cybersecurity

On this episode of What It Means, VP and Group Director Stephanie Balaouras and VP and Principal Analyst Jeff Pollard dissect the myths, misconceptions, and half-truths within the current cybersecurity staffing shortage — and discuss a more effective way for security and risk leaders to build a complete, qualified team.

Walk the show floor at any security event, and you will be inundated with a multitude of purportedly cutting-edge and disruptive security technologies. When every vendor claims that their solution is unique, and that no security program would be complete without it, how do you cut through the noise to pinpoint what you must pay […]

Current projections show that we will have nearly two million job vacancies in the security sector by 2022. However, this is a problem of our own making. Fixing this will require changes to the way we hire, train, and retain security pros.

Cybersecurity risk rating solutions are a polarizing topic for security leaders. We meet promoters and detractors in roughly equal measure in the customers that we speak to. Positive client sentiment cites the ability to continuously monitor their third parties, and the simplicity of the quantifiable risk score is popular. Security leaders tell us it is […]

It has taken me 15 months and a LOT of travel, listening, and talking to feel confident enough to write this research for APAC. APAC is a unique region in its cultural, geographic, regulatory, security maturity, and economic diversity. Writing anything APAC-related (at least for me) meant that I needed to understand the region with […]

Does your organization have a strategy for protecting employees at home as a part of your overall cybersecurity program? Something that could include, but really goes to a place that is beyond, awareness training? If You Answered “No,” You’re Not Alone Employee privacy is a big reason why not. And yet, as the connected smart […]

We’re hiring! Forrester’s security and risk research team is growing and currently has four open analyst positions: identity and access management, application security, security analytics, and Zero Trust. When I speak to candidates about the analyst role, they all ask one question that I find difficult to answer: “What’s a typical day like for an […]

Security and risk leaders consistently rank compliance with global privacy regulations as one of their top three challenges. To help them, Forrester periodically updates our map of global privacy rights and regulations. We released our 2019 version today. This year, we included 61 countries, adding Kuwait, the Philippines, Qatar, Saudi Arabia, Sri Lanka, the United […]

Sorting through the smoke and mirrors surrounding the dark web to deliver the truth about what it is, what it does, and what it means.

Your organization has just received ransom notices across your infrastructure, informing you of what you already fear. All your critical business data has been encrypted. You are angry that someone’s moved your cheese, and you don’t want to reward them for it. Your emotions are confirmed by advisors who give you the conventional advice: “Don’t […]

In late March, Marsh announced the launch of a program with a number of leading cyberinsurance firms including Allianz, AXA, Beazley, XL, and Zurich to evaluate cybersecurity products and services. Products that meet a minimum standard of criteria receive the designation of “Cyber Catalyst” for their effectiveness in reducing cyber risk. The intent is for […]

Today we released our 2019 security & risk recommendations report. We collected contributions from our colleagues across the Forrester security & risk team to identify the most important actions security leaders should take in 2019. Turns out, things are getting better for S&R pros, but challenges still remain. Security leaders have earned board-level visibility, privacy […]

Motherboard and Kaspersky unveiled that hackers compromised a server of computer manufacturer ASUS’s live software update tool to install a malicious backdoor on thousands of computers. The malicious file was able to masquerade as an authentic software update as it was signed with legitimate ASUS digital certificates. The manufacturer unwittingly pushed out the backdoor to […]

Microsoft has announced support for macOS in its rebranded Microsoft Defender ATP product, taking this product from being an offering that could be considered an add-on for hardening its own operating system to a multiplatform security solution. While this is an early release, it is a clear signal of the investment Microsoft is making to […]

The tagline for this year’s RSA Conference was “Better.” According to Forrester VP and Group Director Laura Koetzle, this tagline is apt. Cybersecurity is a jigsaw puzzle still in its box: All the tech pieces are there, but forging the right configurations and strategies remains a to-do for most.

CISOs in Asia Pacific must justify their spending and articulate the business value of often expensive investments in managed security to a largely non-security audience of executives. Currently, this is nearly impossible: Many managed security service providers (MSSPs) continue to go to market with messaging that is technology-centric and blind to the benefits they provide […]

I recently did a webinar with a few of my colleagues from the RSA Conference Advisory Board on precisely this topic, which you can find here. We tried to expose as much as we could of the fantastic variety that you’ll find at RSA Conference 2019. Here’s a further elaboration of one of my favorite […]

With no Brexit deal signed, European CISOs should be ready to face chaos. Here are five key concerns CISOs must consider and prepare for.