’ll be attacked, not if—and a key part of that planning process is to ensure they’re in lock-step within their own organization and with their partners and providers who play an important role in ensuring the security, safety and privacy of a business and its data. 

Your CMS is the heart of an important relationship—with your readers, your employees and your partners. A compromised CMS, however, is a gold mine for cyber criminals and a source of risk for your business.

What does this mean for content management systems, specifically? 

Digital transformation used to focus solely on products, applications and solutions, but organizations have been forced to evolve how they communicate as well—internally, with partners and vendors, and with customers. 

Having the right content management system is a crucial component in ensuring the right messages are shared at the right time and place. It’s at the center of your operations and is the heart of the relationship that you have with your employees (via an intranet) and your readers and viewers if you’re publishing news articles or other content. Your CMS represents your brand and is the vehicle you’re using to communicate with your intended audience. 

Because CMSs are an important piece in every organization’s tech stack and because of their potential reach with various large and engaged audiences, they’re also potential targets for attacks. 

Organizations with a media presence or those who deliver digital content across multiple channels are especially hot targets, as the implications and fallout of the attack can spread quickly—they’re not just compromising a single website, but potentially a platform hosting millions of users. 

According to TechNative, a CMS breach can threaten business continuity and bring even the largest corporations to their knees within hours, so building a strong and reliable underlying infrastructure on which to host your CMS has never been more important.

We know that businesses have multiple systems, channels and processes in play as they try to digitally transform, and that adding one more challenge to those efforts can feel daunting. So, let’s walk through some key considerations and security best practices together, so that you feel confident in your approach and can adjust as needed to ensure ultimate security for your organization.

Nearly 80% of senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks. This is despite increased IT security investments made in 2020 to deal with distributed IT and work-from-home challenges, according to an IDG Research Services survey commissioned by Insight Enterprises.

What are the different types of cyberattacks?

First, it’s important to be aware of the most common types of cyberattacks. 

“Ransomware,” “phishing” and “malware” are part of our everyday vernacular now. These are a few popular types of cyberattacks, but the approaches cyber criminals deploy are evolving as businesses continue to expand and use different platforms and channels of communicating. 

This isn’t only a concern over weak passwords; there’s simply more opportunity for cyber criminals to attack. 

The 3 most common types of attacks:

Denial of service: Prevents you from providing your service to clients or customers 

Defacement or corruption: Changes the appearance of your online properties and can be more difficult to identify quickly 

Data exfiltration: When the attacker takes and uses your data against you or negatively towards your clients or customers

What your organization can do to avoid an attack: Security hygiene + assessment checklist  

There are a few simple steps to take to ensure your CMS can and does comply with your company’s security best practices. The critical component here, however, is that everyone needs to abide by them. 

Password complexity: Ensure that your CMS is in compliance with your company’s policies and guidelines regarding password length, complexity and expiration.

Multi-factor authentication: Apply two-factor authentication for all access points to your CMS to create an additional firewall in the case of password infiltration among existing CMS users.

Integration with central identity management: Regularly maintain and monitor all users who have access to your CMS and audit levels of access and permissions via a centralized identity management database.

Integration with your security tools: Maintain your CMS security as you would any other software application, ensuring frequent backups of data, upgrading to the latest versions, and monitoring your systems for unusual activities and usage patterns.

Even before an actual attack or assessment of a potential threat, it’s important to follow these five steps to ensure the security of your CMS as a matter of routine protection.

Assessment checklist

  1. Review your CMS users and eliminate unnecessary ones. Likewise, review all the roles and permissions for users of your CMS throughout your organization. 

  2. Regularly monitor your websites and microsites to identify potential defacement.

  3. Regularly review all of your publishing changes made within the CMS to ensure they’re legitimate and expected.

  4. Establish a specific method for your employees to report issues they believe are suspicious; create a streamlined communication process for this.

  5. Have your security incident processes documented; this allows you to conduct a postmortem with your organization and vendors that helped you navigate the attack.

Finally, keep your organization trained and aware of what the cyber threats are today and hold regular training sessions to discuss what to watch for so they understand how these threats are evolving. 

This includes making sure everybody knows how to report something if (or more realistically, when) they see something suspicious. 

What you and your tech partners can do to avoid an attack: Defense-in-depth approach 

“Defense in depth” is a time-tested strategy that ensures you don’t have a single point of failure in your infrastructure by deploying distinct protocols at various layers. 

