Mid-sized organizations typically assume that unlike large enterprises, their cyber risk is low, since advanced threat actors wouldn’t bother to attack them. At first glance, this perception might make sense: after all, such organizations don’t hold any ground-breaking IP, economy changing business plans, or classified national secrets. However, reality is totally different.