Achieving Resilience Means Mastering The Response

Nick Hayes

Stephanie Balaouras and I published a report last week on the current state of crisis communications, and one thing is clear: most companies are not ready to invoke their crisis communications plan.

We analyzed data from our recent 2012 Forrester/Disaster Recovery Journal (DRJ) joint online study, which surveyed 115 business continuity decision-makers about their organizations’ crisis communications strategies. The results were disconcerting. Despite roughly half of organizations having invoked their business continuity plan in the past five years, only 15% said their crisis communication efforts were very effective.

Recent events such as Hurricane Sandy and the Sandy Hook school shooting illustrate the damaging, and often tragic, impact crises can have on organizations and the broader community. In fact, Hurricane Sandy was the second costliest in US history. Yet, most organizations are not prepared to manage an effective response to such a crisis. We found that crisis communication programs routinely underperform because:

Read more

How Do S&R Pros Keep Up With Disruption?

Stephanie Balaouras

When I talk to security (S&R) leaders, they always tell me that in an ideal world, they would have enough advanced warning of impending business and technology disruptions in order to understand the security, privacy and overall risk implications and then prepare and present their business executives with a balanced opinion about how best to proceed if and when the enterprise decides to move forward. Unfortunately, most often, business and IT colleagues move on these disruptions and technology shifts far in advance of the security team’s readiness, and we don’t have to look far for examples; just think of employee BYOD, mobile apps for customer engagement, cloud services, social technology for marketing and collaboration, massive big data projects for business intelligence, or virtual and converged infrastructures within the data center.

Read more

Avoid The Social Media Binary

Nick Hayes

Many organizations today get caught up in what I call the “social media binary, where there are only two options to social media control: 1) Allow unrestricted access to social networks, and potentially expose the company to myriad security, regulatory, reputational, and other risks, or 2) set and enforce policy that completely forbids the use of social media while at work, and forgo potentially lucrative business opportunities for the firm.

Read more

Is Your Security Program Ready To Support Disruptive Business Trends?

Chris McClean

 

The evolution of business practices is proving as big of an issue for Security and Risk professionals as the changing threat landscape. Sure, attackers exposed hundreds of millions of personal records and government information in security breaches last year, and there are examples all the time of new, sophisticated attack methods… however Security and Risk pros should also be on the lookout for technology trends that may prove just as difficult to address: Digital disruption creating shockingly more competitive marketplaces, perpetual connectivity intensifying IT user expectations, and the data economy creating incredible new possibilities to leverage the power of existing information. Of course with big business opportunities come big business risks.

Read more

2013 Survey Development Starts Now -- What Data Would You Like For Us To Collect?

Heidi Shey

I’m very excited to kick off survey development for upcoming Forrester Forrsights surveys that will feature security content. Continuing on from previous years will be the Forrsights Security Survey. This is an annual survey of IT security decision-makers from North American and European SMBs and enterprises. New for 2013 is a Workforce Survey that will provide the (also North American and European) employee perspective when it comes to security and devices in use within their workplace. 

These surveys will be fielded April through May, and the results will make their way into published research this summer. Survey development starts now, and I would love to hear what you think about the proposed topics. What are some areas where you’d like to see us gather more data?

Note: I'd love for these surveys to eventually be global! Today we have global data within the Forrsights Budgets And Priorities Tracker Survey (this one goes out to IT decision-makers) and the Forrsights Business Decision Makers Survey

Facebook's Security Breach: Reputation On The Line Now More Than Ever

Nick Hayes

Facebook made headlines last Friday with its announcement that it had been the victim of a sophisticated security attack. All major news publications picked up the story, citing widespread concern about the implications of the breach.

The breach itself, however, was largely a nonevent from a security standpoint.

Facebook identified the security breach before it infiltrated too deeply into company systems, remediated all compromised machines, informed law enforcement, and reported the Java exploit to its parent owner Oracle – acting quickly and appropriately. Most importantly, Facebook made it clear that the breach did not expose any of its users’ data.

Read more

Implement A Successful GRC Program With Forrester's Governance, Risk, and Compliance Playbook

Chris McClean

I’m proud to announce that this week Forrester launched our Governance, Risk, and Compliance Playbook, a collection of in-depth reports covering the critical information you need to implement a successful GRC program… one that focuses on supporting business success, not getting in its way.

First, because risk and compliance are always such quickly moving targets, we included reports to help you plan for the future of GRC and build a business case for why it’s important to invest in your program now.

Next, to make sure your GRC plan is comprehensive and can achieve success, we offer guidance on creating a GRC strategy and making sense of the very complicated GRC technology landscape.

Read more

Introducing Forrester's Cyber Threat Intelligence Research

Rick Holland

We have started a new report series on Cyber Threat Intelligence.  The first report, "Five Steps To Build An Effective Threat Intelligence Capability," is designed to help organizations understand what threat intelligence is and how to establish a program. If you're not a Forrester client and would like the report, Proofpoint is providing a complementary copy. On Thursday March 28th, I will be conducting a Forrester webinar on the report.  Please join me if you'd like to get a deeper perspective on it.  In the future, we will expand on sections of this intial report with additional research including:

  • A collaborative report with Ed Ferrara looking at the cyber threat intelligence vendor landscape
  • An in depth report on "Step No. 5: Derive Intel" 
Read more

Forrester's Enterprise Fraud Management Wave is Out!

Andras Cser

We just published the Forrester Wave on Enterprise Fraud Management - piece of research that has been consistently asked for by our clients. See how vendors stack up on current offering criteria including statistical models, rules authoring, case management,, and reporting  and strategy criteria including vendor staffing, customer satisfaction and financial stability.

Do You Think Of Consumers When It Comes To Data Security Policies And Controls?

Heidi Shey

Your customers are consumers too. They don’t turn into business bots when they set foot in the enterprise. Whether your organization sells a product or a service to enterprises or consumers, you’re interfacing with consumers who have opinions about security and privacy. S&R pros, you already know that you have to be on top of things like regulatory compliance (Hello HIPAA! Hi EU Data Protection Directive!) when creating policies and implementing controls. But what about consumer perceptions and behavior? Consider that*:

  • 49% of US online consumers are concerned about security and privacy when purchasing products online
  • 44% of EU online consumers say the same about sharing personal information to access a website
  • 39% of US online consumers express security and privacy concerns over sharing personal information to participate on a website (e.g, discussion boards, writing reviews)
  • 20% of EU online consumers are concerned about their security and privacy when downloading apps to their mobile phone
Read more