The more customization you can do within the platform to meet your organization’s security protocols, the better. And the right partner will have the tools and technology to integrate with and abide by your rules at different layers and levels. 

It’s key to partner with those that have their eye on multi-layered security to help protect against threats—and ensure they understand and agree to your approach to security as well. Asking key questions that drill down into their approach is an essential step here.

Vendor Due Diligence: Security Questions for Your Partner

Layer 1

  • Do you have a security program handbook or guide?
  • How do you respond when a customer reports a security vulnerability?
  • What’s your process during and after an attack?
  • What are you doing from a prevention standpoint?

Layer 2

  • What are you doing from a security standpoint at the code level?
  • What operational security components are included in your platform’s architecture?

Layer 3

  • Are you partnering with major cloud providers? What services are included through them?
  • What do your partners leverage in terms of security architecture and code? Do they have a due diligence process you’re familiar with?

Then, it’s important to make sure the best practices and approach that you’ve agreed to within your organization—and with your partners—is manageable

Oftentimes, businesses tend to make it too hard or prohibitive for their workforce to follow along and abide by security protocols and policies. 

For example, if you write a policy or a practice in a vacuum and put together a workflow to support it, and if that process is too difficult for people to manage in their day-to-day, they will go around it or find a shortcut. 

When people start going around your policies, you start losing the ability to manage them, and you start introducing additional risk in your system. It’s always important to not just make sure that you’re checking all the security boxes, but also watching the behavior of people who are using those processes, tools and systems. 

If you find they’re creating alternate paths around certain controls—fix the control to make it more friendly and attainable so everyone can more easily stay in compliance. 

In conclusion: Stay ahead of the threat with a content platform you can trust

Organizations can and must be proactive in the face of a cyberattack. They also must be prepared well before a disruptive and potentially devastating incident occurs.

To assist, modern CMSs like Brightspot ensure elasticity within your operations and allow you to be nimble and act swiftly during turbulent times, all backed by the support of Brightspot experts.

That’s why we have strong security defenses baked into our solutions as well as a dedicated support team available to provide guidance today—and in times of crisis.Don’t wait for cyber threats to strike. Set up a demo today and discover how Brightspot can fortify your digital resilience. If you know a developer who might be interested in trying out Brightspot, we can facilitate their trial request here.


This article is presented by TC Brand Studio. This is paid content, TechCrunch editorial was not involved in the development of this article. Reach out to learn more about partnering with TC Brand Studio.

More TechCrunch

The Appellate Court of Montenegro ruled on Thursday that Terraform Labs co-founder, Do Kwon, should be returned to his home country, South Korea. The ruling confirmed an earlier decision in…

Terraform Labs co-founder and crypto fugitive, Do Kwon, set for extradition to South Korea

A day after Meta CEO Mark Zuckerberg talked about his newest social media experiment Threads reaching “almost” 200 million users on the company’s Q2 2024 earnings call, the platform has…

Meta’s Threads crosses 200 million active users

TechCrunch Disrupt 2024 will be in San Francisco on October 28–30, and we’re already excited! Disrupt brings innovation for every stage of your startup journey, and we could not bring you this…

Connect with Google Cloud, Aerospace, Qualcomm and more at Disrupt 2024

The tech layoff wave is still going strong in 2024. Following significant workforce reductions in 2022 and 2023, this year has already seen 60,000 job cuts across 254 companies, according…

A comprehensive list of 2024 tech layoffs

Intel announced it would layoff more than 15% of its staff, or 15,000 employees, in a memo to employees on Thursday. The massive headcount is part of a large plan…

Intel to lay off 15,000 employees

Following the recent lawsuit filed by the Recording Industry Association of America (RIAA) against music generation startups Udio and Suno, Suno admitted in a court filing on Thursday that it did, in…

AI music startup Suno claims training model on copyrighted music is ‘fair use’

In spite of a drop for the quarter, iPhone remained Apple’s most important category by a wide margin.

iPad sales help bail out Apple amid a continued iPhone slide

Molly Alter wears a lot of hats. She’s a mocumentary filmmaker working on a project about an alternate reality where charades is big business. She’s a caesar salad connoisseur and…

How filming a cappella concerts and dance recitals led Northzone’s newest partner Molly Alter to a career in VC

Microsoft has a long and tangled history with OpenAI, having invested a reported $13 billion in the ChatGPT maker as part of a long-term partnership. As part of the deal,…

Microsoft now lists OpenAI as a competitor in AI and search

The San Jose-based startup raised $60 million in a round that values it lower than the $500 million valuation it garnered in its most recent round, according to multiple sources.

