Cybersecurity Trends
Stay up-to-date on the cutting edge of cybersecurity with insights on Zero Trust, vendors, regulations, and other privacy & security topics.
Insights
Blog
Call It What You Want, Cyber Risk Quantification Is Now A Must
What do Live Nation’s Taylor Swift ticketing debacle and cyber risk have in common? Bad assumptions. Whether you confidently believe that you can anticipate record ticket demand or believe that your payment processing infrastructure is secure enough to handle it, that belief is based on an assumption, and that assumption is based on the past […]
Blog
Vehicle Security: Making Sure K.I.T.T. Doesn’t Become K.A.R.R.
We ended 2022 with the announcement of a vulnerability within SiriusXM Connected Vehicle Services, which has a broad impact because of the ubiquity of these units. In 2023 the vehicle-related software vulnerabilities just keep on coming, this time within API endpoints used by vehicles’ telematics systems, an issue with a wide impact across 16 different […]
Prepare Your Infrastructure For 2023 Change
Get our Predictions 2023 guide to explore the infrastructure shifts driving transformation and resiliency.
Blog
Groundhog Day, SEC Style: Proposed Rule On Cybersecurity Risk Governance Has All The Pain Of SOX With Fewer Financial Penalties
There’s a significant shift ahead for how public firms and their boards treat cybersecurity risk. The last two years increased the amount of cybersecurity oversight in terms of regulations and guidelines. Voluntary “recommendations” such as the National Institute of Standards and Technology’s guidelines for AI offer a starting point for safer use of artificial intelligence, […]
Blog
How CISOs Can Navigate The 2023 Downturn
CISOs must use this period of austerity to reinforce security as a core competency that drives growth and protects revenue.
Blog
Cybersecurity Risk Dashboards: No Value, Extreme Liability
Over the last 12 months, “risk dashboards” became all the rage in cybersecurity, with varied titles such as “risk index,” “security baseline,” “security posture,” and “risk posture.” These dashboards appear in a vendor’s user interface and purport to help security programs improve. Some even offer coveted “benchmark data” that leaders can share with boards and […]
Blog
ChatGPT: Cybersecurity Ramifications Beyond Malware
Plenty of people had fun with ChatGPT when it released, but I’m not sure any industry had more fun than cybersecurity. When first released, it turned out that ChatGPT could write code, convert code from one programming language to another, and write malware. Sure, the coherent nonsense problem persisted, but overall, it produced solid stuff. […]
Blog
External Attack Surface Management Finds Assets That Your Org Can’t See
The External Attack Surface Management Landscape, Q1 2023 is now available! Forrester clients can view the report to dive deeper into the benefits of EASM and key functionalities to assess when selecting an EASM vendor. As Jess Burn and I finalized this report, we couldn’t help but think that organizations that are blind to what’s […]
Shape Your 2023 Cybersecurity Priorities For Uncertain Times
Join us for a planning webinar to learn how you can budget and align your 2023 cybersecurity plans for what’s ahead.
Blog
The Many Resources (And Acronyms) You Must Know To Prioritize Vulnerability Remediations
Building a robust vulnerability risk strategy takes input from multiple resources. More importantly, it requires input on factors specific to your company.
Blog
Leadership: Don’t Make It Harder Than It Is — Perspectives From A Former CISO/CSO
I’m kicking off my blog series, “Perspectives From A Former CISO,” with my thoughts on leadership. The series will pull from my experiences as a CISO and those of my peers. To be clear, I don’t purport to have the all the answers but did learn a thing to two during my tenure leading teams […]
Blog
My 2022 Airing Of Grievances And Feats Of Strength
In the spirit of Festivus, I’m airing my grievances and demonstrating my feats of strength. I don’t know about you, but I didn’t enter 2022 with a full tank. I started the year by joining the hordes of people revenge-travelling/shopping/connecting/renovating (I know!). It’s no wonder I feel utterly exhausted. It’s also no wonder that I […]
Blog
Deciphering Apple’s Recently Announced Data Protection Features
Earlier this month, Apple announced several important new data protection features for general availability in 2023 that have numerous implications for security teams in all industries and geographies. Here is the Forrester security and risk team’s collective analysis of these new features. Quick Summary The announcement is not particularly noteworthy in terms of the newly […]
Blog
Enterprise Firewalls: The Security Tech That Keeps On Ticking
Learn the three approaches enterprise firewall vendors are taking to work around a shortage of network security techs.
Blog
’Tis The Season To Highlight Our Favorite 2022 S&R Research
It’s December, the year is almost over, and most of us will be taking the next week off, so what better way to wrap up 2022 than with a review of some of our favorite security and risk (S&R) reports from this year? I teamed up with Senior Research Associate Alexis Tatro to highlight her […]
Blog
Announcing The Forrester Wave™: Security Analytics Platforms, Q4 2022
The security analytics platform market is moving faster than it has in years, as demonstrated by these Wave results. Though Splunk still has a tight grip on the segment, competitors are finding opportunities to loosen its hold by addressing continued dissatisfaction with outdated pricing models. Hyperscalers like Microsoft are establishing themselves as top competitors through […]
Blog
Has Zero Trust Killed Defense in Depth? Or “DiD” It Refine It?
Zero Trust (ZT) continues to make waves (no pun intended), with US federal agencies now publishing guidance, such as the OMB’s M-22-09 or the DoD’s ZT strategy, for effective implementations, allowing for the government to be viewed as a source of trust in cybersecurity — although ZT is still mired in myths, and these can […]
Blog
Meet The New EMEA Cybersecurity Analyst
Meet Tope Olufon, the new analyst covering cybersecurity in EMEA.
Blog
A Look Inside The Forrester-WISP Partnership: A Q&A With Rachel Tobac
The chair of the board at Women in Security and Privacy (WISP) discusses the organization's work and how companies can partner with it to foster diversity in cybersecurity.
COVID-19: Responding, Managing, And Leading During A Pandemic
The latest insights and guidance for leaders to address the growing business and employee experience implications of COVID-19.
Blog
Acknowledging Our Love-Hate Relationship With Security Certifications
Security certifications don’t make you a better practitioner, they make you a better candidate. Experience and continued training and upskilling takes over from there. How do we reconcile this?
Blog
APAC Predictions 2023: Cybersecurity And Risk
In 2023, APAC firms that prioritize internal security and risk cultural practices to deal with external forces will fare the best. Learn more in our 2023 predictions for cybersecurity and risk in APAC.
Blog
Predictions 2023: Security Pros Face Greater Internal Risks
On top of the usual challenges, in 2023, security pros will see more risk coming from internal forces, such as enabling anywhere work and the future of the office. Learn more in our 2023 predictions.
More posts