Cybersecurity Trends

I’m very excited to announce my latest research, “Best Practices: Successfully Influencing Employee Cybersecurity Behavior” — Forrester clients can access it here. Excited may not be the right word exactly, as this report was born out of the disappointment I started feeling when hearing of security leaders and teams implementing disciplinary sanctions for employees who […]

I am thrilled to announce the release of our latest Now Tech: Cybersecurity Consulting Services In Asia Pacific, Q3 2021. This report (available to Forrester clients) showcases Forrester’s overview of 24 cybersecurity consulting providers in Asia Pacific. Our clients leverage these insights to understand the diverse set of vendors by size, capability, geography, and vertical […]

As new generations enter the workforce, your security strategy needs to meet their needs as well. Get tips on how to strike the right balance in this blog post.

There is no executive role that better aligns with the trust imperative than the CISO. Find out why and how it may impact your organization directly.

Written with Zaklina Ber, senior research associate, Forrester Forrester analyzed the career backgrounds of 168 chief information security officers (CISOs) with public profiles who are working for major organizations in Europe with listings in the highest stock market indexes in the UK (FTSE 100), France (CAC 40), Germany (DAX 30), Italy (FTSE MIB), Spain (IBEX […]

What’s driving the increase in ransomware attacks, and what can security leaders do to protect their organizations? Analysts Allie Mellen and Steve Turner provide insight in this episode.

Over the past year, breaches such as SolarWinds and Kaseya have woken us up to the realities of software supply chain risk. Whether through infiltrating the software delivery pipeline, deliberately uploading malicious components to popular repositories, or taking advantage of existing vulnerabilities in open source components, attackers are leveraging gaps in supply chain controls to […]

There’s a culture crisis in the IT security field that could be putting firms at risk. Learn about the causes and cures of a toxic security culture from Principal Analyst Jinan Budge in this episode of What It Means.

Learn about the origin, architecture, and applications of extended detection and response (XDR) from analyst Allie Mellen.

Christmas came early for three vendors in the threat intelligence and attack surface management space this past week. In a reported all-cash $500 million deal (no need for layaway when your market cap is north of $2 trillion), Microsoft acquired threat intelligence and attack surface management vendor RiskIQ. In Europe, Swedish vulnerability risk management firm […]

The Space Tech Industry Is Looking Up The new space race is truly underway following Richard Branson’s monumental first passenger trip to space, beating Jeff Bezos’ Blue Origin passenger flight by more than a week. The Virgin Galactic’s VSS Unity spacecraft did not pass the so-called Karman line, unlike Jeff Bezos’ plans. It did, however, […]

The week of June 28 was a big one (not in a good way) for showcasing the persistence and depth of harassment and exclusion for women in cybersecurity. Those on infosec social media were flooded with bikini selfies protesting the harassment that a woman received for posting her own bikini selfie. Men and women took […]

The first half of 2021 has been anything but quiet for cyber insurance. Forrester has seen a steady flow of client inquiries on the topic, with questions coming in not just from the private sector but also from the public sector. Some are trying to navigate acquiring a cyber insurance policy for the first time, […]

With ransomware continuing as a high-impact problem (with seemingly no end in sight), we’ve put together some useful ransomware resources for security practitioners. Security and risk (S&R) pros can use these resources to help prevent, protect, detect, and respond to ransomware outbreaks. The links below are a mixture of Forrester’s own research and third-party links. […]

Revenge Of The SaaS: Mandiant Dumps FEYE In a cybersecurity divorce that had fewer leading indicators than the dissolution of Kim and Kanye, Mandiant has finally untangled itself from FireEye (FEYE) by selling the product portion of the firm to Symphony Technology Group (STG) for $1.2 billion. FireEye’s history as the most “almost acquired vendor” […]

On the heels of the Executive Order on Improving the Nation’s Cybersecurity signed by the President after a ransomware attack forced the shutdown of Colonial Pipeline, the Department of Homeland Security’s Transportation Security Administration (TSA), the agency responsible for overseeing pipeline security, on May 27, 2021, has announced its own Security Directive of new cybersecurity […]

Earlier this week, an op-ed published on The Hill sent information security (infosec) Twitter into a tizzy by blaming cybersecurity industry best practices for recent high-profile security breaches. For the security team at Forrester, the op-ed furthered a number of security myths that we felt compelled to bust here. Myth #1: The Best Infosec Pros […]

Forrester's security team sifts through the details of the new executive order on cybersecurity and looks forward at its long-term impact.

While automated malware analysis and network intrusion detection systems remained in our Divest category, three more technologies joined them this year: data loss prevention, managed security service providers, and security user behavior analytics. Why is this? Because these stand-alone technologies simply don’t cut it anymore. This isn’t to say these solutions are dead, mind you. No, they live on in within larger, more comprehensive solutions.