Small Businesses and the Changing Threat Landscape

Anthony Freed
By | January 21, 2013

Posted in: Network Security Trends

There has been a great deal of discussion regarding how enterprise security will be impacted by increasingly popular mobility solutions, Bring Your Own Device (BYOD) options, and migrating business processes to the cloud. While large corporations typically have the resources available to address the increased risks, most small to medium sized businesses (SMB) find themselves struggling to get a clear picture of the changing threat landscape. Cloud security provider Trend Micro has released a brief report which is intended to give SMBs a guide to the top issues they need to get a handle on as they too seek to adopt these innovative technologies.

The report, titled 5 Predictions for 2013 and Beyond: What Should SMBs Look Out For?, examines trends in consumerization of IT and how they will affect small companies, most of whom do not have the luxury of a chief security officer or the wherewithal to develop effective policies and procedures to govern mobility options, leaving employees responsible for implementing security on their own.

"The expansion of operating systems (OSs), platforms, services, and devices also means that employees are going to have a harder time managing security in the workplace," the report stated.

The first issue addressed is the increasing range of devices that employees may be conducting work related activities with on a daily basis. With around  60% of businesses now allowing employees to use their personally supplied smartphones and 47% allowing the same for tablets and laptops, small businesses need to be proactive in developing effective policies to govern security on the array of devices being utilized.

"Using multiple devices for work requires additional security measures. Each platform requires different steps to secure it. Businesses that allow BYOD may find it challenging to create a comprehensive set of security guidelines, especially if employees have free reign over selecting their devices," the report warned. It also noted that the myriad of applications available each have their own security issues to address, and that mobile malware which exploits weaknesses in theses applications is on the rise.

Data loss prevention is the next issue identified as an area of concern for SMBs, especially as cloud-based solutions become more widely utilized. Key to establishing adequate security controls for sensitive data in the cloud is due diligence in the development of service level agreements with vendors.

"Data security is major concern for SMBs. But as they move their sensitive data to the cloud, an on-premise security solution might be ineffective in a cloud-based environment... IT administrators and business owners have to ensure that their cloud security solutions are adequate to this task," the report states.

The cloud also presents optimization options for cyber criminals, and many SMBs might have a difficult time protecting themselves from malicious activity that employs legitimate cloud service providers. But the biggest concern is related to maintaining access to the data that is migrated to the cloud. "Similar to what happened with Megaupload, cloud services may be involved in legalities that result in SMBs losing access to their data," the report said.

Cybercriminals will also be refining their attack strategies, and small businesses are increasingly being targeted because of their generally higher risk profile. "SMBs may be hit hard by these refined malware threats and attacks as they are viewed as 'easier targets' compared to larger organizations. This perception is partly because SMBs often lack the budget for an IT team or department dedicated to maintaining security," the report concluded.

You May Also Be Interested In: