Security management
Insights
Blog
Decoding The Naming Game: Why Standardizing Threat Actor Names Alone Won’t Enhance Your Security Posture Or Response
Microsoft, CrowdStrike, Palo Alto Networks, and Mandiant recently announced a new initiative to create an aggregate and standardized glossary of threat actors. Learn the benefits and limitations of standardizing threat actor names.
Blog
Sudo Coming To Windows? Pretty Much, Yeah
Windows 11 introduces a new security feature that separates admin and user roles, bringing a sudolike experience to the desktop.
Can Your Security Strategy Handle Today’s Volatility?
Economic turmoil, increased cyberattacks, and changing regulations. Learn new strategies for managing risk in an era of volatility.
Blog
Worldcoin Orb Identity Verification Device Faces Headwinds In Mass Adoption
Last week, identity verification and authentication startup World (which was cofounded by OpenAI cofounder Sam Altman) announced that it is broadening operations of its Orb device in the US.
Blog
Coinbase Flips The Coin On Would-Be Extortionists
In a recent example of why managing insider risk is critical, cryptocurrency exchange Coinbase announced that it was the target of an extortion scheme enabled by insiders. Learn more about the incident and how to protect against it in this blog.
Blog
Tackling Cloud Security: US Federal Edition
Back in 2007, the first US federal CIO, Vivek Kundra, was appointed. Shortly after in December of 2010, he launched one of the world’s first “cloud-first” initiatives, making many US federal agencies such as the General Services Administration (GSA) some of the earlier innovators in this arena.
Blog
Overregulation Forges A CISO Coalition With The G7 Letter
A coalition of over 40 chief information security officers (CISOs) from leading companies, including Salesforce, Microsoft, AWS, Mastercard, and Siemens, sent a letter to the G7 and OECD, urging them to take action on aligning international cybersecurity regulations.
Blog
Global Tariffs: Dynamic Risk Management Meets Its Moment
The recent introduction of US-imposed tariffs has shaken global trade. While economists and financial analysts debate whether this on-again/off-again trade war fits into their model for geopolitical, economic, or supply chain risks, the result is the same: uncertainty and chaos sure to shake up business strategy for the foreseeable future. This new era of volatility […]
Showcase Your Security & Risk Innovation With A Forrester Award
Get recognized for excellence in security, privacy, and risk innovation. Apply for a Forrester Security & Risk Enterprise Leadership Award to celebrate your success in creating resilient operations. Apply by July 23, 2025.
Blog
Don’t Call It A Comeback: Stay Ready For Ransomware
So far, 2025 is filled with … distractions for security leaders. Between scrambling to secure their organizations’ AI initiatives, staying on top of critical vulnerabilities (and the organizations delivering the CVE process), perpetually communicating and training to guard against human element breaches, and navigating yet another period of uncertainty and volatility, it’s tempting to take […]
Blog
MITRE-geddon Averted, But Fragility In CVE Processes Remains
This week, we saw the CVE process, as we know it, come hours from the brink of collapse when a memo started circulating on LinkedIn that DHS would cut funding to MITRE’s CVE cataloging on April 16. MITRE’s role in the CVE process is the crucial first step in assigning IDs to vulnerabilities so that practitioners, vendors, researchers, and governments across the globe can consistently reference the same vulnerability. The process also allows for responsible disclosures and accountability for vulnerabilities to software companies.
Blog
OpenAI Requires Identity Verification For Access To Its Latest Models
OpenAI announced that it will require organizations to complete an identity verification (IDV) process to verify their organization’s identity before being allowed to access the latest OpenAI models. Identity verification will likely require developers to digitally verify themselves using government-issued photo ID from permitted countries and prove their affiliation with their organization. Forrester expects that […]
Blog
Government Leaders: Prioritize Cyber Efficiency Amid Federal Volatility
Government agencies at the federal, state, and local levels must prepare for a future where they experience uncertainty, headcount reductions, contract cancellations, and budget cuts. This is gut-wrenchingly difficult to process, yet remaining leaders must figure out how to move forward to serve the mission. For public sector cybersecurity leaders, this is even more paramount. […]
Blog
Forrester’s Top Threats For 2025
2025 started with a bang! Technology and geopolitics are changing so fast that many can’t keep track of the latest trends, with an announcement of new, benchmark-shattering genAI-related tech seemingly every week.
Blog
Announcing Forrester’s Security & Risk Enterprise Leadership Award
Forrester is delighted to announce the opening call for our annual Security & Risk Enterprise Leadership Award. This award recognizes organizations that have transformed their security, privacy, and risk management functions into capabilities that fuel the organization’s reputation for trust and its long-term success.
Blog
The Tech Exec’s Guide To Decoding Cybersecurity Vendor Performance
Forrester analyzed the earnings calls of the 10 largest cybersecurity vendors by market cap and identified key trends for technology executives.
Blog
New Year, New Us: Introducing Forrester’s International Security & Risk Team Research
Dive into our backgrounds, existing research, and capabilities. As a team, we cover a multitude of security and risk priorities. We are also geographically distributed; no one else is as uniquely positioned to add this level of global perspective to our research and our clients.
Blog
Generative AI Innovation In Security Tools Is Finally Getting Interesting
The core themes of The-C2 conference in London were artificial intelligence, supply chain security, and cyber hygiene. Get a closer look at how these themes may impact security professionals in this recap.
Blog
Address The Whole Person To Impact Insider Risk
One of the main themes from the recent Insider Summit was that insider risk is very much a human problem, not a technology problem. Find out more in this review of the event.
Blog
Breaches And Lawsuits And Fines, Oh My! What We Learned, The Hard Way, From 2024
With the average cost of a data breach at $2.7 million and 33% of enterprises reporting being breached three or more times over the past 12 months, understanding and learning from past incidents is not just beneficial — it’s essential.
Blog
Google To Acquire CNAPP Specialist Unicorn Wiz For $32 Billion
Learn what the largest-ever acquisition in cybersecurity means both for Google and the CNAPP space.
Blog
The Akira IoT Device Attacks Aren’t Just About THAT Device
Securing IoT devices presents unique challenges due to their proprietary operating systems and firmware, which often preclude traditional endpoint protection methods. This blog explores the critical role of network segmentation and Zero Trust principles in mitigating risks, emphasizing the importance of robust edge, network, and gateway security measures to defend against sophisticated attacks such as the Androxgh0st botnet and Akira ransomware.
More posts