Jeff Pollard

Today we released our 2019 security & risk recommendations report. We collected contributions from our colleagues across the Forrester security & risk team to identify the most important actions security leaders should take in 2019. Turns out, things are getting better for S&R pros, but challenges still remain. Security leaders have earned board-level visibility, privacy […]

Another Friday, Another Breach Announcement Today, Marriott announced that it uncovered four-plus years of a previously unknown, unexpected, and unauthorized data breach that includes travel details, passport numbers, and credit card data. Five hundred million customers found out this morning when Marriott announced a multiyear breach dating back to 2014. Longstanding defects in Starwood’s database and network […]

“Everything Is An Endpoint” Brings BlackBerry Back From The Dead For many, the fact that BlackBerry still exists — and the fact that it spent $1.4 billion of the $2.4 billion in capital it had — is the most surprising part of the Cylance acquisition. BlackBerry hasn’t shirked its mythological status as the case study of what […]

When salacious tales of Cambridge Analytica’s activities emerged in 2018, we thought the company was finished. The many on-air discussions of illegal activities, law enforcement warrants, legal action threats from partners, and questionable ethics appeared to doom it. We then saw multiple suspensions and resignations, and on May 2, Cambridge Analytica announced it would file […]

During every Forrester Wave™ evaluation I conduct, I spend time sifting through vendor responses, data, client surveys, and reference interviews and develop an outline of recurring themes — the good, the bad, the new, the old, etc. After the Wave goes live, I collect all of that information, bundle it together, and produce a “Lessons” […]

What An Interesting Start To The Year I didn’t expect the year to kick off with it raining iguanas in Florida, a gas pumping crisis in Oregon, or the discovery and release of two massive CPU flaws that affected many of the computers we live and work with every day. It appears 2018 has started […]

Announcing Our New Security & Risk Staffing Survey! Information security is one of the hottest fields around. Data abounds about how awesome it is to work in infosec, how many jobs are available, and how much money can be made. That all sounds great, except it’s pretty hard to find great research on what it’s […]

The B2B Breach Trifecta: Equifax, SEC, and Deloitte As rumors emerged this morning about a compromise of consulting firm Deloitte, this becomes the third breach announced in just a few short weeks of organizations that share a similar profile: Each one is primarily – or exclusively – a B2B organization. There are some questions worth […]

Our reaction to the Equifax breach was similar to what we imagine many people went through. First, we wanted to know if we were affected. Second, what about our spouse and other immediate family members? Third, better keep an eye on the old credit report or initiate a credit freeze. Since Forrester offers credit monitoring […]

I summarized RSA 2017 in the following way: It’s a bit like the supermarket; you’ll make far healthier choices if you stick to the outer aisles. Well, Las Vegas B-Sides, Black Hat, and DefCon are taking place this week, and since these events differ in tone, audience, and participants, I’ve updated my advice: We’ve gone […]

The security industry has an accountability crisis. It’s time to talk about it, then fix it. Whenever a massive cyber attack occurs inevitably a chorus of voices rises to blame the victims. WannaCry on 5/12 and Petya on 6/27 yet again kicked off the familiar refrains of: “If users didn’t click on stuff they shouldn’t….” […]

5/12/2017 might be another day of cyber-infamy based on malware as hospitals and critical infrastructure providers are locked out of their machines due to what appears to be a new variant of ransomware dubbed WannaCry spreading through corporate networks. Like the ransomware outbreaks in mid-2016 here in the US, NHS hospitals are experiencing patient care […]

The summary of the new Executive Order is a bit of a letdown: Government agencies must complete a risk management report within 90 days. The risk report should align with NIST. Outside of those with a risk fetish, this new EO probably isn’t that exciting from the perspective of any near-term cybersecurity transformation. That said, […]

Merritt Maxim and I just published our research on the IoT Attack Surface. This report gives a realistic, but not sensationalized, view of how enterprises need to think about IoT. Three factors motivated our research for this topic – attacks on IoT will transcend the digital-physical divide, the sheer scale of IoT will challenge security […]

"The most important security alerts we see." That’s how one customer described the importance of Automated Malware Analysis technologies in their security workflow. After months of demonstrations, reference calls, and analysis we are thrilled that The Forrester Wave™: Automated Malware Analysis, Q2 2016 is live! Many clients we talked to used multiple vendors to analyze […]