![Page 1: The State of Midsize Enterprise Cybersecurity · • Tech Risk Pro performing reading, writing, ‘rithmetic on risk and ... (e.g. firewalls, antivirus, patch, etc.) Mobile worker](https://reader033.vdocuments.site/reader033/viewer/2022050211/5f5dfe621e1a563a8d0f9efa/html5/thumbnails/1.jpg)
The State of Midsize Enterprise CybersecurityPete Lindstrom
VP of Security Strategies
© IDC
![Page 2: The State of Midsize Enterprise Cybersecurity · • Tech Risk Pro performing reading, writing, ‘rithmetic on risk and ... (e.g. firewalls, antivirus, patch, etc.) Mobile worker](https://reader033.vdocuments.site/reader033/viewer/2022050211/5f5dfe621e1a563a8d0f9efa/html5/thumbnails/2.jpg)
9/18 9am-9:15am
In today’s digital world, data breaches seem like a fact of life. Having
payments fraudulently re-routed, leaking customers’ private information,
and enabling – or being accused of enabling – nation-state attacks of
critical infrastructure are all very real risks to midsized enterprises. And
these enterprises are more likely to experience unrecoverable damage
leading to bankruptcy or worse. Let’s take a quick look at results from our
cybersecurity survey regarding the things that you and your peers have
identified as the key risks, challenges, and controls associated with your
cybersecurity programs.
© IDC 2
The State of Midsize Enterprise Cybersecurity
![Page 3: The State of Midsize Enterprise Cybersecurity · • Tech Risk Pro performing reading, writing, ‘rithmetic on risk and ... (e.g. firewalls, antivirus, patch, etc.) Mobile worker](https://reader033.vdocuments.site/reader033/viewer/2022050211/5f5dfe621e1a563a8d0f9efa/html5/thumbnails/3.jpg)
© IDC 3
Pete Lindstrom
• Over 25 years in InfoSec, IT, Finance
• Tech Risk Pro performing reading, writing, ‘rithmetic on risk and security matters
• Former Marine (Gulf War veteran), ‘Big Four’ IT Auditor (PwC), Internal Auditor (GMAC Mortgage), Security Architect & Director (Wyeth)
• BBA Finance, University of Notre Dame; former CISSP and CISA
Vice President, Security StrategiesIT Executive Program, IDC
![Page 4: The State of Midsize Enterprise Cybersecurity · • Tech Risk Pro performing reading, writing, ‘rithmetic on risk and ... (e.g. firewalls, antivirus, patch, etc.) Mobile worker](https://reader033.vdocuments.site/reader033/viewer/2022050211/5f5dfe621e1a563a8d0f9efa/html5/thumbnails/4.jpg)
4© IDC
![Page 5: The State of Midsize Enterprise Cybersecurity · • Tech Risk Pro performing reading, writing, ‘rithmetic on risk and ... (e.g. firewalls, antivirus, patch, etc.) Mobile worker](https://reader033.vdocuments.site/reader033/viewer/2022050211/5f5dfe621e1a563a8d0f9efa/html5/thumbnails/5.jpg)
5© IDC
![Page 6: The State of Midsize Enterprise Cybersecurity · • Tech Risk Pro performing reading, writing, ‘rithmetic on risk and ... (e.g. firewalls, antivirus, patch, etc.) Mobile worker](https://reader033.vdocuments.site/reader033/viewer/2022050211/5f5dfe621e1a563a8d0f9efa/html5/thumbnails/6.jpg)
MES Survey: What are your top risks?
6© IDC
0 1 2 3 4 5
Phishing / Business Email Compromise
Ransomware
Leaked Personally Identifiable Information (PII
Non-Compliance (regulations, contracts, etc.)
Stolen intellectual property
Botnet infection
Denial of Service against web/cloud environment
Fraudulent Wire Transfer/Stolen Funds
Digital Patsy (your IT assets used to attack/compromise abusiness partner or customer)
![Page 7: The State of Midsize Enterprise Cybersecurity · • Tech Risk Pro performing reading, writing, ‘rithmetic on risk and ... (e.g. firewalls, antivirus, patch, etc.) Mobile worker](https://reader033.vdocuments.site/reader033/viewer/2022050211/5f5dfe621e1a563a8d0f9efa/html5/thumbnails/7.jpg)
Threat
Vulnerability
Impact
Risk
Affected by volume of activity, availability/cost of exploits, attacker risk
Security posture affected by number of accessible systems, known vulnerabilities
Qualitative or quantitative estimates of increased costs and reduced revenue
The Components of Risk
7
Loss of confidentiality, Integrity, availability, productivity, propriety
Lik
elih
oo
d
Sources of activity: users / devices
Unwanted outcomes
Targets of activity: apps / servers
Potential loss
![Page 8: The State of Midsize Enterprise Cybersecurity · • Tech Risk Pro performing reading, writing, ‘rithmetic on risk and ... (e.g. firewalls, antivirus, patch, etc.) Mobile worker](https://reader033.vdocuments.site/reader033/viewer/2022050211/5f5dfe621e1a563a8d0f9efa/html5/thumbnails/8.jpg)
MES Survey: What are your best controls?
