Jeff Pollard
Principal Analyst
Author Insights
BLOG
Marriott Breach: Starwood Hacker Gains Access To 500 Million Customer Records
Another Friday, Another Breach Announcement Today, Marriott announced that it uncovered four-plus years of a previously unknown, unexpected, and unauthorized data breach that includes travel details, passport numbers, and credit card data. Five hundred million customers found out this morning when Marriott announced a multiyear breach dating back to 2014. Longstanding defects in Starwood’s database and network […]
Read More
BLOG
The Fight For Cybersecurity Brand Dominance Intensifies
“Everything Is An Endpoint” Brings BlackBerry Back From The Dead For many, the fact that BlackBerry still exists — and the fact that it spent $1.4 billion of the $2.4 billion in capital it had — is the most surprising part of the Cylance acquisition. BlackBerry hasn’t shirked its mythological status as the case study of what […]
Read More
BLOG
Early Horror Stories Of The Data Economy
When salacious tales of Cambridge Analytica’s activities emerged in 2018, we thought the company was finished. The many on-air discussions of illegal activities, law enforcement warrants, legal action threats from partners, and questionable ethics appeared to doom it. We then saw multiple suspensions and resignations, and on May 2, Cambridge Analytica announced it would file […]
Read More
BLOG
The Buyer’s Guide To Cybersecurity Services
During every Forrester Wave™ evaluation I conduct, I spend time sifting through vendor responses, data, client surveys, and reference interviews and develop an outline of recurring themes — the good, the bad, the new, the old, etc. After the Wave goes live, I collect all of that information, bundle it together, and produce a “Lessons” […]
Read More
BLOG
Kicking Off The New Year With A MELTDOWN
What An Interesting Start To The Year I didn’t expect the year to kick off with it raining iguanas in Florida, a gas pumping crisis in Oregon, or the discovery and release of two massive CPU flaws that affected many of the computers we live and work with every day. It appears 2018 has started […]
Read More
BLOG
Inside Infosec Teams
Announcing Our New Security & Risk Staffing Survey! Information security is one of the hottest fields around. Data abounds about how awesome it is to work in infosec, how many jobs are available, and how much money can be made. That all sounds great, except it’s pretty hard to find great research on what it’s […]
Read More
BLOG
The B2B Breach Trifecta: Equifax, SEC, and Deloitte
The B2B Breach Trifecta: Equifax, SEC, and Deloitte As rumors emerged this morning about a compromise of consulting firm Deloitte, this becomes the third breach announced in just a few short weeks of organizations that share a similar profile: Each one is primarily – or exclusively – a B2B organization. There are some questions worth […]
Read More
BLOG
Equifax Does More Than Credit Scores
Our reaction to the Equifax breach was similar to what we imagine many people went through. First, we wanted to know if we were affected. Second, what about our spouse and other immediate family members? Third, better keep an eye on the old credit report or initiate a credit freeze. Since Forrester offers credit monitoring […]
Read More
BLOG
Applying Our Research To Black Hat 2017
I summarized RSA 2017 in the following way: It’s a bit like the supermarket; you’ll make far healthier choices if you stick to the outer aisles. Well, Las Vegas B-Sides, Black Hat, and DefCon are taking place this week, and since these events differ in tone, audience, and participants, I’ve updated my advice: We’ve gone […]
Read More
BLOG
Victim Blaming Won’t Stop Global Ransomware Attacks
The security industry has an accountability crisis. It’s time to talk about it, then fix it. Whenever a massive cyber attack occurs inevitably a chorus of voices rises to blame the victims. WannaCry on 5/12 and Petya on 6/27 yet again kicked off the familiar refrains of: “If users didn’t click on stuff they shouldn’t….” […]
Read More
BLOG
Massive Ransomware Outbreak Highlights Need For A Digital Extortion Decision Tree
5/12/2017 might be another day of cyber-infamy based on malware as hospitals and critical infrastructure providers are locked out of their machines due to what appears to be a new variant of ransomware dubbed WannaCry spreading through corporate networks. Like the ransomware outbreaks in mid-2016 here in the US, NHS hospitals are experiencing patient care […]
Read More
BLOG
NIST Is Jealous That PCI (Still) Matters More Than It Does
The summary of the new Executive Order is a bit of a letdown: Government agencies must complete a risk management report within 90 days. The risk report should align with NIST. Outside of those with a risk fetish, this new EO probably isn’t that exciting from the perspective of any near-term cybersecurity transformation. That said, […]
Read More
BLOG
Exploring The IoT Attack Surface
Merritt Maxim and I just published our research on the IoT Attack Surface. This report gives a realistic, but not sensationalized, view of how enterprises need to think about IoT. Three factors motivated our research for this topic – attacks on IoT will transcend the digital-physical divide, the sheer scale of IoT will challenge security […]
Read More
BLOG
Automated Malware Analysis Technologies Central To Defense Strategies
"The most important security alerts we see." That’s how one customer described the importance of Automated Malware Analysis technologies in their security workflow. After months of demonstrations, reference calls, and analysis we are thrilled that The Forrester Wave™: Automated Malware Analysis, Q2 2016 is live! Many clients we talked to used multiple vendors to analyze […]
Read More