Alla Valente

As renowned ghost hunter and solver of mysteries Scooby-Doo would say, “Ruh roh, Raggy!” It looks like more than ghosts are wreaking havoc on haunted networks. We’re less than a full week into October, and Cybersecurity Awareness Month isn’t quite taking shape the way we expected. Ostensibly, orgs decided to pivot and use this time […]

The Facebook ecosystem outage should remind advertisers to have proactive risk mitigation plans in place.

Winston Churchill said it best — “Never let a good crisis go to waste” — and governance, risk, and compliance (GRC) vendors have heeded the advice not once but twice. In 2002, after the Sarbanes-Oxley Act intended to protect investors from fraudulent accounting activities by corporations, vendors turned GRC technologies into a Maslow’s hammer of […]

Healthcare data is low-hanging fruit for hackers. Learn how adopting a Zero Trust strategy can help keep your data safe.

The week of June 28 was a big one (not in a good way) for showcasing the persistence and depth of harassment and exclusion for women in cybersecurity. Those on infosec social media were flooded with bikini selfies protesting the harassment that a woman received for posting her own bikini selfie. Men and women took […]

The first half of 2021 has been anything but quiet for cyber insurance. Forrester has seen a steady flow of client inquiries on the topic, with questions coming in not just from the private sector but also from the public sector. Some are trying to navigate acquiring a cyber insurance policy for the first time, […]

We warn users not to click on suspicious emails and not to open emails from untrusted senders to prevent users from being phished. Sender identity is one of the filtering mechanisms in email security solutions. But what happens when a trusted sender’s email account is compromised and an attacker uses that access to send emails […]

On the heels of the Executive Order on Improving the Nation’s Cybersecurity signed by the President after a ransomware attack forced the shutdown of Colonial Pipeline, the Department of Homeland Security’s Transportation Security Administration (TSA), the agency responsible for overseeing pipeline security, on May 27, 2021, has announced its own Security Directive of new cybersecurity […]

Businesses always need to adapt their operations to changing circumstances, and the pandemic has only exacerbated the need to rethink risk management strategies. COVID-19 has simultaneously highlighted the necessity of risk management and exposed the gaps that exist in many governance, risk, and compliance (GRC) programs today. The pandemic also accelerated digital strategy and transformation […]

We all need a bit of whimsy in our lives. This is not just an excuse for a whimsical blog post, though there is that. Whimsy and laughter build bridges. And in the security world, where empathy is a critical resource, whimsy can be a first and recurring step in connecting with the teams outside […]

The cybersecurity risk ratings (CSR) market is a bit like Marmite or SPAM (the pork product in a can, not the unwelcome emails) — some customers love it, others hate it. We see examples of both extremes in our customer interactions, interviews, and research on this market. Our responsibility as analysts is to highlight where […]

Struggling to define where GRC ends and IAM begins? Get a clear breakdown of how the two functions should work together in a broader risk management strategy.

2020 taught us that we underestimate the role of the supply chain until we're inconvenienced. It also taught us that supply chain risk is business risk.

(Written with Benjamin Corey, senior research associate at Forrester) Telehealth (virtual care) usage has skyrocketed during the pandemic. When you roll back the tape a few months, healthcare providers were able to (very quickly) stand up virtual care capabilities without having to go through the intensive HIPAA compliance protocols required in the healthcare industry. Some […]

The size and scope of SolarWinds as an IT software provider and the nature of the breach announced on December 13 rocked the IT and security world — rightfully so. We’ve provided immediate, actionable advice for security and risk pros and IT leaders in our report here. While security leaders guide their companies to respond, […]

Larry Ellison proves that customer acquisition cost (CAC) is no barrier in Oracle’s conquest to expand its cloud credibility and market share. The announcement is murky at the moment, but the particulars indicate that Oracle and ByteDance will enter into a technology partnership to host the US operations of TikTok. This allows TikTok to escape […]

What CISOs can learn from the case against Uber's former chief security officer.

Firms have been outsourcing systems, business processes, and data processing activities to third-party service providers (TSPs) for years, but they are only one category of relationships that introduce risk into the enterprise. Now, firms are more dependent than ever on the vast network of third-party relationships, from vendors and suppliers to digital marketing agencies and […]

How Poor Pandemic Management Destroys A Brand As the rest of the UK started emerging from lockdown, the city of Leicester saw local restrictions reimposed due to a second wave of infections. Leicester’s garment factories, many of which are suppliers to UK-based online fashion retailer boohoo, were identified as the most likely cause of the new outbreak. An investigation into employee conditions found that factory workers were forced to work without any social […]