8 Security Trends Affecting The Midmarket

What's Affecting The Security Market?

Midmarket companies are looking to step up their game when it comes to cybersecurity. According to a joint research study with IDC and CRN parent company The Channel Company, midmarket IT customers are looking to make investments in cloud, endpoint, network, data security and more, IDC Analyst and Research Manager, Information Security Rob Westervelt said in a presentation at the XChange Solution Provider 2017 event's Security University, being held in National Harbor, Md., this week. Driving those investments is a realization that midmarket companies aren't exempt from the rising tide of attacks across all industries, he said. Here are eight security trends that are affecting that market, and where customers say they are looking to place budget bets in the year to come.

Attacks Are Growing More Sophisticated

It's hard to miss that attacks are growing more prevalent and more sophisticated. Westervelt said attackers have evolved, investing in back-end systems and activities for coordinated attacks, protection evasion, VM detection, and more. He said IDC is seeing an increase in targeted multistage attacks, as well as a growth in vulnerabilities and risks through messaging systems. In particular, Westervelt said ransomware is growing, with the vast majority coming through email and presenting a "real problem" to businesses of all sizes. And, while small and midmarket companies might feel less like a target of those attacks, they are definitely not exempt, he said.

Targeting Midmarket Businesses Of All Types

While health-care and financial businesses used to get all the attention when it came to attacks, Westervelt said midmarket businesses of all types are becoming targets. According to IDC data, he said legal, education and health care were the third, fourth and fifth most targeted verticals, due to the valuable information they hold and their connection to other industries. Banking and finance came in second place. The No. 1 most targeted vertical was manufacturing, which he said traditionally has been a laggard when it comes to technology improvements but is facing increased change with a rise in Internet of Things, IT-OT convergence and efficiency demands.

More Emphasis On Cloud Security

The vast majority – 83 percent – of midmarket customers are looking to improve the security of their SaaS offferings, Westervelt said. As more midmarket companies adopt some form of cloud hosting, they are also looking to secure their data in the cloud, he said. While some more sophisticated companies are using technologies such as containerization to secure their move to the cloud, Westervelt said many of them are looking for guidance when it comes to data protection in the cloud.

Managed Security Services Rising

Westervelt said managed security services is also trending "significantly," with 90 percent of midmarket customers saying they are looking to purchase managed security services. However, Westervelt said he is also seeing the market flooded with MSSPs in response to that demand. He said MSSPs would benefit from differentiating themselves by adding professional services, particularly around risk assessments and incident response.

Data Security Rising

Data security is big, Westervelt said, with 63 percent of midmarket customers looking to invest in a variety of data security offerings. Those offerings include data loss prevention, data discovery and data classification, he said. Driving some of that shift is a rise in ransomware, he said, with companies that have been hit by ransomware looking to protect themselves with data governance tools and backups. Coming regulations, such as the EU General Data Protection Regulation, will only drive further emphasis on data security, he said, as companies face stiff penalties for not meeting data security standards.

Endpoint Security Evolving

The endpoint security market has been rapidly evolving, with new startups and legacy vendors innovating new technologies. Westervelt said a lot of midmarket companies are looking to upgrade their endpoint security portfolios, with 61.7 percent looking to add modern anti-virus and endpoint response and remediation, 51.7 percent looking to buy email scanning, 42.6 percent looking for laptop encryption and 37.4 percent looking to buy endpoint data loss prevention. Further driving that rise in attention around endpoint security are a growing number of ransomware attacks, new compliance initiatives and concerns around IoT. Westervelt said this will likely expand into further interest in mobile security in the months and years to come, especially as more users and businesses start to use mobile for authentication, making it a more appealing target for attack.

Network Security Mindset Changing

While network security isn't new to the security space, Westervelt said midmarket companies are looking to increase their spend in this area. He said 63 percent are looking to upgrade to modern network security infrastructure with advanced threat detection, 56 percent are looking to buy managed security services, 43 percent are ready to refresh standard network security products and 41 percent are turning to new security initiatives to support software-defined networking. Westervelt said midmarket companies are particularly looking for network security technologies that can tie into or add to the investments they have already made.

Internet Of Things Rising

While the Internet of Things is often seen as device-protection conversation, Westervelt said it also presents a significant opportunity for solution providers around data collection and protection, as customers collect massive amounts of new data from these devices. Data privacy will also need to be a key part of conversations around IoT data, Westervelt said, as midmarket customers might be approached by third parties to buy their data or might look to take on new big data analytics projects.