8© IDC
High Benefit
Low Cost
Best
Value
AVG
More
Efficient
More
Effective
Outsource /
Insure
UAT
UAT: User awareness training
Patch: Patch managementVPN Encrypted communicationsMFA: Multifactor authenticationEmail: Email security solutionsFW: Firewalls
SWG: Secure web gateways / proxiesVuln: Vulnerability scanningData: Data securityAsset: Asset/config managementCompliance: Compliance activities
SOC: Security operations center
Patch
VPNMFA
EmailFW
SWG
Vuln
Data
SOC
CompAsset
![Page 9: The State of Midsize Enterprise Cybersecurity · • Tech Risk Pro performing reading, writing, ‘rithmetic on risk and ... (e.g. firewalls, antivirus, patch, etc.) Mobile worker](https://reader033.vdocuments.site/reader033/viewer/2022050211/5f5dfe621e1a563a8d0f9efa/html5/thumbnails/9.jpg)
In Search of… Economic Analysis for RRUC
9© IDC
“Risk Reduced per
Unit Cost”
![Page 10: The State of Midsize Enterprise Cybersecurity · • Tech Risk Pro performing reading, writing, ‘rithmetic on risk and ... (e.g. firewalls, antivirus, patch, etc.) Mobile worker](https://reader033.vdocuments.site/reader033/viewer/2022050211/5f5dfe621e1a563a8d0f9efa/html5/thumbnails/10.jpg)
© IDC 10
MES Survey: What are your spending plans?
0 10 20 30 40 50 60
Advanced security solutions (e.g. single sign-on, data security, encryption, threat detection, etc.)
Backup and disaster recovery
Improve customer experience
Business inte lligence ('BI') and analytics to manage resources better and develop actionable information
Servers/server in frastructure
Upgrade/add new PCs (including desktop to notebook PC migration)
Cloud/hosted resources
Network equipment
Onl ine application resources like GoogleApps, Office365 or OpenOffice
Integrate on-premises capabilities and cloud-based/hosted resources
Storage capacity/improving storage management
Traditiona l security solutions (e .g. firewalls, antivirus, patch, etc.)
Mobile worker support, including remote access to company network resources
Video conferencing or collaboration
Electronic document capture/processing/management
Sales tools includ ing CRM and account info
Private cloud' resources hosted on-premises and delivered remotely to employees/authorized users
Company-provided tablets or smartphones
Coordinate/upgrade both internal ly and externally facing technology resources ( like ecommerce) for maximum…
Coordinate multiple Cloud-based/hosted resources (multi-cloud management services)
Onl ine promotion and selling
Support for employee-owned devices like smartphones and tablets ('Bring your own device' or BYOD)
Managed print services to outsource prin ting equipment/maintenance/supplies
Connecting internal or external sensors and/or devices (smartphones, tablets) to gather in fo for analysis ('Internet-of-…
Other
% of Respondents
Advanced Security
Traditional Security
![Page 11: The State of Midsize Enterprise Cybersecurity · • Tech Risk Pro performing reading, writing, ‘rithmetic on risk and ... (e.g. firewalls, antivirus, patch, etc.) Mobile worker](https://reader033.vdocuments.site/reader033/viewer/2022050211/5f5dfe621e1a563a8d0f9efa/html5/thumbnails/11.jpg)
© IDC 11
MES Survey: How much are you spending?
$10k $85k $160k $235k $310k $350k
Scarce Resources High Expectations
![Page 12: The State of Midsize Enterprise Cybersecurity · • Tech Risk Pro performing reading, writing, ‘rithmetic on risk and ... (e.g. firewalls, antivirus, patch, etc.) Mobile worker](https://reader033.vdocuments.site/reader033/viewer/2022050211/5f5dfe621e1a563a8d0f9efa/html5/thumbnails/12.jpg)
Peers: Best Practices for Security Budgets
12© IDC
![Page 13: The State of Midsize Enterprise Cybersecurity · • Tech Risk Pro performing reading, writing, ‘rithmetic on risk and ... (e.g. firewalls, antivirus, patch, etc.) Mobile worker](https://reader033.vdocuments.site/reader033/viewer/2022050211/5f5dfe621e1a563a8d0f9efa/html5/thumbnails/13.jpg)
▪ Look for ways that help you ASSESS RISK
▪ Look for ways that help you APPLY CONTROLS
▪ Look for ways that help you ALLOCATE RESOURCES
© IDC 13
Throughout the day…
And never forget…
![Page 14: The State of Midsize Enterprise Cybersecurity · • Tech Risk Pro performing reading, writing, ‘rithmetic on risk and ... (e.g. firewalls, antivirus, patch, etc.) Mobile worker](https://reader033.vdocuments.site/reader033/viewer/2022050211/5f5dfe621e1a563a8d0f9efa/html5/thumbnails/14.jpg)
“To enable business transformation through
proper cyber risk management by allocating
security resources efficiently and effectively
leading to the strongest cybersecurity
program possible.”
The Cybersecurity Mission Statement
![Page 15: The State of Midsize Enterprise Cybersecurity · • Tech Risk Pro performing reading, writing, ‘rithmetic on risk and ... (e.g. firewalls, antivirus, patch, etc.) Mobile worker](https://reader033.vdocuments.site/reader033/viewer/2022050211/5f5dfe621e1a563a8d0f9efa/html5/thumbnails/15.jpg)
15© IDC
IDC is the premier global provider of market intelligence, advisory services, and
events for the information technology, telecommunications, and consumer
technology markets. IDC helps IT professionals, business executives, and the
investment community make fact-based decisions on technology purchases and
business strategy. More than 1,100 IDC analysts provide global, regional, and local
expertise on technology and industry opportunities and trends in over 110
countries worldwide. For more than 50 years, IDC has provided strategic insights
to help our clients achieve their key business objectives. IDC is a subsidiary of IDG,
the world's leading technology media, research, and eventscompany.
Terms of Use: Except as otherwise noted, the information enclosed is the
intellectual property of IDC, copyright 2016. Reproduction is forbidden unless
authorized; contact [email protected] for information. All rights reserved.