security & risk

With the proliferation of data and the ubiquity of connected devices, organizations can move with unmatched efficiency, but simultaneously incur increased risks. Read our insights on how security & risk professionals can succeed in this environment.

Insights

BLOG

Maintain Your Security Edge: Develop And Retain Cybersecurity Talent

Heidi Shey 12 hours ago
As an industry, we gripe about hiring and struggle with retention. My colleagues Jeff, Chase, and JB have written about how the cybersecurity staffing shortage is predominantly self-inflicted in hiring practices, while Stephanie and Claire have written about best practices for recruiting and retaining women in cybersecurity. What’s Next? Recruiting and hiring is one part […]
Read More
PODCAST

Let’s Reverse Cybersecurity’s Self-Inflicted Staffing Shortage

What It Means August 15, 2019
On this episode of What It Means, VP and Group Director Stephanie Balaouras and VP and Principal Analyst Jeff Pollard dissect the myths, misconceptions, and half-truths within the current cybersecurity staffing shortage — and discuss a more effective way for security and risk leaders to build a complete, qualified team.
Listen Now

Five Steps To Zero Trust Security

How to achieve and maintain Zero Trust.

BLOG

Broadcom Buys Symantec’s Enterprise Biz: Good News For Investors, Bad News For Enterprises

Merritt Maxim August 9, 2019
Yesterday, Broadcom announced a definitive deal to acquire the enterprise business of Symantec for $10.7 billion in cash. This deal caps weeks of speculation that Symantec was in play, initiated in May 2019 following the sudden resignation of Symantec CEO Greg Clarke in May and a downward revision to Symantec’s FY 2020 revenue guidance earlier […]
Read More
BLOG

Laud Your Whistleblowers Or Pay The Price

Alla Valente August 8, 2019
Companies that don’t take ethical behavior seriously face lasting brand damage, fines, and years of enforcement actions with ongoing lawsuits. However, companies that operate at a high moral and ethical level engender trust among their customers and are rewarded in profitability. So why aren’t more businesses identifying and investigating possible misdeeds before they become tomorrow’s […]
Read More
BLOG

Translating Security For Small Business

Chase Cunningham August 8, 2019
This week is Black Hat — the annual Hacker Summer Camp, as many folks call it. And this year is the first year in 14 years I haven’t been there. This year, I intentionally took an opportunity to punt on Hacker Summer Camp. Why? I had an invite to speak to a group of small-business […]
Read More
VIDEO

Zero Trust In Action

Chase Cunningham August 8, 2019

Watch Now
BLOG

Top Security Technology Trends In 2019: Transforming The Future Of Work In Security

Amy DeMartine August 7, 2019
Walk the show floor at any security event, and you will be inundated with a multitude of purportedly cutting-edge and disruptive security technologies. When every vendor claims that their solution is unique, and that no security program would be complete without it, how do you cut through the noise to pinpoint what you must pay […]
Read More

Zero Trust In Practice

The theory of Zero Trust was penned by Forrester almost a decade ago. Now, we help you put it in practice.

BLOG

Security & Risk 2019: Cybersecurity’s Staffing Shortage Is Self-Inflicted

Joseph Blankenship August 6, 2019
Current projections show that we will have nearly two million job vacancies in the security sector by 2022. However, this is a problem of our own making. Fixing this will require changes to the way we hire, train, and retain security pros.
Read More
BLOG

Recent HIPAA Settlements Highlight The Weaknesses In Healthcare Security

Christopher Sherman August 1, 2019
There are two big takeaways from recent HIPAA incidents.
Read More
BLOG

Making The Smart City Safe And Secure

Merritt Maxim July 22, 2019
Smart infrastructure intensifies the need for cities to adopt Zero Trust security strategy. Or else they run the risk of devastating ransomware attacks. Learn more.
Read More
BLOG

