Is the Breach You Expect the Breach You're Going to Get?Allie Mellen on Findings in Forrester's 2021 State of Enterprise Breaches Report
The number of organizations being breached is on the rise, according to Forrester's 2021 State of Enterprise Breaches report. Its author, analyst Allie Mellen, describes the trend as "disappointing."
See Also: A Guide to Passwordless Anywhere
The report reveals that organizations have misaligned expectations over which breaches affect them. While 47% of security decision-makers are concerned about external attacks more than any other attack vector, actual breaches that occur are spread more evenly among the vectors of external attacks, lost/stolen assets, internal incidents and third-party providers.
Mellen says security leaders need to "track down data on what's actually caused breaches for you in the past several years versus what your team is most concerned about, and see how that affects where you're actually dedicating time and effort into defense, into detection and response, into protection, and map that out."
In this way, she adds, "you can have a better understanding of where your gaps are, based on which types of attacks you're actually not as proficient in defending against as others."
In a video interview with Information Security Media Group, Mellen discusses:
- Highlights from Forrester's 2021 State Of Enterprise Breaches report;
- How North America, Europe and the Asia-Pacific region compare when it comes to breach recovery and response;
- How security leaders can improve their use of metrics to achieve better outcomes.
Mellen is a Forrester analyst supporting security and risk professionals, covering all aspects of security infrastructure and operations. She covers the people, processes and tools of the SOC, including security analysts; security information and event management; security user behavior analytics; security analytics; security orchestration, automation and response; endpoint detection and response; extended detection and response; and SOC metrics. Her research focuses on where analytics, detection, automation and response are headed in the security industry.