security & risk

With the proliferation of data and the ubiquity of connected devices, organizations can move with unmatched efficiency, but simultaneously incur increased risks. Read our insights on how security & risk professionals can succeed in this environment.

Insights

BLOG

Retailers, Prepare Wisely: DDoS Remains A Holiday Threat

David Holmes November 26, 2019
A distributed denial of service attack can turn a retailer's holiday season from merry to miserable. Learn how to protect yourself.
Read More
BLOG

BC And DR Pros, We Need Your Help!

Naveen Chhabra November 22, 2019
Each year, Forrester Research and the Disaster Recovery Journal (DRJ) team up to launch a study examining the state of business resiliency. Each year, we focus on a resiliency domain: IT disaster recovery (DR), business continuity (BC), or overall enterprise risk management (ERM). The studies provide BC pros, DR pros, and other risk managers an […]
Read More

Five Steps To Zero Trust Security

How to achieve and maintain Zero Trust.

BLOG

Enterprise Security Vendors Need An Infusion Of Open Source Culture

Stephanie Balaouras November 21, 2019
Forrester VP and Group Director Stephanie Balaouras reviews the infusion of an open source development mentality in IBM Security and the impact on the broader security ecosystem.
Read More
BLOG

Enterprises Need Plans For Both Climate Sustainability And Adaptation

Stephanie Balaouras November 12, 2019
Discover why sustainability and climate adaptation planning aren’t the same, and why your firm needs both to succeed.
Read More
BLOG

Integrated Risk Management: What Is It?

Renee Murphy November 8, 2019
I am often asked, “Renee, what is integrated risk management (IRM), and how is it different from GRC?” You are neither misinformed nor are you horribly confused. We have been on a seven-year journey together maturing governance, risk management, and compliance (GRC) programs to eventually give you the process, program, and data to get to […]
Read More
BLOG

Research Announcement: The Forrester Wave™: European Cybersecurity Consulting Providers, Q4 2019

Paul McKay October 31, 2019
Today, my inaugural evaluation of the European consulting services provider market published, as I write this blog from the city of Barcelona. Along with “The Forrester Wave™: Cybersecurity Consulting Services In Asia Pacific, Q4 2019,” which published yesterday (see here), this marks the first time that we have explicitly assessed the European security consulting services […]
Read More
BLOG

Retailers, Don’t Let Grinchy Bots Ruin Your Holiday Season

Sandy Carielli October 31, 2019
Bot traffic can eat into profits and sabotage customer experiences. Learn how to play defense.
Read More

Zero Trust In Practice

The theory of Zero Trust was penned by Forrester almost a decade ago. Now, we help you put it in practice.

BLOG

Extending Cybersecurity Awareness Of The Third-Party Ecosystem

Alla Valente October 29, 2019
This year’s NCSAM theme of “Own IT. Secure IT. Protect IT.” is a powerful call to action for ownership and accountability. However, many heeding this call won’t think about how it also extends to the vast and growing network of third-party relationships. Why? For most organizations, third parties complicate cybersecurity risk management.
Read More
BLOG

Two-Factor Authentication (2FA) Or Multifactor Authentication (MFA)? That Is The Question

Sean Ryan October 29, 2019
We, as security practitioners, need to be mindful about what we mean when we say “2FA” or “MFA.” These terms are often used interchangeably. The confusion is understandable, since 2FA is a subset of MFA. However, just like Halloween candy, MFA (including 2FA) comes in many flavors. Let’s unpack these terms and consider the various […]
Read More
BLOG

The Dark Side Of Tech: Don’t Let Security Be An Enabler For Abuse

Heidi Shey October 28, 2019
Are you a tech optimist? I generally tend to be. Yet as I read about new technology, I sometimes find myself thinking, “This is amazing! And terrifying.” As we approach the end of cybersecurity Awareness Month, I’d like to draw attention to the issue of technology-facilitated abuse. Abusers Use Technology To Control And Hold Power […]
Read More
BLOG

Ransomware: The Nightmare Before Cyber Monday

Josh Zelonis October 22, 2019
Cybersecurity needs to be part of every retailer's holiday strategy. Learn how to protect against one particularly menacing threat.
Read More
BLOG

Demystifying The Information Sharing Alphabet Soup

Josh Zelonis October 21, 2019
Cyberthreat intelligence (CTI) is an overcrowded space that is overdue for contraction. In general, we see it filled with smaller vendors with founders who come from an intel background, got enough funding to land a Fortune 100 client (not exclusively, mind you), and have put their logo into every pitch deck they use when going […]
Read More
BLOG

Browser-Based Attacks, Our Customers, And Us

Sandy Carielli October 21, 2019
Browser based attacks are particularly frustrating because they directly affect your customers. Learn what attackers are doing and how to minimize the risk.
Read More
BLOG

Five Key Resources For Cybersecurity Awareness Month

David Holmes October 17, 2019
Get five new resources for cybersecurity threat management in your enterprise.
Read More
BLOG

S&R Confessional: The Time I Almost Got Hacked

Jeff Pollard October 15, 2019
Even cybersecurity experts can get fooled. Read this cautionary tale of a time when a security and risk expert almost got hacked.
Read More
BLOG

FORRward: A Weekly Read For Tech And Marketing Execs

Brigitte Majewski October 15, 2019
The California Attorney General just Published CCPA rules, and they're clear as mud.
Read More
BLOG

Meet Your New Identity And Access Management Research Analyst

Sean Ryan October 8, 2019
As of September, I’m the new identity and access management (IAM) analyst on Forrester’s security and risk research team. I am grateful to have joined a very talented group of analysts at a company that is fun, intellectually stimulating, and committed to high-quality, objective research. In my role, I will be taking over some of […]
Read More
BLOG

Do’s And Don’ts For Analyst Interactions

Chase Cunningham October 7, 2019
Having just been through an onslaught of work related to the Forrester Wave™ evaluation on Zero Trust eXtended ecosystem platform providers, I think that it’s worthwhile to put some guidance out there that might help folks as they interact with analysts (well, me, mainly, but maybe it will help with others, as well). And a […]
Read More
BLOG

FORRward: A Weekly Read For Tech And Marketing Execs

Brigitte Majewski October 7, 2019
Cybersecurity Awareness Month Is Underway Executives consider cyberattacks the second leading global risk to doing business, per the World Economic Forum’s 2019 Global Risks Report. The US Senate passed a law to help firms suffering from ransomware attacks, and the NSA launched a new Cybersecurity Directorate. With a flurry of activity already underway, it’s going […]
Read More
BLOG

Unfortunately, Awareness Alone Won’t Do It: Successful Phishing Defense Requires A Layered Approach

Joseph Blankenship October 2, 2019
Training alone can’t protect your organization from a phishing attack. Learn how a layered approach that combines technical controls and user education can.
Read More
More posts