Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:29 AM
Dark Reading
Dark Reading
Products and Releases

The State Of SMB Security: BYOD And Security Violations On The Rise

White paper reports that the Bring Your Own Device (BYOD) trend of employees using personal mobile devices and laptops for work is increasing among SMBs

CUPERTINO, Calif., Sept. 13, 2012 /PRNewswire/ -- As resellers look to improve their SMB customers' security posture while reducing their security management costs, they can rely on the cloud-client architecture of the Trend Micro(TM) Smart Protection Network(TM) to enable faster access to threat intelligence and protection.

Based on a survey of over 100 SMB IT Security Providers during June and July 2012, and its own independent analysis, Osterman Research looked into the current state of SMB security and the benefits of faster protection and published the white paper, "The Cloud Advantage: Increased Security and Lower Costs for SMBs."

The white paper reports that the Bring Your Own Device (BYOD) trend of employees using personal mobile devices and laptops for work is increasing among SMBs. The typical SMB employee uses a number of endpoint devices - a desktop computer, a laptop, a smartphone, a tablet, and home computers with various applications on them, all vectors through which malware can enter their SMB organization's network. Cyber criminals employ multiple compromised endpoints and social networking to reach large numbers of targets, targeting the more popular mobile devices such as Android(TM) and iOS.

The Osterman Research survey also found:

-- Android usage gained the largest increase in SMB, with the number of

Google Androids being used in SMBs increasing 7.1 percent from 2011. The

number of Apple iPhones being used in SMBs increased 3.1 percent, and

Apple iPad usage has increased 1.9 percent from 2011.

-- During a typical month 4.3 percent of endpoints become infected, which

translates to an infection rate of 52.1 percent annually.

-- During the past several years a growing number of organizations reported

security violations through their use of web and email. Between 2007 and

2012 there was a 35-percent growth in web violations and a 12-percent

growth in email violations, suggesting that security violations -

malware, phishing and related types of attacks - are growing steadily

over time.

The various endpoint devices proliferating in SMBs need to be properly secured to protect the company from malware, phishing and related attacks. Data breaches are becoming so costly that many organizations are at risk of being put out of business through direct financial losses or the high cost of direct or indirect data loss. Last year alone, more than a billion dollars was stolen from small and midsize bank accounts. Besides the consequences to SMBs of data loss, financial loss, or the potential interception of sensitive content, IT Security Providers must spend time and money cleaning customers' endpoints. Osterman Research found that it takes a mean elapsed time of 72 minutes to remediate a single endpoint, time wasted that could have been avoided with better security.

Additional Findings:

-- IT labor costs are high. The survey found that each IT staff member

supports only 33 endpoints, resulting in a total IT labor cost of $2,400

per endpoint or $79,200 per year.

-- 5.2 percent of IT staff time during a typical week is spent on email

security management.

There is a greater likelihood of malware-related infections for the many SMBs who update their pattern files/signatures only a few times per day. There is a greater chance of infection during the security time gap between when malware is released and when the protection is deployed across the various endpoints. To combat this problem SMBs should update more regularly, as close to real time as possible. Solutions that manage threat intelligence and pattern file/signature updates in the cloud save on endpoint computing resources and allow security solutions to detect and remediate newly discovered threats more quickly. This will result in lower costs and fewer infections, coupled with fewer IT resource requirements and less time spent on cleaning devices, as well as less time spent managing email and web security.

"Trend Micro is one of the leading security vendors that manages threat intelligence in the cloud. The cloud-client architecture in the Trend Micro Smart Protection Network provides faster protection than conventional approaches that rely solely on pattern file updates," concluded Michael Osterman, founder of Osterman Research.

"Trend Micro is committed to enabling our SMB Partners to deliver real time cloud-based security to their customers," said Amy Luby, global SMB solution marketing manager at Trend Micro. "We are dedicated to helping partners grow their business by providing the best security and customer satisfaction while reducing their overhead costs."

Trend Micro offers content security that provides immediate protection in a tightly integrated offering of solutions. At the core of these products is the Trend Micro Smart Protection Network. The Smart Protection Network cloud security infrastructure rapidly and accurately identifies new threats, delivering global threat intelligence to secure data wherever it resides. The Smart Protection Network powers the cloud security solutions, which protect the SMB, including hosted endpoint security, hosted email security, and hosted mobile device management. IT service providers can manage the entire cloud security portfolio from a cloud-based central management console, with visibility into multiple customers' deployments from one central command post.

Trend Micro protected small and medium-sized businesses (SMBs) against more than

142 million threats in the first half of 2012 alone.

For the full Osterman Research report, please visit:


About Trend Micro

Trend Micro Incorporated (TYO: 4704;TSE: 4704), the global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years' experience, we deliver top-ranked client, server and cloud-based security that fits our customers' and partners' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro Smart Protection Network cloud computing security infrastructure, our products and services stop threats where they emerge - from the Internet.

They are supported by 1,000+ threat intelligence experts around the globe.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
9/18/2012 | 1:51:28 PM
re: The State Of SMB Security: BYOD And Security Violations On The Rise
The problem with white papers in general is that they are written to sell product and are usually paid for by a vendor. -This one is no different.

No doubt, white papers are useful -- they do get information to decision makers -- by they almost always slant the information in the direction of a single product solution. -The conclusions of a white paper should always be taken with a large grain of salt.

Disclosure: -Yes, I have written a white paper.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
PUBLISHED: 2020-06-05
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
PUBLISHED: 2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
PUBLISHED: 2020-06-05
In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.