Skip to content

Mid-Market: Identities and Cloud Replace Firewall as Primary Attack Vector

Bottom line: Identities and cloud services have become more lucrative for attackers than infrastructure vulnerabilities; many companies fail to close this gap technologically due to lack of people, processes, and clear accountability.

Cyberattacks on mid-market companies have become more professional and targeted – no longer infrastructure vulnerabilities, but identities, SaaS services and legitimate tools are the primary entry points. Christian Gorecki of WIRmachenDRUCK warns of a security gap between tool procurement and actual operationalization.

The threat landscape in the mid-market has fundamentally shifted: attacks today follow industrial patterns with clear division of labor – such as Ransomware-as-a-Service or Initial Access Broker models – rather than opportunistic individual actions. Identity-based attacks (credential theft, MFA bypass, session hijacking), highly personalized and partly AI-generated phishing, supply chain attacks via service providers, and ransomware with dual extortion (data exfiltration plus encryption) occur particularly frequently.

The operational shift is fundamental: attackers no longer primarily exploit classical infrastructure vulnerabilities, but rather compromised identities, SaaS platforms and legitimate system tools (“Living off the Land”). These attack methods are difficult to detect because they disguise themselves as normal user behavior. At the same time, many companies exhibit a classic investment problem: they procure EDR/XDR, SIEM and perimeter security solutions, but in doing so create three blind spots: Identity & Access Management (IAM) is implemented fragmentarily or not at all, SaaS and cloud visibility remains incomplete (shadow IT, misconfigurations), and technological integration is absent – tools are present but not cleanly networked or staffed.

The biggest blind spot is not technology itself, but the missing link between detection and response. Failure points lie almost exclusively with people and processes: shortage of skilled staff, unclear responsibilities between IT, security and business units, processes that are not followed in daily practice, and lack of management prioritization despite available budgets. Many organizations have the tools but lack the capability to derive effective security processes from them.

To position security as a business enabler, it must increase the speed of operational processes rather than slow them down. This means security by design instead of downstream checks, automation in CI/CD pipelines and identity processes, as well as clear, business-aligned KPIs such as Time-to-Detect, Time-to-Respond and reduction of attack surface. Security gains acceptance when it enables faster time-to-market, higher customer trust, and secure supply chain capability.


Source: www.it-daily.net · Published June 24, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.

Share on: