When it comes to staving off the plethora of security risks facing businesses today, midmarket companies find themselves in a precarious position: They face the same threats as much larger companies but with fewer financial and technical resources to combat them.
Whether it's fear of ransomware, the need to mitigate the risks of insider threats or the proliferation of Internet of Things devices at home that now pose a threat through remote workers, IT executives at midmarket companies said they are staring down security challenges from all sides, and they are implementing a number of different tactics to do it.
"There's VPN, there's multifactor authentication, there's training and there's all these security things that are coming with this new paradigm shift of being able to do work [remotely]," said Herman Brown, CIO of the San Francisco District Attorney's Office.
The IT security landscape looks very different today than it did just a few years ago, said Paul Furtado, vice president, analyst, within Gartner's Midsize Enterprise Security practice.
"Three years ago, nobody foresaw that we'd be moving 100 percent of our workforce—for a lot of us—to a remote environment," Furtado said during a keynote address at the MES IT Security conference this week in Indianapolis, an event produced by CRN parent The Channel Company. "And yes, we're now starting to see trends where companies are bringing folks back into the physical facilities, back into the offices, but the reality is we always have to have a level of hybrid work in our environment. If we don't, it's going to impact our ability to retain, and in some cases, even attract talent."
In addition, bad actors are moving more quickly to weaponize any tool or vulnerability they can use to their advantage, Furtado said.
"ChatGPT, OpenAI, those types of tools, they're now bringing low-code/no-code malware development to the masses. The frequency of attacks is going to get worse," Furtado said. "That doesn't necessarily mean they're going to be more successful, but we've got to be paying attention to that because you know that guy you [angered] that didn't like his last [performance] review? He now has a tool, even though he's not a developer, that can generate some malware for him, and he can use it to attack your organization."
We spoke with several midmarket IT leaders at the event about what security challenges they're facing and what areas they need help in. Here's what they had to say.