Sequoia-backed Knowde raises Series C at a valuation cut

Self-driving technology company Aurora Innovation is looking to raise hundreds of millions in additional capital as it races toward a driverless commercial launch by the end of 2024.  Aurora is…

Self-driving truck startup Aurora Innovation to sell up to $420M in shares ahead of commercial launch

X (formerly Twitter) can no longer be accessed in the Mac App Store, suggesting that it has been officially delisted.  Searches for both “Twitter” and “X” on Apple’s platform no…

Twitter disappears from Mac App Store

Google Thursday said that it is introducing new Gemini-powered features for Chrome’s desktop version, including Lens for desktop, tab compare for shopping assistance, and natural language integration for search history.…

Google brings Gemini-powered search history and Lens to Chrome desktop

When Xiaoyin Qu was growing up in China, she was obsessed with learning how to build paper airplanes that could do flips in the air. Her parents, though, didn’t have…

Heeyo built an AI chatbot to be a billion kids’ interactive tutor and friend

While the company was awarded a massive, $4.2 billion contract to accelerate Starliner development in 2014, it was structured as a “fixed-price” model.

Boeing bleeds another $125M on Starliner program, bringing total losses to $1.6B

Welcome back to TechCrunch Mobility — your central hub for news and insights on the future of transportation. Sign up here for free — just click TechCrunch Mobility! Summer road…

Anthony Levandowski bets on off-road autonomy, Nuro plots a comeback and Applied Intuition gets more investor love

Google’s new features include Gemini in BigQuery and Looker to help users with data engineering and analysis.

Google Cloud expands its database portfolio with new AI capabilities

Rad Power Bikes, the Seattle-based e-bike startup that has raised more than $300 million from investors, went through another round of layoffs in July, TechCrunch has exclusively learned. This is…

VC darling Rad Power Bikes hit with another round of layoffs

Five years ago, as robotaxis and self-driving truck startups were still raking in millions in venture capital, Anthony Levandowski turned to off-road autonomy. Now, that decision — which brought the…

Why Anthony Levandowski returned to his off-road autonomous vehicle roots with AV startup Pronto

Commercial space station company Vast is building a private microgravity research lab as part of its wider Haven-1 station plans. The module is set to launch no earlier than the…

Vast plans microgravity lab on its Haven-1 private space station

Google Cloud is giving Y Combinator startups access to a dedicated, subsidized cluster of Nvidia graphics processing units and Google tensor processing units to build AI models. It’s part of…

Google Cloud now has a dedicated cluster of Nvidia GPUs for Y Combinator startups

Open source compliance and security platform FOSSA has acquired developer community platform StackShare, the company confirmed to TechCrunch.  StackShare is one of the more popular platforms for developers to discuss,…

Open source startup FOSSA is buying StackShare, a site used by 1.5M developers

Ola Electric and FirstCry are set to test investor appetite with public listing, both pricing their shares below their previous valuation asks.

Indian startups gut valuations ahead of IPO push

The European Union’s risk-based regulation for applications of artificial intelligence has come into force starting from today.

The EU’s AI Act is now in force

The company also said it has received regulatory clearance to start Phase 2 clinical trials for a new drug in the U.S. later this year.

Healx, an AI-enabled drug discovery platform for rare diseases, raises $47M

The European Commission (EC) has given the go-ahead to HPE’s planned megabucks acquisition of Juniper Networks.

EU greenlights HPE’s $14B Juniper Networks acquisition

Meta, which develops one of the biggest foundational open source large language models, Llama, believes it will need significantly more computing power to train models in the future. Mark Zuckerberg…

Zuckerberg says Meta will need 10x more computing power to train Llama 4 than Llama 3

Axle Energy is a B2B, back-end infrastructure business focused on connecting flexible assets, such as electric vehicles and home batteries, to energy markets that aren’t otherwise available for consumers to…

Axle Energy’s sprint to decarbonize the grid lights up with $9M seed led by Accel

OpenAI CEO Sam Altman says that OpenAI is working with the U.S. AI Safety Institute, a federal government body that aims to assess and address risks in AI platforms, on…

OpenAI pledges to give U.S. AI Safety Institute early access to its next model

WhatsApp’s massive 500 million users in India have supercharged Meta’s AI ambitions. Meta CFO Susan Li said Wednesday that India is the largest market in terms of Meta AI usage,…

Meta says India is the largest market for Meta AI usage