Access Management , Breach Notification , Business Continuity Management / Disaster Recovery

Is the Breach You Expect the Breach You're Going to Get?

Allie Mellen on Findings in Forrester's 2021 State of Enterprise Breaches Report
Allie Mellen, analyst, Forrester

The number of organizations being breached is on the rise, according to Forrester's 2021 State of Enterprise Breaches report. Its author, analyst Allie Mellen, describes the trend as "disappointing."

See Also: Every Second Counts: 6-Step Ransomware Remediation Guide

The report reveals that organizations have misaligned expectations over which breaches affect them. While 47% of security decision-makers are concerned about external attacks more than any other attack vector, actual breaches that occur are spread more evenly among the vectors of external attacks, lost/stolen assets, internal incidents and third-party providers.

Mellen says security leaders need to "track down data on what's actually caused breaches for you in the past several years versus what your team is most concerned about, and see how that affects where you're actually dedicating time and effort into defense, into detection and response, into protection, and map that out."

In this way, she adds, "you can have a better understanding of where your gaps are, based on which types of attacks you're actually not as proficient in defending against as others."

In a video interview with Information Security Media Group, Mellen discusses:

  • Highlights from Forrester's 2021 State Of Enterprise Breaches report;
  • How North America, Europe and the Asia-Pacific region compare when it comes to breach recovery and response;
  • How security leaders can improve their use of metrics to achieve better outcomes.

Mellen is a Forrester analyst supporting security and risk professionals, covering all aspects of security infrastructure and operations. She covers the people, processes and tools of the SOC, including security analysts; security information and event management; security user behavior analytics; security analytics; security orchestration, automation and response; endpoint detection and response; extended detection and response; and SOC metrics. Her research focuses on where analytics, detection, automation and response are headed in the security industry.

About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.