Amy DeMartine

Just over a year after the global pandemic began, Earth Day is upon us again. The reason this year feels different is because it is. Empowered consumers demand sustainability transformation, and a record number of brands have responded in a big way by announcing net-zero or carbon-neutral commitments, establishing targets to reduce greenhouse gas emissions […]

Jump scares are those crazy moments in films, video games, horror films, or haunted attractions that are usually preceded by a quiet moment and have you involuntarily jumping. You are responding to a rush of adrenaline. Here’s an unexpected one in the movie “The Lord of the Rings: The Fellowship of the Ring,” where scary […]

The COVID-19 pandemic unequivocally changed how employers think the workforce could and should look like. As firms have been growing more acclimated to the “new normal,” insider threats, breaches, and employee unrest are on the rise. You need to know which security vendors fit your needs and which strategies to take. As we head into month […]

Each year, Forrester Research and the Disaster Recovery Journal team up to launch a study examining the state of business resiliency. We focus on a different, rotating resiliency domain each year: IT disaster recovery, business continuity, or overall enterprise risk management. As is fitting for 2020, this is the year of business continuity! In this […]

From the Intel-McAfee deal to the Sony Pictures breach, VP and Principal Analyst Jeff Pollard reviews the past decade’s cybersecurity highlights and lowlights.

“Life starts all over again when it gets crisp in the fall.” — F. Scott Fitzgerald, “The Great Gatsby” Fall is officially upon us. Leaves are piling up in our yards, and there is a chill in the air. As everyone digs their sweaters and jackets out of the back of their wardrobes, think about […]

Walk the show floor at any security event, and you will be inundated with a multitude of purportedly cutting-edge and disruptive security technologies. When every vendor claims that their solution is unique, and that no security program would be complete without it, how do you cut through the noise to pinpoint what you must pay […]

Each year at our Privacy & Security Forums, we run a session called “Hackers Versus Executives.” In this session, we ask a hacker to cause mayhem and then stop at different points in the attack to ask executives what their responses are. This year, we attacked applications, including containerized and serverless applications. Two months ago, […]

Next year, the biggest challenges to the cybersecurity industry will come from outside forces. In 2019, geopolitical trends will reintroduce old enemies and escalate issues of cyberespionage and sabotage. As criminals follow the money — as they are wont to do — they will use emerging technologies to go after commerce in a BIG way. […]

This blog post is part of Forrester’s Holiday 2018 retail series. By now, you have laid out plans for your holiday sales season in hopes of exceeding customer expectations and sales targets. This includes updates to your websites and mobile apps, reward programs for your loyal customers, and adjustments to ads and sale prices as the […]

Facebook Loses More User Data (This Time Unintentionally) Facebook announced that it experienced a breach this week that lost 50 million users’ data. Ironically, the breach happened in part due to exploited bugs in three features developed to give users more control over their privacy. Some quick key lessons to take away from this breach: […]

Bad Bots Are Affecting Your Company More Than You Might Think Every online customer touchpoint — including websites, mobile apps, and APIs — is being attacked by bots. What are these bad bots doing? Interrupting good customer traffic, committing fraud, and stealing information — just ad fraud alone is set to exceed $3.3 billion in 2018! If all […]

Changing Of The Guard: RASP Is Gradually Killing WAF In last year’s “Vendor Landscape: Runtime Application Self-Protection,” I noted that eventually runtime application self-protection (RASP) would take over web application firewall (WAF) as the best way to combat web app attacks. They have deeper knowledge than WAFs of the applications that they protect, and they […]

Data breaches are now so common – and so large – that we measure them in percentage of worldwide internet users. Although Equifax doesn’t even make it into the top 5 at 4.08% of the approximately 3.5 billion internet users, news of it rocked citizens of the US when announced. The Equifax breach has unique […]

Static Application Security Testing (SAST) has gained renewed popularity as pre-release security testing takes advantage of continuous integration automation early in the software delivery life cycle (SDLC). Because SAST does not require running code; it can be integrated into development tools such as IDEs to give developers information about how to remediate a security weakness, […]

We live in time where your car can order your morning latte from Starbucks, and Alexa can order your dinner from Domino’s. Early-stage intelligent agents, also called virtual assistants or digital agents, are shoring up customers’ relationships with their favorite brands. These technologies get to know the habits of the end user and automate tasks […]

Every fall Forrester’s Security & Risk team comes together to make a set of predictions on the issues that will have the greatest impact on our clients in the next year. We don’t make broad, Nostradamus-like predictions like “There will be a breach at a large company in a great city.”  Instead, we go out […]

Source: http://cdn.arstechnica.nethttps://go.forrester.com/wp-content/uploads/2014/12/arstechnica-20141205-rough011.jpg I used to think that security and risk (S&R) pros were a little paranoid by nature as if it was part of their DNA.  In my past when I was working on developing applications, my only real interaction with S&R pros was an email with a report listing lots of potential vulnerabilities right […]

I’ve been doing a lot of thinking about ITIL and whether or not it is fit for purpose for DevOps.  The logic I keep hearing goes like this – you shouldn't confuse the ITIL approach with the implementation; the ITIL approach is building blocks; these building blocks are easily applied to DevOps.  I’m not convinced.  […]