The State of SMB Security: BYOD and Security Violations on the Rise

Based on a survey conducted by Osterman Research and commissioned by Trend Micro, Osterman published the white paper "The Cloud Advantage: Increased Security and Lower Costs for SMBs."

Sep 13, 2012, 14:30 ET from Trend Micro Incorporated

CUPERTINO, Calif., Sept. 13, 2012  /PRNewswire/ -- As resellers look to improve their SMB customers' security posture while reducing their security management costs, they can rely on the cloud-client architecture of the Trend Micro™ Smart Protection Network™ to enable faster access to threat intelligence and protection. 

Based on a survey of over 100 SMB IT Security Providers during June and July 2012, and its own independent analysis, Osterman Research looked into the current state of SMB security and the benefits of faster protection and published the white paper, "The Cloud Advantage: Increased Security and Lower Costs for SMBs."

The white paper reports that the Bring Your Own Device (BYOD) trend of employees using personal mobile devices and laptops for work is increasing among SMBs.  The typical SMB employee uses a number of endpoint devices – a desktop computer, a laptop, a smartphone, a tablet, and home computers with various applications on them, all vectors through which malware can enter their SMB organization's network. Cyber criminals employ multiple compromised endpoints and social networking to reach large numbers of targets, targeting the more popular mobile devices such as Android™ and iOS. 

The Osterman Research survey also found:

  • Android usage gained the largest increase in SMB, with the number of Google Androids being used in SMBs increasing 7.1 percent from 2011. The number of Apple iPhones being used in SMBs increased 3.1 percent, and Apple iPad usage has increased 1.9 percent from 2011. 
  • During a typical month 4.3 percent of endpoints become infected, which translates to an infection rate of 52.1 percent annually.
  • During the past several years a growing number of organizations reported security violations through their use of web and email.  Between 2007 and 2012 there was a 35-percent growth in web violations and a 12-percent growth in email violations, suggesting that security violations – malware, phishing and related types of attacks – are growing steadily over time.

The various endpoint devices proliferating in SMBs need to be properly secured to protect the company from malware, phishing and related attacks.  Data breaches are becoming so costly that many organizations are at risk of being put out of business through direct financial losses or the high cost of direct or indirect data loss. Last year alone, more than a billion dollars was stolen from small and midsize bank accounts. Besides the consequences to SMBs of data loss, financial loss, or the potential interception of sensitive content, IT Security Providers must spend time and money cleaning customers' endpoints.  Osterman Research found that it takes a mean elapsed time of 72 minutes to remediate a single endpoint, time wasted that could have been avoided with better security. 

Additional Findings:

  • IT labor costs are high.  The survey found that each IT staff member supports only 33 endpoints, resulting in a total IT labor cost of $2,400 per endpoint or $79,200 per year.
  • 5.2 percent of IT staff time during a typical week is spent on email security management. 

There is a greater likelihood of malware-related infections for the many SMBs who update their pattern files/signatures only a few times per day. There is a greater chance of infection during the security time gap between when malware is released and when the protection is deployed across the various endpoints.  To combat this problem SMBs should update more regularly, as close to real time as possible.  Solutions that manage threat intelligence and pattern file/signature updates in the cloud save on endpoint computing resources and allow security solutions to detect and remediate newly discovered threats more quickly. This will result in lower costs and fewer infections, coupled with fewer IT resource requirements and less time spent on cleaning devices, as well as less time spent managing email and web security.

"Trend Micro is one of the leading security vendors that manages threat intelligence in the cloud.   The cloud-client architecture in the Trend Micro Smart Protection Network provides faster protection than conventional approaches that rely solely on pattern file updates," concluded Michael Osterman, founder of Osterman Research.

"Trend Micro is committed to enabling our SMB Partners to deliver real time cloud-based security to their customers," said Amy Luby, global SMB solution marketing manager at Trend Micro. "We are dedicated to helping partners grow their business by providing the best security and customer satisfaction while reducing their overhead costs."

Trend Micro offers content security that provides immediate protection in a tightly integrated offering of solutions. At the core of these products is the Trend Micro Smart Protection Network. The Smart Protection Network cloud security infrastructure rapidly and accurately identifies new threats, delivering global threat intelligence to secure data wherever it resides. The Smart Protection Network powers the cloud security solutions, which protect the SMB, including hosted endpoint security, hosted email security, and hosted mobile device management. IT service providers can manage the entire cloud security portfolio from a cloud-based central management console, with visibility into multiple customers' deployments from one central command post.

Trend Micro protected small and medium-sized businesses (SMBs) against more than 142 million threats in the first half of 2012 alone.

For the full Osterman Research report, please visit:

About Trend Micro
Trend Micro Incorporated (TYO: 4704;TSE: 4704), the global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers.  A pioneer in server security with over 20 years' experience, we deliver top-ranked client, server and cloud-based security that fits our customers' and partners' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro Smart Protection Network cloud computing security infrastructure, our products and services stop threats where they emerge – from the Internet. They are supported by 1,000+ threat intelligence experts around the globe. 

Additional information about Trend Micro Incorporated and the products and services are available at Trend This Trend Micro news release and other announcements are available at  and as part of an RSS feed at Or follow our news on Twitter at @TrendMicro.

SOURCE Trend Micro Incorporated