Incident Of The Week: Research Reports Hacked At Forrester



Dan Gunderman
10/27/2017

In the dynamic world of cybersecurity, breaches are both tightly guarded and, sadly, imminent.

Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. CSHub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.

In this edition of “Incident of the Week,” we examine the Forrester data breach. The company is a leading technological market research group.

Earlier this month, Forrester’s Chief Business Technology Officer, Steven Peltzman, announced that the company experienced a “cybersecurity incident.”

On the breach, Peltzman said in a statement, “To date, our investigation has determined that the attack was limited to research reports made available to Forrester clients on Forrester.com. There is no evidence that confidential client data, financial information, or confidential employee data was accessed or exposed as part of the incident.”

Forensic evidence informed the company that the hacker, who gained access using valid user credentials, was spotted and booted from the system. Peltzman also said that “remediation steps were taken.”

The hacked website is a place where clients can go to access research papers specific to their contracts. The papers are filled with statistics and other forms of market research that allow customers to make informed decisions before moving ahead with a product or initiative.

While no individualized data was reportedly lifted during this attack, the research reports are especially valuable – in tracking industry practices and competition, along with new or conceptualized products. This information could be profitable, then, in the hands of an unknown third party.

Forrester said it followed its own protocols in suppressing the hacker. That, most notably, is transparency. “We actively engage and advise our clients on how to respond to incidents. We are following the same advice we provide our clients. Part of that advice is to be transparent and disclose what we know,” Peltzman said in the statement.

Law enforcement was notified of the breach, and the company says it is “strengthening” its “internal security processes and systems.”

Have tips on other buzzworthy incidents? Share them with Associate Editor Dan Gunderman by emailing dan.gunderman@cshub.com.