security & risk

I have spent the last three days attending Infosecurity Europe 2019, the largest security trade show in the UK and Europe. As ever, before coming I have tried to predict the big theme or trends that CISOs should take note of. However, the show is very similar to last year, with incremental evolution of products […]

Your organization has just received ransom notices across your infrastructure, informing you of what you already fear. All your critical business data has been encrypted. You are angry that someone’s moved your cheese, and you don’t want to reward them for it. Your emotions are confirmed by advisors who give you the conventional advice: “Don’t […]

I have recently released a new report looking at the second phase of the Payment Services Directive (PSD2) and its security requirements along with my colleagues Jacob Morgan and Andras Cser. Banks and financial institutions are currently hard at work building APIs and testing their Strong Customer Authentication (SCA) solutions. Banks need to comply with […]

Buzzwords are the bane of my existence! As a former SaaS tech marketer, I’ve used my fair share. Since joining Forrester a month ago as an analyst on the security and risk team, one of the buzzwords I’m hearing most is “RegTech.” RegTech isn’t just hype. Forrester defines RegTech as the technology-enabled transformation of the […]

Success in the communications services sector is indeed a capricious piece of cheese. As new technologies mature, the distinction between technology, media, and telecommunications industries blur. Navigating this space to sustain growth and competitive edge is no easy task for the CxO.

CVS Health announced that it would not work with agencies who have tobacco or e-cigarette clients. Read our analysis of the move and why agencies should expect more companies to make these kinds of moves in the future.

In the last few years, biometric technologies from fingerprint to facial recognition are increasingly being leveraged by consumers for a wide range of use cases, ranging from payments to checking luggage at an airport or boarding a plane. While these technologies often simplify the user authentication experience, they also introduce new privacy challenges around the […]

Over the Easter weekend, we released a new research report looking at implementing Zero Trust in Europe. When we started, we knew that a one-size-fits-all approach would not work in Europe. In addition, general awareness of the Zero Trust security model is much lower in Europe than in the US. Unheard of 12 months ago […]

Over the past few years, drones have transitioned from military-only applications into a strategic asset that is transforming a range of industries such as construction, real estate, insurance, and agriculture. Yet while drones introduce a range of use cases, the growth of drones also represents a new physical threat that demands the attention of security […]

Sixty-four percent of global security decision makers recognize that improving their threat intelligence capabilities is a high or critical priority. Nevertheless, companies across many industries fail to develop a strategy for achieving this. Among the many reasons why organizations struggle to develop a threat intelligence capability, two stand out: Developing a mature threat intelligence program […]

Beware the fallacy of composition. Josh Zelonis breaks down common misconceptions about what MITRE ATT&CK can and can’t tell you.

Since RSA this year, the drumbeat of Zero Trust across the market has continued to grow louder. Almost daily, the inquiries and conversations around Zero Trust and ZTX are coming in at an ever-increasing rate. That’s a good thing. In truth, most of the inquiries are from end user clients now, vice the vendor side […]

Consumer data misuse has lit up the headlines and eroded trust. From the ashes of these corporate scandals will rise a new industry: the anti-surveillance economy. Read what this means for companies that monetize consumer data.

At the start of the new year, a meme called the 10-Year Challenge went viral. The premise is simple: Post a photo of yourself in 2009 and a photo of yourself in 2019 to highlight certain changes that may have taken place in that time. Besides the security concerns of social media sites potentially mining […]

In late March, Marsh announced the launch of a program with a number of leading cyberinsurance firms including Allianz, AXA, Beazley, XL, and Zurich to evaluate cybersecurity products and services. Products that meet a minimum standard of criteria receive the designation of “Cyber Catalyst” for their effectiveness in reducing cyber risk. The intent is for […]

Today we released our 2019 security & risk recommendations report. We collected contributions from our colleagues across the Forrester security & risk team to identify the most important actions security leaders should take in 2019. Turns out, things are getting better for S&R pros, but challenges still remain. Security leaders have earned board-level visibility, privacy […]

Our framework solves the architectural and operational issues with Zero Trust — namely, how to get started and how to sustain a Zero Trust approach.

Microsoft has announced support for macOS in its rebranded Microsoft Defender ATP product, taking this product from being an offering that could be considered an add-on for hardening its own operating system to a multiplatform security solution. While this is an early release, it is a clear signal of the investment Microsoft is making to […]

CISOs in Asia Pacific must justify their spending and articulate the business value of often expensive investments in managed security to a largely non-security audience of executives. Currently, this is nearly impossible: Many managed security service providers (MSSPs) continue to go to market with messaging that is technology-centric and blind to the benefits they provide […]