Introducing The Forrester Wave™: Digital Risk Monitoring, Q3 2016

We recently published our Forrester Wave™: Digital Risk Monitoring, Q3 2016 report. We evaluate nine of the top vendors in this emerging market that offer solutions to continuously monitor “digital” -- i.e., social, mobile, web, and dark web -- channels to detect, prevent, and mitigate any type of risk event posing a threat to organizations today.


Why now

It’s almost 2017 and yet companies are more exposed and less equipped to handle the slew of risks that run rampant across countless digital channels today. Digital risk monitoring (DRM) solutions are increasingly valuable for organizations because:

  • Digital channels are now ground zero for cyber, brand, and even physical attacks. Cybercriminals use a variety of tactics to weaponize social media, impersonate or embed malware into mobile apps, deface websites, collude in dark channels, and cause financial, reputational, or physical harm. Digital risk monitoring tools combat these methods by deploying a variety of data-gathering and advanced risk analysis techniques. They aggregate data via open-source intelligence (OSINT), technical intelligence (TECHINT), human intelligence (HUMINT), and even covert human intelligence (CHIS). Then they analyze the collected data with data classifiers, machine learning, and risk scoring algorithms to determine the most likely and most threatening risk events in a quick and efficient manner.
Read more

Facebook, LinkedIn, Twitter: The New Cyberweapons Of Choice

New social media scams and marketing #fails are common fodder for water cooler banter today – even a recent episode of HBO’s Veep ran a joke where the President blames a Chinese cyberattack for sending an ill-advised tweet.

But social media cybersecurity issues are far from a laughing matter, and it’s time we all take notice. Our new report Four Ways Cybercriminals Exploit Social Media proves this.

Poor social media security practices put you, your brand, your customers, your executives, and your entire organization at serious risk. According to Cisco, Facebook scams were the most common form of malware distributed in 2015, and in its most recent annual internet crime report, the FBI highlighted that social media-related events had quadrupled over the past five years. Social media is also increasingly an effective tool for terrorist groups like ISIS, even as Twitter and other social networks work around the clock to remove associated accounts.

Read more

Brand Resilience: Risk Pros' Key Role In Protecting Company Reputation

Risk professionals aren’t prepared for the age of the customer. Empowered consumers and changing market dynamics are upending longstanding business models and lines of operation, but risk professionals largely stand pat, and continue to neglect risks related to their organizations’ most critical asset – company reputation. Yesterday we published a report on "Brand Resilience" that will hopefully help you change that legacy risk mentality.


Corporate Reputation Is Increasingly Valuable…  

Companies today rely on their reputation to generate greater portions of their revenue, attract new customers, and retain existing ones. This is why we see:

Read more

The Global Risk Environment Looks A Lot Different In The Age Of The Customer

Earlier today, we published a report that dissects global risk perceptions of business and technology management leaders. One of the most eye-popping observations from our analysis is how customer obsession dramatically alters the risk mindset of business decision-makers.

Out of seven strategic initiatives -- including “grow revenues,” “reduce costs,” and “better comply with regulations,” -- improve the experience of our customers is the most frequently cited priority for business and IT decision-makers over the next 12 months. When you compare those “customer-obsessed” decision-makers (i.e. those who believe customer experience is a critical priority) versus others who view customer experience as a lower priority, drastic differences appear in how they view, prioritize, and manage risk.

Customer obsession has the following effects on business decision-makers’ risk perceptions:

  • Risk concerns heighten dramatically across several risk types – especially reputational risk. Reputational risk concern more than doubles for customer-obsessed decision-makers, and other risks also see significant increases, including corporate social responsibility (CSR) and sustainability risk, regulatory and compliance risk, and talent and human capital risk.
Read more

Proofpoint Acquires Nexgate: SRC Market Matures, But Still Lots Of “Points To Prove”

Yesterday, Proofpoint announced it will acquire social risk and compliance (SRC) vendor Nexgate for approximately $35 million.

The Acquisition Signals The SRC Market Is Maturing

This acquisition points to a budding and rapidly evolving SRC market. With the proliferation of social media, organizations face a slew of emerging regulatory challenges, brand threats, and security vulnerabilities – just look at recent incidents with Cole Haan, Zarbee’s, US Airways, British Gas, among countless others, even including our own US military. While once a niche market helping financial services firms meet FINRA obligations, SRC solutions now offer more than just compliance support, helping organizations better manage today’s wide gamut of social risks with social threat detection, account protection, and risk monitoring.

Proofpoint Has To Prove The Sum Is Greater Than Its Parts

Read more And Risk Analytics – They May Soon Be A Vendor To Watch?

