Forrester Research announced that it was the victim of a cyber-attack. According to the firm, the attack had limited impact, with no evidence that confidential client data had been stolen. According to Forrester Research’s preliminary investigation, attackers were able to gain access to Forrester.com content that was intended to be limited exclusively to clients.
“We recognize that hackers will attack attractive targets—in this case, our research IP,” George F. Colony, chairman and chief executive officer of Forrester, stated. “We also understand there is a tradeoff between making it easy for our clients to access our research and security measures,” Colony added. “We feel that we have taken a common-sense approach to those two priorities; however, we will continuously look at that balance to respond to changing cyber-security risk.”
Steven Peltzman, Chief Business Technology Officer at Forrester Research commented in a blog post that his firm was able to detect the attackers and shut them out of the system. He noted that the attackers were able to make use of valid credentials for the Forrester.com site, that were somehow stolen.
“The incident triggered our system protocols and processes, allowing us to respond across our firm,” Peltzman stated. “Other than the incidence response team itself, there was no disruption to the work we do for our clients.”
Though Forrester Research has downplayed the impact of the cyber-security incident, security experts contacted by eWEEKnoted there are multiple security risks that the breach potentially exposes.