The Security Snapshot: Summer Is Here, And Risks Are Heating Up
June is here, which means the start of beach days, barbecues, the longest day, and the beginning of summer! Not only is the weather getting warmer, but business and technology risks are also heating up. Our team’s research portfolio has also gotten a refresh: We released three highly anticipated Forrester Wave™ evaluations in the last month, as well as several exciting trends and best-practices reports.
- While data security portfolio vendors have greatly increased their capabilities, the current market does not support using only one vendor for all data security needs. Firms will need to engage several vendors, as each vendor has specific strengths and focuses. Heidi Shey dispels these issues in her brand-new report, “The Forrester Wave™: Data Security Portfolio Vendors, Q2 2019.” Key differentiators in the Wave include data classification, deletion, and obfuscation.
- Every year, Forrester asks our Security & Risk Council members about their top priorities and uses the results to fine-tune our research agenda and activities. For 2019, the top five priorities are establishing metrics, creating business-aligned strategies, ensuring cloud workload security, moving from DevOps to DevSecOps, and managing third-party risk. Read Jinan Budge’s newest report, “Executive Spotlight: Top Priorities For Security And Risk Leaders In 2019” for more details on priorities.
- Unfortunately, ransomware is once again a hot topic this summer. The entire city of Baltimore has been offline for over a month now due to a devastating ransomware attack. Conventional wisdom says that when your company suffers a ransomware attack, you should never pay the ransom. Although companies should generally seek to avoid paying a ransom, it’s a valid recovery path and should be explored in parallel with other recovery efforts to ensure that you’re making the best decision for your organization. Learn more in Josh Zelonis and Trevor Lyness’ most recent report, “Forrester’s Guide To Paying Ransomware.”
- Whether accidental or malicious, insider cybersecurity incidents can result in financial fraud, privacy abuses, intellectual property theft, or damage to infrastructure. In these cases, it can be difficult for security pros to detect this suspicious activity because insiders need to have privileged access to data to do their jobs. Additionally, since insiders are employees, these incidents must be handled with greater care than external threats. Read Joseph Blankenship and Claire O’Malley’s updated report, “Best Practices: Mitigating Insider Threats,” for more information on how to defend your organization from potential risks from insiders.
- Following the hype from “The Forrester Wave™: Global Cybersecurity Consulting Providers, Q2 2019,” Jeff Pollard and Claire O’Malley released “The Forrester Wave™: Midsize Cybersecurity Consulting Services, Q2 2019.” In the evaluation, they found that midsize consulting providers know to play to their niche. However, many of these smaller consulting firms struggle with executive engagement. For more insights, be sure to read the full report.
- Healthcare providers struggle to understand and mitigate medical device risk, particularly devices connected to the hospital network and directly involved in patient care. Meanwhile, patients themselves are worried about the increasing reports of cyberattacks on healthcare organizations. As connected medical devices multiply, they open up lethal vulnerabilities that put patient lives at risk. In their latest report, “Best Practices: Medical Device Security,” Chris Sherman and Salvatore Schiano analyze potential security risks in the medical sector.
- Email is not the hottest business function, but it is deeply ingrained in corporate processes and operations. Its ubiquity causes it to be a common attack vector via phishing, spam, and more. Joseph Blankenship updated his Wave, “The Forrester Wave™: Enterprise Email Security, Q2 2019.” In the evaluation, he found that differentiators in the space include threat intelligence, cloud integration, and deployment options.
(Written with Elsa Pikulik, senior research associate at Forrester)