The unstoppable trend for BYOD is bringing new risks to smaller firms, with new research commissioned by Trend Micro pointing to annual endpoint malware infection rates of over 50%. Osterman Research looked into the current state of SMB security based on a survey of over 100 SMB IT Security Providers during June and July 2012, and its own independent analysis, and published the white paper, “The Cloud Advantage: Increased Security and Lower Costs for SMBs.”
BYOD use increasing
The white paper reports that the Bring Your Own Device (BYOD) trend of employees using personal mobile devices and laptops for work is increasing among SMBs. Android usage gained the largest increase in SMB, with the number of Google Android devices being used in SMBs increasing 7.1 percent from 2011. The number of Apple iPhone’s being used in SMBs increased 3.1 percent, and Apple iPad usage has increased 1.9 percent from 2011.
However, this trend appears to be exposing SMBs to greater risk of infection. During a typical month 4.3 percent of endpoints become infected, which translates to a rate of 52.1 percent annually. Osterman Research also found that it takes a mean elapsed time of 72 minutes to remediate a single endpoint, time wasted that could have been avoided with better security.
The typical SMB employee uses a number of endpoint devices – a desktop computer, a laptop, a smartphone, a tablet, and home computers with various applications on them, all vectors through which malware can enter their SMB organisation’s network. Cyber criminals employ multiple compromised endpoints and social networking to reach large numbers of targets, targeting the more popular mobile devices such as Android™ and iOS.
Osterman Research found that during the past several years a growing number of organisations reported security violations through their use of web and email. Between 2007 and 2012 there was a 35-percent growth in web violations and a 12-percent growth in email violations, suggesting that security violations – malware, phishing and related types of attacks – are growing steadily over time.
SMBs need to properly secure their growing number of endpoint devices to protect the company from malware, phishing and related attacks. Data breaches are becoming so costly that many organisations are at risk of being put out of business through direct financial losses or the high cost of direct or indirect data loss. Last year alone, more than a billion dollars was stolen from small and midsize bank accounts. Besides the consequences to SMBs of data loss, financial loss, or the potential interception of sensitive content, IT Security Providers must spend time and money cleaning customers’ endpoints.
To combat the problem of the “security time gap” between when malware is released and protection is deployed SMBs should update their pattern files/signatures more regularly, as close to real time as possible. Solutions that manage threat intelligence and pattern file/signature updates in the cloud save on endpoint computing resources and allow security solutions to detect and remediate newly discovered threats more quickly. This will result in lower costs and fewer infections, fewer IT resource requirements and less time spent on cleaning devices, and managing email and web security.