security & risk

Diplomatic networks carry some of the world’s most sensitive information: communications between world leaders, key technical intellectual property, trade strategies, and military plans. A recent report by antiphishing vendor Area 1 Security reveals that a three-year-long cyberattack led to the successful breach of the European Union’s diplomatic communications network. By focusing on the cybersecurity of the […]

The business risks associated with global climate change are enormously complex and nearly infinite in quantity. Your firm’s climate-related risks, however, are much more manageable (albeit complex and numerous, as well). No two organizations are exposed in exactly the same way. Rising temperatures, sea-level rise, and more frequent and severe extreme weather events have already […]

In my previous blog post on the MITRE ATT&CK evaluations, I developed a scale for rating the individual vendor evaluations and provided source code to help make the results more generally consumable. Since publishing this blog, I’ve been having a number of conversations with clients about the “tainted” modifier in the recent MITRE ATT&CK evaluations, […]

I’ve been extremely excited about the MITRE ATT&CK evaluation since it decided to open it up to vendors earlier this year. The endpoint detection and response (EDR) market represents the direction of endpoint security, yet the state of endpoint efficacy testing has been underwhelming. • Antimalware testing has become a standard part of the endpoint […]

Another Friday, Another Breach Announcement Today, Marriott announced that it uncovered four-plus years of a previously unknown, unexpected, and unauthorized data breach that includes travel details, passport numbers, and credit card data. Five hundred million customers found out this morning when Marriott announced a multiyear breach dating back to 2014. Longstanding defects in Starwood’s database and network […]

I published my first Forrester Wave™ today, covering the managed security services provider (MSSP) market in Europe. The culmination of four months of hard work by not just us but all the vendors involved, this is to my knowledge our first analysis focused on the needs of the European market for MSSPs. Here are some […]

“Everything Is An Endpoint” Brings BlackBerry Back From The Dead For many, the fact that BlackBerry still exists — and the fact that it spent $1.4 billion of the $2.4 billion in capital it had — is the most surprising part of the Cylance acquisition. BlackBerry hasn’t shirked its mythological status as the case study of what […]

We just wrapped up five months of in-depth research focused on providing some clarity into what technologies from which vendors actually enable Zero Trust (not just talk about it). It didn’t take long to discern those among the vendor community that really embraced the strategic benefits of Zero Trust — and those that seemed to just […]

The Forrester New Wave™: Cybersecurity Risk Ratings, Q4 2018 Earlier today, we published “The Forrester New Wave™: Cybersecurity Risk Ratings, Q4 2018” evaluation. We take a close look at the nine most important vendors in this rising market, reviewing their current capabilities, customer references, and strategic road maps. This includes vendor profiles, with our analysis and buyer […]

Today, my team published Forrester’s predictions for the cybersecurity industry in 2019. We listed five key trends that we think will impact the industry over the next 12 months. Here is my take on how three of these trends will play out in the European cybersecurity market: Economic espionage in Europe will increase due to […]

In late 2016, IBM announced the availability of its full-scale cyber range at the Cambridge, MA headquarters of its security division. With two shifts per day and currently booked out six to eight months, it’s been a huge success for the division. The range isn’t just about training security incident response analysts; it’s a full […]

It may not seem like it yet, but climate change is altering the world so drastically that all enterprises will need to undergo a transformation to avoid going extinct. Earlier this week, the UN’s Intergovernmental Panel on Climate Change (IPCC) reported (with high confidence) that at the rate we’re going, global warming of 1.5°C is likely […]

I received a text message the other day that looked a lot like what I might get from my bank if I triggered some antifraud check. The timing was impeccable; I had just used the card to pay for takeout and had walked out to my motorcycle to head home. When I initially got the […]

Facebook Loses More User Data (This Time Unintentionally) Facebook announced that it experienced a breach this week that lost 50 million users’ data. Ironically, the breach happened in part due to exploited bugs in three features developed to give users more control over their privacy. Some quick key lessons to take away from this breach: […]

Security is one of those words that is associated with hackers, reputational failures, and fear, uncertainty, and doubt. I disagree: Security, when done properly, can be one of the biggest investments you make. It is crucial to building customer trust and safeguarding digital investments. Furthermore, responding well to a breach can enhance shareholder value and […]

I have done a few exercises on implementing Zero Trust and Zero Trust eXtended (ZTX) in enterprises. The impetus behind these exercises from a strategy standpoint is that the participating organizations have leaders that are Forrester clients and had read, or at least breezed through, the research that has been published on the topic of […]

I have done a few exercises on implementing Zero Trust and Zero Trust eXtended (ZTX) in enterprises. The impetus behind these exercises from a strategy standpoint is that the participating organizations have leaders that are Forrester clients and had read, or at least breezed through, the research that has been published on the topic of […]

Who knew that failed data governance would be the thing to turn the privacy world on its ear? When the Facebook/Cambridge Analytica scandal broke . . . and then got worse, consumers and politicians alike finally seemed to understand that the data economy had gotten away from us all. As a result, 2018 has forever […]

Well, it’s happening! My first Forrester report was published this week. (Forrester clients can access here.) The topic? Cybersecurity transformation, of course! It’s what I have lived and breathed for the last 3.5 years. I have also engaged peer CISOs doing terrific work transforming their firms’ security function and capabilities — I’ve always had a passion […]