security & risk

With the proliferation of data and the ubiquity of connected devices, organizations can move with unmatched efficiency, but simultaneously incur increased risks. Read our insights on how security & risk professionals can succeed in this environment.

Insights

BLOG

S&R Confessional: The Time I Almost Got Hacked

Jeff Pollard 2 days ago
I’m continuing the trend my colleague Josh Zelonis started last year during Cybersecurity Awareness Month to share a few stories of the time I almost got hacked. It can — and does — happen to everyone, including folks that should know better. Blaming users for mistakes becomes a trap far too many of us security […]
Read More
BLOG

FORRward: A Weekly Read For Tech And Marketing Execs

Brigitte Majewski 2 days ago
The California Attorney General just Published CCPA rules, and they're clear as mud.
Read More

Five Steps To Zero Trust Security

How to achieve and maintain Zero Trust.

BLOG

Meet Your New Identity And Access Management Research Analyst

Sean Ryan October 8, 2019
As of September, I’m the new identity and access management (IAM) analyst on Forrester’s security and risk research team. I am grateful to have joined a very talented group of analysts at a company that is fun, intellectually stimulating, and committed to high-quality, objective research. In my role, I will be taking over some of […]
Read More
BLOG

Do’s And Don’ts For Analyst Interactions

Chase Cunningham October 7, 2019
Having just been through an onslaught of work related to the Forrester Wave™ evaluation on Zero Trust eXtended ecosystem platform providers, I think that it’s worthwhile to put some guidance out there that might help folks as they interact with analysts (well, me, mainly, but maybe it will help with others, as well). And a […]
Read More
BLOG

FORRward: A Weekly Read For Tech And Marketing Execs

Brigitte Majewski October 7, 2019
Cybersecurity Awareness Month Is Underway Executives consider cyberattacks the second leading global risk to doing business, per the World Economic Forum’s 2019 Global Risks Report. The US Senate passed a law to help firms suffering from ransomware attacks, and the NSA launched a new Cybersecurity Directorate. With a flurry of activity already underway, it’s going […]
Read More
BLOG

Unfortunately, Awareness Alone Won’t Do It: Successful Phishing Defense Requires A Layered Approach

Joseph Blankenship October 2, 2019
Training alone can’t protect your organization from a phishing attack. Learn how a layered approach that combines technical controls and user education can.
Read More
BLOG

Adventures In New And Evolving Coverage: Threat Detection And Response

Josh Zelonis October 1, 2019
Every once in a while, something happens that leaves you walking away feeling like you got away with murder. Today, I get to share with you one of my latest exploits. My coverage here at Forrester for the past 3-plus years has been vulnerability management, threat intelligence, detection technologies, and incident response. While each of […]
Read More

Zero Trust In Practice

The theory of Zero Trust was penned by Forrester almost a decade ago. Now, we help you put it in practice.

BLOG

Three Critical Metrics You Should Expect From A Vulnerability Risk Management Solution

Josh Zelonis September 26, 2019
Many vulnerability risk management (VRM) solutions are limited and fail to provide meaningful metrics about the health of your VRM program. One example is the use of counting metrics such as the number of vulnerabilities identified in your organization. Counting stats don’t have any real value because they fail to provide context. These vulnerabilities could […]
Read More
BLOG

FORRward: A Weekly Read For Tech And Marketing Execs

Brigitte Majewski September 23, 2019
IBM Reduces Rising Risks As Data Flows Between Partners With New Hybrid Cloud Data Protection Last week, IBM unveiled a new solution — IBM z15 — that provides data privacy passports and helps clients manage who gets access to data via policy-based controls. As Forrester’s security research has shown, one of the biggest risks in […]
Read More
BLOG

Non-Public 5G Networks Will Be A Critical Building Block Of Your Enterprise Network Strategy

Dan Bieler September 6, 2019
Non-public 5G networks promise better privacy, data security, compliance, and cellular network performance; they also offer safer and more private features for dedicated user groups.
Read More
BLOG

FORRward: A Weekly Read For Tech And Marketing Execs

Brigitte Majewski September 4, 2019
An Oklahoma court ordered Johnson & Johnson to pay $571M for involvement in “false, misleading, and dangerous marketing campaigns” that contributed to the state’s opioid crisis. Here’s both a risk and brand perspective on why business leaders should care. J&J Shares Recover — But Its Reputation May Not Our Security & Risk Analysts Alla Valente […]
Read More
BLOG

J&J Shares Recover Amid $571M Fine, But Its Reputation May Never Recoup

Renee Murphy September 3, 2019
Last week, an Oklahoma court ordered Johnson & Johnson to pay $571 million for involvement in “false, misleading, and dangerous marketing campaigns” that contributed to the opioid addiction crisis in the state. This case is interesting for a couple of reasons: 1) It’s the first ruling in the US to hold a drug manufacturer accountable […]
Read More
BLOG

Insider Threat Gets Its Own National Awareness Month

Joseph Blankenship September 3, 2019
The US National Counterintelligence and Security Center has deemed September to be National Insider Threat Awareness Month to increase awareness about insider threats. 2019 is the first year that we’ll be acknowledging insider threat during the month of September. Insider threat, particularly threats posed by malicious insiders, certainly deserves our attention. In 2018, Forrester survey respondents […]
Read More
BLOG

How To Guarantee A New Generation Of Failure

Chase Cunningham August 28, 2019
It’s back-to-school time, hurray! After the crazy nonstop shenanigans of the summer and having kids at home all day, it’s a bit like being paroled and finally seeing the sun again to have some quiet and be able to actually think. With school kicking off, I was surprised, nay, enthused, to see a course for […]
Read More
BLOG

Security & Risk 2019: Peering Into The Crystal Ball — Security Edition

Jeff Pollard August 27, 2019
Gaze deeply into our security & risk crystal ball: We see cybersecurity professionals succeeding and growing. We also see some hard work ahead. Learn more.
Read More
BLOG

Maintain Your Security Edge: Develop And Retain Cybersecurity Talent

Heidi Shey August 21, 2019
Cybersecurity talent is scarce. Developing and retaining current employees can help you maintain your edge and defray expensive recruiting costs. Learn more.
Read More
PODCAST

Let’s Reverse Cybersecurity’s Self-Inflicted Staffing Shortage

What It Means August 15, 2019
On this episode of What It Means, VP and Group Director Stephanie Balaouras and VP and Principal Analyst Jeff Pollard dissect the myths, misconceptions, and half-truths within the current cybersecurity staffing shortage — and discuss a more effective way for security and risk leaders to build a complete, qualified team.
Listen Now
BLOG

Broadcom Buys Symantec’s Enterprise Biz: Good News For Investors, Bad News For Enterprises

Merritt Maxim August 9, 2019
Yesterday, Broadcom announced a definitive deal to acquire the enterprise business of Symantec for $10.7 billion in cash. This deal caps weeks of speculation that Symantec was in play, initiated in May 2019 following the sudden resignation of Symantec CEO Greg Clarke in May and a downward revision to Symantec’s FY 2020 revenue guidance earlier […]
Read More
BLOG

Laud Your Whistleblowers Or Pay The Price

Alla Valente August 8, 2019
It's time to reconsider the whistleblower. It's in companies' best interests to know about and fix ethical missteps before they turn into full-blown scandals.
Read More
BLOG

Translating Security For Small Business

Chase Cunningham August 8, 2019
This week is Black Hat — the annual Hacker Summer Camp, as many folks call it. And this year is the first year in 14 years I haven’t been there. This year, I intentionally took an opportunity to punt on Hacker Summer Camp. Why? I had an invite to speak to a group of small-business […]
Read More
More posts