7 Major Cybersecurity Risks For Midsize Organizations: Gartner

Upping The Game

The security industry is in the middle of a years-long transition from trust but verify to never trust, always verify as zero trust architectures become more pervasive, said Paul Furtado, Gartner’s vice president of midsize enterprise security. Companies aren’t doing the fundamentals well, with 56 percent of attacks exploiting known vulnerabilities where patches have been available for more than 90 days.

“The only thing harder than defending yourself against a cyberattack is telling your executives and your partners why you didn’t do enough to protect yourself,” Furtado said Monday during the opening keynote at Midsize Enterprise Summit IT Security, hosted by CRN parent The Channel Co.

Organizations looking to improve their security need to start with comprehensive around the clock security, which Furtado said requires working with an MSSP, MDR or EDR partner. Data protection should be using immutable backup technology and protecting all critical data as well as the backups themselves, according to Furtado.

“Patching your vulnerabilities is going to be your biggest and easiest thing that you can do,” Paul Shipp of Wisconsin’s Door County Medical Center told CRN. “I‘d like to think that we do that pretty well.” Shipp said the Medical Center’s IT teams takes care of getting patches out when they need to go out on behalf of all employees and departments.

Companies should also examine how they can implement zero trust in a way that’s good for them and their business and also get a dynamic incident response plan in place, according to Furtado. From ransomware and data mining to the supply chain and OT Technology, here are the top seven security risks Furtado said midsize enterprises will be dealing with over the course of 2022.

“It’t not going to get better,” Furtado said. “It is going to get worse. We as practitioners need to up our game because the bad actors are upping their game.”