security & risk

On this episode of What It Means, VP and Group Director Stephanie Balaouras and VP and Principal Analyst Jeff Pollard dissect the myths, misconceptions, and half-truths within the current cybersecurity staffing shortage — and discuss a more effective way for security and risk leaders to build a complete, qualified team.

Yesterday, Broadcom announced a definitive deal to acquire the enterprise business of Symantec for $10.7 billion in cash. This deal caps weeks of speculation that Symantec was in play, initiated in May 2019 following the sudden resignation of Symantec CEO Greg Clarke in May and a downward revision to Symantec’s FY 2020 revenue guidance earlier […]

Companies that don’t take ethical behavior seriously face lasting brand damage, fines, and years of enforcement actions with ongoing lawsuits. However, companies that operate at a high moral and ethical level engender trust among their customers and are rewarded in profitability. So why aren’t more businesses identifying and investigating possible misdeeds before they become tomorrow’s […]

This week is Black Hat — the annual Hacker Summer Camp, as many folks call it. And this year is the first year in 14 years I haven’t been there. This year, I intentionally took an opportunity to punt on Hacker Summer Camp. Why? I had an invite to speak to a group of small-business […]

Walk the show floor at any security event, and you will be inundated with a multitude of purportedly cutting-edge and disruptive security technologies. When every vendor claims that their solution is unique, and that no security program would be complete without it, how do you cut through the noise to pinpoint what you must pay […]

Current projections show that we will have nearly two million job vacancies in the security sector by 2022. However, this is a problem of our own making. Fixing this will require changes to the way we hire, train, and retain security pros.

There are two big takeaways from recent HIPAA incidents.

Smart infrastructure intensifies the need for cities to adopt Zero Trust security strategy. Or else they run the risk of devastating ransomware attacks. Learn more.

At Forrester, it is our goal to be ahead of the market trends so we can advise clients on what is to come and how they should prepare. Each year, we publish a series of predictions reports about what may be of primary concern for various roles over the course of the coming year. Rather […]

What’s interesting about ransomware is that it commoditizes an intrusion directly. There’s no sale of the data, so the valuation is based on loss — the value of the data and interrupted services to the victim organization and its constituents. I

Does your organization have a strategy for protecting employees at home as a part of your overall cybersecurity program? Something that could include, but really goes to a place that is beyond, awareness training? If You Answered “No,” You’re Not Alone Employee privacy is a big reason why not. And yet, as the connected smart […]

Consumer connected devices are presenting increasingly attractive targets to cybercriminals, putting home networks and potentially enterprise assets at risk. In just the last two weeks, we’ve seen Samsung indicate that antimalware should be used on its “connected,” or smart, TVs (almost all TVs are connected these days — just try to find a nonconnected TV […]

We’re hiring! Forrester’s security and risk research team is growing and currently has four open analyst positions: identity and access management, application security, security analytics, and Zero Trust. When I speak to candidates about the analyst role, they all ask one question that I find difficult to answer: “What’s a typical day like for an […]

CMOs Must Balance Technology And Creativity Spending Marketers are overfunding technology and underfunding creativity. Forrester forecasts that spending for adtech, martech, data, and analytics will grow between 9% and 11%, while spending for agencies will grow a mere 2.4%. Consequently, the experiences that marketers create are built on the same common technology platforms, solve the […]

It’s the summertime, and my daughters are home from school. During the day, this means it’s a constant struggle between them arguing about who is doing what or listening to them laugh at YouTube videos at the top of their lungs while I try to answer work calls as the dogs bark and fight inches […]

June is here, which means the start of beach days, barbecues, the longest day, and the beginning of summer! Not only is the weather getting warmer, but business and technology risks are also heating up. Our team’s research portfolio has also gotten a refresh: We released three highly anticipated Forrester Wave™ evaluations in the last […]

I have spent the last three days attending Infosecurity Europe 2019, the largest security trade show in the UK and Europe. As ever, before coming I have tried to predict the big theme or trends that CISOs should take note of. However, the show is very similar to last year, with incremental evolution of products […]

Your organization has just received ransom notices across your infrastructure, informing you of what you already fear. All your critical business data has been encrypted. You are angry that someone’s moved your cheese, and you don’t want to reward them for it. Your emotions are confirmed by advisors who give you the conventional advice: “Don’t […]