Insider threat the major security concern?

Node4’s Mid-Market IT Priorities Report 2024 reveals the top ten mid-market cyber security threats for the next 12 months, as set out by the sector’s IT decision-makers. Top of the list is insider threat, followed by AI-related threats, ransomware, deep fakes and malware. The second half includes DoS attacks, supply chain attacks, phishing, zero-day attacks and scams/fraud.

Commenting on the findings, Paul Bryce, Managing Director at Node4, notes: “The high level of concern around insider threats could be attributed to the large number of job transitions and redundancies over the past 12 months, coupled with the growing reliance on contractors to address IT and cyber security skills gaps. It might also be linked to long-term, security-related worries, flexible working and the increased potential for cyber attacks on a distributed workforce.”

Node4’s new research also points to significant adoption of pre-crime and preventative cyber security measures, with around 40% of respondents stating they currently have dark web intelligence and incident response capabilities — suggesting a growing level of maturity in cyber security policy adoption across the mid-market.

Perhaps linked to the above findings, the report reveals a high degree of optimism surrounding cyber security defence capabilities. Over three-quarters of IT decision-makers said they were confident in their organisation’s ability to prevent and respond to cyber-attacks, despite the research being conducted at a time of increased cyber security attacks aimed squarely at small and mid-sized organisations. Breaking down these results by vertical sector, IT decision-makers working in private healthcare were the most confident, while those in retail were least so.

It is worth sounding a note of caution here. Over a quarter of respondents told us they believe AI could expose their organisation to new cyber security risks in the future, and that dealing with AI-related threats is their top priority for the next 12 months. Further, around one-third of compliance challenges identified by respondents in this research are directly linked to IT security and cyber security risk mitigation — pointing to the ongoing complex issues at play in ensuring secure remote access to corporate data. Taken together, these findings indicate now is not the time for complacency, and the mid-market’s IT decision-makers need to double down on their proactive, vigilant cyber security stance.

Less than 15% of mid-market IT decision-makers manage cyber security defences with internal staff, while over a third outsource to managed service providers. Meanwhile, the majority rely on a combination of in-house resources and their MSP. This could explain why nearly a quarter of respondents said the need to enhance data security and compliance was driving their digital transformation efforts.

Paul Bryce concludes: “Our findings show that many mid-market organisations are working hard to implement more mature and effective cyber security measures, which is encouraging given that the combined impact of lower budgets, fewer resources and a shortage of in-house skills could easily hamper these efforts. However, around a quarter of respondents stated that a lack of suitable services from cloud providers, primary tech partners and MSPs was a principal barrier to doing so. This suggests the mid-market relies increasingly on third-party support to do the heavy lifting for its cyber security strategy implementations — and will lean on it to an even greater degree as cybercriminal threats become even more complex, harder to spot and difficult to repel.”