The Security Snapshot: Forrester Time Machine

Joseph Blankenship July 17, 2019
At Forrester, it is our goal to be ahead of the market trends so we can advise clients on what is to come and how they should prepare. Each year, we publish a series of predictions reports about what may be of primary concern for various roles over the course of the coming year. Rather […]
Read More
BLOG

The Rising Tide Of Ransomware Requires A Commitment To Best Practices

Josh Zelonis July 15, 2019
What’s interesting about ransomware is that it commoditizes an intrusion directly. There’s no sale of the data, so the valuation is based on loss — the value of the data and interrupted services to the victim organization and its constituents. I
Read More

Future-Proof Your Business With Zero Trust

Prioritize your next steps towards a Zero Trust strategy and architecture.

BLOG

Enterprise Meets Consumer Security: Exploring Approaches To Protect Employees At Home

Heidi Shey July 8, 2019
Does your organization have a strategy for protecting employees at home as a part of your overall cybersecurity program? Something that could include, but really goes to a place that is beyond, awareness training? If You Answered “No,” You’re Not Alone Employee privacy is a big reason why not. And yet, as the connected smart […]
Read More
BLOG

Uncovering The Enterprise Risks Posed By Consumer Connected Devices

Christopher Sherman July 8, 2019
Consumer connected devices are presenting increasingly attractive targets to cybercriminals, putting home networks and potentially enterprise assets at risk. In just the last two weeks, we’ve seen Samsung indicate that antimalware should be used on its “connected,” or smart, TVs (almost all TVs are connected these days — just try to find a nonconnected TV […]
Read More
BLOG

A Typical Day Of Analyst Life

Heidi Shey June 27, 2019
We’re hiring! Forrester’s security and risk research team is growing and currently has four open analyst positions: identity and access management, application security, security analytics, and Zero Trust. When I speak to candidates about the analyst role, they all ask one question that I find difficult to answer: “What’s a typical day like for an […]
Read More
BLOG

FORRward: A Weekly Read For Tech And Marketing Execs

Matthew Guarini June 24, 2019
CMOs Must Balance Technology And Creativity Spending Marketers are overfunding technology and underfunding creativity. Forrester forecasts that spending for adtech, martech, data, and analytics will grow between 9% and 11%, while spending for agencies will grow a mere 2.4%. Consequently, the experiences that marketers create are built on the same common technology platforms, solve the […]
Read More
BLOG

Security So Simple A 10-Year-Old Can Do It

Chase Cunningham June 12, 2019
It’s the summertime, and my daughters are home from school. During the day, this means it’s a constant struggle between them arguing about who is doing what or listening to them laugh at YouTube videos at the top of their lungs while I try to answer work calls as the dogs bark and fight inches […]
Read More
BLOG

The Security Snapshot: Summer Is Here, And Risks Are Heating Up

Stephanie Balaouras June 11, 2019
June is here, which means the start of beach days, barbecues, the longest day, and the beginning of summer! Not only is the weather getting warmer, but business and technology risks are also heating up. Our team’s research portfolio has also gotten a refresh: We released three highly anticipated Forrester Wave™ evaluations in the last […]
Read More
BLOG

Infosecurity Europe 2019: Incremental Evolution Rather Than Revolution

Paul McKay June 7, 2019
I have spent the last three days attending Infosecurity Europe 2019, the largest security trade show in the UK and Europe. As ever, before coming I have tried to predict the big theme or trends that CISOs should take note of. However, the show is very similar to last year, with incremental evolution of products […]
Read More
BLOG

Unconventional Wisdom: Explore Paying The Ransom In Parallel With Other Recovery Options

Josh Zelonis June 4, 2019
Your organization has just received ransom notices across your infrastructure, informing you of what you already fear. All your critical business data has been encrypted. You are angry that someone’s moved your cheese, and you don’t want to reward them for it. Your emotions are confirmed by advisors who give you the conventional advice: “Don’t […]
Read More
More posts