Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

9/14/2012
11:29 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

The State Of SMB Security: BYOD And Security Violations On The Rise

White paper reports that the Bring Your Own Device (BYOD) trend of employees using personal mobile devices and laptops for work is increasing among SMBs

CUPERTINO, Calif., Sept. 13, 2012 /PRNewswire/ -- As resellers look to improve their SMB customers' security posture while reducing their security management costs, they can rely on the cloud-client architecture of the Trend Micro(TM) Smart Protection Network(TM) to enable faster access to threat intelligence and protection.

Based on a survey of over 100 SMB IT Security Providers during June and July 2012, and its own independent analysis, Osterman Research looked into the current state of SMB security and the benefits of faster protection and published the white paper, "The Cloud Advantage: Increased Security and Lower Costs for SMBs."

The white paper reports that the Bring Your Own Device (BYOD) trend of employees using personal mobile devices and laptops for work is increasing among SMBs. The typical SMB employee uses a number of endpoint devices - a desktop computer, a laptop, a smartphone, a tablet, and home computers with various applications on them, all vectors through which malware can enter their SMB organization's network. Cyber criminals employ multiple compromised endpoints and social networking to reach large numbers of targets, targeting the more popular mobile devices such as Android(TM) and iOS.

The Osterman Research survey also found:

-- Android usage gained the largest increase in SMB, with the number of

Google Androids being used in SMBs increasing 7.1 percent from 2011. The

number of Apple iPhones being used in SMBs increased 3.1 percent, and

Apple iPad usage has increased 1.9 percent from 2011.

-- During a typical month 4.3 percent of endpoints become infected, which

translates to an infection rate of 52.1 percent annually.

-- During the past several years a growing number of organizations reported

security violations through their use of web and email. Between 2007 and

2012 there was a 35-percent growth in web violations and a 12-percent

growth in email violations, suggesting that security violations -

malware, phishing and related types of attacks - are growing steadily

over time.

The various endpoint devices proliferating in SMBs need to be properly secured to protect the company from malware, phishing and related attacks. Data breaches are becoming so costly that many organizations are at risk of being put out of business through direct financial losses or the high cost of direct or indirect data loss. Last year alone, more than a billion dollars was stolen from small and midsize bank accounts. Besides the consequences to SMBs of data loss, financial loss, or the potential interception of sensitive content, IT Security Providers must spend time and money cleaning customers' endpoints. Osterman Research found that it takes a mean elapsed time of 72 minutes to remediate a single endpoint, time wasted that could have been avoided with better security.

Additional Findings:

-- IT labor costs are high. The survey found that each IT staff member

supports only 33 endpoints, resulting in a total IT labor cost of $2,400

per endpoint or $79,200 per year.

-- 5.2 percent of IT staff time during a typical week is spent on email

security management.

There is a greater likelihood of malware-related infections for the many SMBs who update their pattern files/signatures only a few times per day. There is a greater chance of infection during the security time gap between when malware is released and when the protection is deployed across the various endpoints. To combat this problem SMBs should update more regularly, as close to real time as possible. Solutions that manage threat intelligence and pattern file/signature updates in the cloud save on endpoint computing resources and allow security solutions to detect and remediate newly discovered threats more quickly. This will result in lower costs and fewer infections, coupled with fewer IT resource requirements and less time spent on cleaning devices, as well as less time spent managing email and web security.

"Trend Micro is one of the leading security vendors that manages threat intelligence in the cloud. The cloud-client architecture in the Trend Micro Smart Protection Network provides faster protection than conventional approaches that rely solely on pattern file updates," concluded Michael Osterman, founder of Osterman Research.

"Trend Micro is committed to enabling our SMB Partners to deliver real time cloud-based security to their customers," said Amy Luby, global SMB solution marketing manager at Trend Micro. "We are dedicated to helping partners grow their business by providing the best security and customer satisfaction while reducing their overhead costs."

Trend Micro offers content security that provides immediate protection in a tightly integrated offering of solutions. At the core of these products is the Trend Micro Smart Protection Network. The Smart Protection Network cloud security infrastructure rapidly and accurately identifies new threats, delivering global threat intelligence to secure data wherever it resides. The Smart Protection Network powers the cloud security solutions, which protect the SMB, including hosted endpoint security, hosted email security, and hosted mobile device management. IT service providers can manage the entire cloud security portfolio from a cloud-based central management console, with visibility into multiple customers' deployments from one central command post.

Trend Micro protected small and medium-sized businesses (SMBs) against more than

142 million threats in the first half of 2012 alone.

For the full Osterman Research report, please visit:

http://newsroom.trendmicro.com/index.php?s=65

About Trend Micro

Trend Micro Incorporated (TYO: 4704;TSE: 4704), the global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years' experience, we deliver top-ranked client, server and cloud-based security that fits our customers' and partners' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro Smart Protection Network cloud computing security infrastructure, our products and services stop threats where they emerge - from the Internet.

They are supported by 1,000+ threat intelligence experts around the globe.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
walshjp17
50%
50%
walshjp17,
User Rank: Apprentice
9/18/2012 | 1:51:28 PM
re: The State Of SMB Security: BYOD And Security Violations On The Rise
The problem with white papers in general is that they are written to sell product and are usually paid for by a vendor. -This one is no different.

No doubt, white papers are useful -- they do get information to decision makers -- by they almost always slant the information in the direction of a single product solution. -The conclusions of a white paper should always be taken with a large grain of salt.

Disclosure: -Yes, I have written a white paper.
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19010
PUBLISHED: 2019-11-16
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
CVE-2019-16761
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0...
CVE-2019-16762
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any...
CVE-2019-13581
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
CVE-2019-13582
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.