security risk management

While the economic downturn is in its early stages, it looks as though the hypergrowth phase of the cybersecurity vendor party has reached an abrupt end.

The fact is, no business can stop every breach. So is it time to shift to a “post-breach” resilience strategy? Analyst Allie Mellen thinks so. This week, she discusses the best — and worst — security practices from various global regions.

Microsoft recently announced Defender Vulnerability Management is available in a 120-day public preview as as a standalone, endpoint detection and response (EDR)-agnostic option. Defender for Endpoint Plan 2 customers have the option to purchase new add-on capabilities, while Defender for Endpoint Plan 1 customers will need to purchase the full standalone version. This release is […]

The web application firewall market has evolved. Read this quick overview of the landscape.

Our highly anticipated Forrester Decisions service for Security & Risk is now available in Asia Pacific.

The bot management market has matured considerably over the past few years. Two years ago, many vendors spoke primarily to the security persona, only the top vendors offered machine learning and layered detections, and response options were more limited. With the release of The Forrester Wave™: Bot Management, Q2 2022, we see a market that […]

The Coppola classic has a few surprising parallels with today's chief information security officer.

On Tuesday, March 22, 2022, identity-as-a-service (IDaaS) provider Okta announced that it had detected an attempt to compromise the account of a partner in January 2022. The announcement came after the hacking group Lapsus$ posted screenshots of a computer used by one of Okta’s third-party customer support engineers. As one of the largest IDaaS providers with […]

A fragmented regulatory environment and the rapid transition to digital commerce have spurred several enterprise fraud management (EFM) trends in Asia Pacific. Forrester sees that: Digital commerce drives promotion fraud. Flourishing digital commerce significantly changes consumer behavior, and companies are focusing their marketing spending on online campaigns and promotions. Fraudsters are increasingly taking advantage of […]

The security awareness and training (SA&T) market has been stagnant for so long, with the last major disruption as far as I can tell being the introduction of phishing simulations about a decade or so ago. Since then, the industry seems to have seen a slow and steady evolution from ticking boxes to meet a […]

Mandiant trades up from FireEye and finds a home within Google Cloud Platform.

Forrester predicts that in 2022, one in 10 experienced security pros will exit the industry. This brain drain is the result of a few dynamics colliding: poor financial and advancement incentives; general stress and burnout impacting security teams; and cybersecurity’s dirty little secret, workplace toxicity! And cybersecurity isn’t immune to the hidden epidemic impacting women’s ability […]

Risk management leaders in Europe and worldwide are already being impacted by the war in Ukraine and the sanctions imposed on Russian and Belarusian actors. Forrester analysts provide their guidance in this post.

Learn which IT service providers have substantial operations in Belarus, Russia, or Ukraine and what steps you should take if you rely on them for services today.

As of July 31, 2021, the FBI’s Internet Crime Complaint Center saw a 62% increase in reported ransomware incidents compared with the same time frame in 2020. Intrusions in environments spanned various types of infrastructure, with 35% exploiting software vulnerabilities and 32% using supply chains and third parties to obtain unauthorized access, per Forrester data. […]

The average firm’s list of business and risk management priorities looks very different today than it did two years ago. What’s changed? For starters, according to Forrester data, 43% of enterprise risk management (ERM) decision-makers report having experienced three or more discrete critical risk events over the past 12 months. The same group reveals that […]

Ask any CISO to articulate the ROI of their firm’s cybersecurity investment — or, worse yet — to defend an increase to the security budget, and you’re likely to get anything from a threat heat map to a 5×5 grid to a list of the latest threats with a flowchart of how the firm is […]

As I watched the December 2021 Log4j situation unfold (and it continues … ), the importance of IT asset visibility couldn’t have been clearer. So many security and IT teams struggle to maintain much-needed visibility into an increasingly complex and distributed IT environment because so much of an organization’s estate is unknown or undiscovered due […]

Beyond the immediate response issues, the Log4j vulnerability poses longer-term risk management and community considerations.