Security challenges: Five midsize IT leaders on where they need help

clock • 8 min read
Security challenges: Five midsize IT leaders on where they need help

From ransomware and malware to the Internet of Things, midmarket IT leaders are staring down a number of security threats, often with limited resources at hand.

When it comes to staving off the plethora of security risks facing businesses today, midmarket companies find themselves in a precarious position: They face the same threats as much larger companies but with fewer financial and technical resources to combat them.

Whether it's fear of ransomware, the need to mitigate the risks of insider threats or the proliferation of Internet of Things devices at home that now pose a threat through remote workers, IT executives at midmarket companies said they are staring down security challenges from all sides, and they are implementing a number of different tactics to do it.

"There's VPN, there's multifactor authentication, there's training and there's all these security things that are coming with this new paradigm shift of being able to do work [remotely]," said Herman Brown, CIO of the San Francisco District Attorney's Office.

The IT security landscape looks very different today than it did just a few years ago, said Paul Furtado, vice president, analyst, within Gartner's Midsize Enterprise Security practice.

"Three years ago, nobody foresaw that we'd be moving 100% of our workforce - for a lot of us - to a remote environment," Furtado said during a keynote address at the MES IT Security conference in Indianapolis last week, an event produced by Computing parent The Channel Company.

"We're now starting to see trends where companies are bringing folks back into the physical facilities, back into the offices, but the reality is we always have to have a level of hybrid work in our environment. If we don't, it's going to impact our ability to retain, and in some cases, even attract talent."

In addition, bad actors are moving more quickly to weaponize any tool or vulnerability they can use to their advantage, Furtado said.

"ChatGPT, OpenAI, those types of tools, they're now bringing low-code/no-code malware development to the masses. The frequency of attacks is going to get worse," Furtado said. "That doesn't necessarily mean they're going to be more successful, but we've got to be paying attention to that because you know that guy you [angered] that didn't like his last [performance] review? He now has a tool, even though he's not a developer, that can generate some malware for him, and he can use it to attack your organization."

Jennifer Follett, editor of Computing's sister title CRN, spoke with several IT leaders at the event about what security challenges they're facing and the areas where they need help. Here's what they had to say.

You may also like
Operation Cronos: NCA reveals details of LockBit affiliates

Threats and Risks

Operation has been crippled - for now

clock 22 February 2024 • 3 min read
ShinyHunters member gets three years for hacking spree

Hacking

Sebastien Raoult and accomplices were responsible for $6 million+ in financial damage

clock 11 January 2024 • 2 min read
Interview: The role of curiosity in security leadership

Strategy

How it helped one CISO shape his security strategy

clock 11 January 2024 • 5 min read
Most read
01

Intel splits in two, signs deal with Microsoft

22 February 2024 • 7 min read
03

Cambridge University hit by DDoS attack

20 February 2024 • 1 min read
04

Gemma: Google unveils open AI models

22 February 2024 • 3 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security

Law enforcement takes down LockBit - updated

Law enforcement takes down LockBit - updated

NCA among the groups under 'Operation Cronos'

Tom Allen
clock 20 February 2024 • 2 min read
Microsoft's chief security advisor joins Cybersecurity Festival 2024

Microsoft's chief security advisor joins Cybersecurity Festival 2024

Sarah Armstrong-Smith will talk AI in security

Tom Allen
clock 19 February 2024 • 1 min read
Microsoft announces critical zero-day Exchange bug

Microsoft announces critical zero-day Exchange bug

Enables remote control of Exchange Server

Vikki Davies
clock 16 February 2024 • 1 min read