BYOD Brings New Risks To SMBs

The unstoppable trend for BYOD is bringing new risks to smaller firms, with new research commissioned by Trend Micro pointing to annual endpoint malware infection rates of over 50%. Osterman Research looked into the current state of SMB security based on a survey of over 100 SMB IT Security Providers during June and July 2012, and its own independent analysis, and published the white paper, “The Cloud Advantage: Increased Security and Lower Costs for SMBs.”

BYOD use increasing

The white paper reports that the Bring Your Own Device (BYOD) trend of employees using personal mobile devices and laptops for work is increasing among SMBs. Android usage gained the largest increase in SMB, with the number of Google Android devices being used in SMBs increasing 7.1 percent from 2011. The number of Apple iPhone’s being used in SMBs increased 3.1 percent, and Apple iPad usage has increased 1.9 percent from 2011.

However, this trend appears to be exposing SMBs to greater risk of infection. During a typical month 4.3 percent of endpoints become infected, which translates to a rate of 52.1 percent annually. Osterman Research also found that it takes a mean elapsed time of 72 minutes to remediate a single endpoint, time wasted that could have been avoided with better security.

The typical SMB employee uses a number of endpoint devices – a desktop computer, a laptop, a smartphone, a tablet, and home computers with various applications on them, all vectors through which malware can enter their SMB organisation’s network. Cyber criminals employ multiple compromised endpoints and social networking to reach large numbers of targets, targeting the more popular mobile devices such as Android™ and iOS.

Security violations

Osterman Research found that during the past several years a growing number of organisations reported security violations through their use of web and email. Between 2007 and 2012 there was a 35-percent growth in web violations and a 12-percent growth in email violations, suggesting that security violations – malware, phishing and related types of attacks – are growing steadily over time.

SMBs need to properly secure their growing number of endpoint devices to protect the company from malware, phishing and related attacks. Data breaches are becoming so costly that many organisations are at risk of being put out of business through direct financial losses or the high cost of direct or indirect data loss. Last year alone, more than a billion dollars was stolen from small and midsize bank accounts. Besides the consequences to SMBs of data loss, financial loss, or the potential interception of sensitive content, IT Security Providers must spend time and money cleaning customers’ endpoints.

To combat the problem of the “security time gap” between when malware is released and protection is deployed SMBs should update their pattern files/signatures more regularly, as close to real time as possible. Solutions that manage threat intelligence and pattern file/signature updates in the cloud save on endpoint computing resources and allow security solutions to detect and remediate newly discovered threats more quickly. This will result in lower costs and fewer infections, fewer IT resource requirements and less time spent on cleaning devices, and managing email and web security.

Kevin Tea is a journalist and marketing communications professional who has worked for some of the leading blue chip companies in the UK and Europe. In the 1990s he became interested in how emerging Internet-based technologies could change the way that people worked and became an administrator on the Telework Europa Forum on CompuServe. With other colleagues he took part in a four year European Commission sponsored project to look at the way that the Internet could benefit remote communities. His blog is a resource for SMEs who want to use cloud computing and Web 2.0 technologies.