When it comes to IT security, the size of a company does not matter to hackers. Cybersecurity attacks have happened to high profile corporations and government entities just as they have happened to midsize companies. Even IT security firms are not immune to attacks having been hacked in recent years.

“It is easy for any company, big or small, to fall victim if they are not adequately prepared to fend off or to immediately address the ramifications of a cybersecurity attack,” said Gartner Director of Research Brian Reed during a presentation to CIO and IT leaders at the Midsize Enterprise Summit’s Fall Conference in Austin.

Reed addressed some of the more common IT security risks, including phishing. This is when bogus but legitimate-looking emails are sent to employees asking for sensitive personal or company information such as bank account numbers or an employee’s social security number. This has been a widespread problem in recent years and it has cost firms millions of dollars in losses and security breaches. Reed reviewed a list of products and services that are designed to help companies address potential phishing problems within their organization.

Reed encouraged the IT leaders at MES to consider mitigating data security risk at their organization through security awareness training for staff (Gartner released a magic quadrant for security awareness computer-based training in October 2015) or by leveraging data security technologies that are available in the market.

He also encouraged the IT leaders to utilize better controls for data that is inherently insecure to design such as IRS tax forms or W9 forms and to offload or outsource credit card processing if it is something that is not a core competency. Reed reviewed a list of vendors that Gartner has studied in this space, including those with expertise to manage PCI compliance requirements.

Another security risk factor Reed addressed in his remarks are those that come from data. “Most organizations have so much data, including a lot of dark data, that they do not know what they have and thus don’t know what risks they may face as a result,” said Reed. Sometimes there are instances of previously undetected malicious malware stored among vast collections of data, so Reed cautioned the IT leaders to be aware of this.

Dark data is that which is no longer in use. It presents a risk as a result.  Gartner research has found that 75 percent of data in file shares is dark data, which is an ineffective use of precious storage space. The problem is that it takes IT staff time and effort to review what data is valuable and what data can or should be discarded. The reality is that most companies do not review their data until something like a move to the cloud is at hand.

Reed also addressed software-as-a-service (SaaS) frameworks and reviewed what security controls come with Microsoft Office 365 and what improved controls can be sourced through third-party vendors.

Gartner research indicates that by 2018, 40 percent of Office 365 deployments will rely on third-party tools to fill gaps in security and compliance. This is a major increase from less than 10 percent of the Office 365 deployments that took place in 2015.

While Microsoft and third-party vendors focus on ways to better secure content in motion and at rest, there are additional improvements being developed, including:

  • better managing identify, access and privileges
  • gaining greater visibility of user and data behavior
  • better controlling managed and unmanaged devices

In his closing remarks, Reed laid out a 12-month action plan for the MES attendees to implement, starting with an identification and evaluation process followed by a training and deployment process, and ending with a post deployment assessment and evaluation.

To learn more about Gartner’s research and recommendations for improving IT security, check out their published research and upcoming security events at www.gartner.com.

Janice Cain, MBA, is an award-winning marketing consultant and PR advisor who has been working extensively in the IT industry for more than 10 years with some of the world’s best known software and hardware companies. Follow her @1010_Marketing