Forrester announced it was hit by a cyber attack last week, causing “sensitive” research reports from the market research and investment advisory firm to be hacked.
The company offers customers trends, statistics and other market research, which is employed by businesses prior to launching their specific products and/or services.
The hackers accessed the websites that Forrester’s clients use to log in and download specific research.
‘Changing cyber security risks’
Forrester’s CEO, George Colony, said in a statement: “We recognise that hackers will attack attractive targets – in this case, our research IP. We also understand there is a trade-off between making it easy for our clients to access our research and security measures.
“We feel that we have taken a common-sense approach to those two priorities; however, we will continuously look at that balance to respond to changing cyber security risks.”
Forrester said there is no proof that client and employee data, as well as financial information, was accessed by the hackers.
Ilia Kolochenko, CEO of High-Tech Bridge, added: “Based on the information currently available about the alleged incident, it rather looks like that one, or several, of Forrester’s customers were hacked and their accounts were used to access paid research.
“In light of tremendous data breaches and large-scale password re-use attacks, such incidents become pretty common and are not very risky. However, there are some hidden dangers to bear in mind. For example, paid customer accounts almost always have access to some exclusive features, security of which is likely untested due to complexity of providing demo accounts with real data or similar issues.
‘Wide spectrum of attack vectors’
“Thus, such an account provides a wide spectrum of attack vectors to cyber criminals. Paid Forrester research is of quite low interest for the attackers, but Forrester clients – are very attractive targets.
“Placing malware or providing wrong technical advice to the customers – are probably the most trivial avenues to abuse customers’ trust and breach their corporate networks. This is why research companies from all the industries should take care of their security and follow the most recent security standards.”
The firm noted it is still investigating the breach and is yet to identify the hackers who gained access to the company’s website, Forrester.com.
Written from press release by Leah Alger