Last week (SFDC) hosted its annual Dreamforce Conference in San Francisco, and for the first time, the cloud giant’s products could soon have some major implications in the governance, risk, and compliance (GRC) market.

Amidst the chaos of keynotes, partner sessions, guest speakers like Hilary Clinton,, Al Gore, and our very own George Colony, two of SFDC’s major announcements demonstrated how its new offerings and future strategy will position the company to compete in the very big business intelligence market:

  1. SFDC plans to grow from $5.4 billion to $20 billion by competing more directly with BI vendors like SAP
  2. SFDC announced its "Wave" Analytics Cloud offering, which helps deliver dashboards and analytics from any data source in its platform.
Read more

Protect Your Brand Today Through Comprehensive Risk Intelligence

We all know that securing your perimeter and your internal assets only gets you so far today. The crux of the issue is that your brand, and potential threats to it, are now often external and out of your direct area of control. The number of places and channels online where your brand appears and where malicious actors discuss how to take down your organization is expanding rapidly today.

Websites, media outlets, search engines, marketplaces, social networks, forums, mobile apps, online ads, and more – these are all places where your brands, products, workers, and affiliates and other associated third parties can be mentioned in inappropriate or malevolent contexts: They increase opportunities for brand defamation and data leakage; they act as discreet places to conspire or collude; they open the door to new security vulnerabilities; they decrease your control over your products; and they make it harder to spot contract violations and breaches.


The good news is: You’re not powerless either.

Read more

Announcing The Social Risk & Compliance (SRC) Solutions Wave

Today we published a new Forrester Wave: Social Risk & Compliance (SRC) Solutions, Q2 2014. This report evaluates 10 vendors emerging to help organizations enable companywide use of social media while providing the necessary controls and oversight to mitigate associated risks and enforce compliance.


Why now

Use of social media today is rampant.

It’s no longer just your marketing team that uses social media for business purposes. Employees across the entire organization use social media for personal and professional reasons, leveraging social to drive real business for your company. The opportunities to enhance your brand, deepen customer relationships, and glean new customer insights are all too valuable to ignore -- but the risks are real too.

Moreover, the legal and regulatory landscape is evolving rapidly, complicating the ways in which you can manage social media and the myriad reputational, security, and privacy risks (among others) that expose your organization. To take advantage of these opportunities and still protect your company, you need new tools and technology to do this effectively.


What they do

Read more

Key Lesson From The US Airways #Fail: Marketers Need Help Managing Risk

Everyone makes mistakes, but for social media teams, one wrong click can mean catastrophe. @USAirways experienced this yesterday when it responded to a customer complaint on Twitter with a pornographic image, quickly escalating into every social media manager’s worst nightmare.

Not only is this one of the most obscene social media #fails to date, but the marketers operating the airline’s Twitter handle left the post online for close to an hour. In the age of social media, it might as well have remained up there for a decade. Regardless of how or why this happened, this event immediately paints a picture of incompetence at US Airways, as well as the newly merged American Airlines brand.

It also indicates a lack of effective oversight and governance.

While details are still emerging, initial reports indicate that human error was the cause of the errant US Airways tweet, which likely means it was a copy and paste mistake or the image was saved incorrectly and selected from the wrong stream. In any case, basic controls could have prevented this brand disaster:

  • US Airways could have built a process where all outgoing posts that contain an image must be reviewed by a secondary reviewer or manager;
  • It could have segregated its social content library so that posts flagged for spam don’t appear for outgoing posts;
  • It could have leveraged technology that previews the full post and image before publishing.
Read more

Five Common Legal & Regulatory Challenges With Social Media

It should come as no surprise that regulators and organizations alike struggle to set and enforce guidelines for social media activity. It’s not just that the rise of social media is rapidly transforming the way we interact with people, customers, and brands; but also how many ways this transformation is happening.

The core issue is that social media alters the way we as individuals share who we are, merging our roles as people, professionals, and consumers.  As we share more of ourselves on a growing number of social networks, questions quickly surface:

  • How frequently and on what social networks should we post?
  • When should we present ourselves in our professional role versus sharing our personal opinions?
  • Is it okay to be social media friends with co-workers, clients, or your boss?

These are complicated matters for individuals, and absolute conundrums for organizations concerned with how employees behave and interact with others in, and outside of, the workplace. Their questions are even more complicated:

  • Can organizations dictate how their employees use social media?
  • Can they monitor social media conversations or use it to learn more about prospective job applicants?
  • When does the personal connection allowed by social media tools cross the line from business to personal?
Read more