ABOUT TRENDLABS Research, Development . - Trend Micro (UK)

Small Business Is Big Business in CybercrimeABOUT TRENDLABSSMTrendLabs is Trend Micro’s global network ofresearch, development, and support centerscommitted to 24 x 7 threat surveillance,attack prevention, and timely and seamlesssolutions delivery.

Small Business Is Big Business in CybercrimeThings Every Small BusinessShould Know About WebThreats and CybercrimeFor cybercriminals, no business is too small to exploit. Albeit beingunder a relatively smaller spotlight than typical enterprises, smallbusinesses can ill afford to take the threat cybercrimes pose forgranted. Myths abound regarding small businesses’ security butit’s time to face the facts.Any organization, regardless of size or type,can fall victim to cybercrime.Most small businesses are not convinced that cybercriminalsare after them. In a Visa Inc. and National Cyber SecurityAlliance survey1 of 1,000 small business owners, 85 percentbelieved that enterprises are more targeted than they are. Overhalf (54 percent) are confident that they are more preparedthan enterprises to protect company and customer data.Small businesses may think they are under the radar becausecybercriminals opt to target either very large enterprises orconsumers instead. In reality, however, cybercriminals do notdiscriminate among the very large enterprise, small business,and consumer sectors, as long as these prove profitable andlucrative to exploit. There are no priority targets. Any entity witha weak security system, small business or not, is cybercrimefair p?s 43&item 721

Small Business Is Big Business in CybercrimeSmall businesses manage information thatis of interest to cybercriminals.Small businesses do not face as many content security risks aslarger enterprises do—or so they think. The fact is, 7.4 percentof small business owners are victims of fraud, according to aMay 2010 Council of Better Business Bureaus study2.Small businesses hold employee and customer information,which makes them prime cybercrime targets in every way.The types of stolen data range from social security numbersto online banking credentials (refer to the figure below for thecomplete list and percentage distribution of stolen uments/Cox BBB Presentation%20 11May 10.pdf22

Small Business Is Big Business in CybercrimeCybercriminals unleash 3.5 new threatstargeting small businesses every second.The number of online attacks specifically targeting smallbusinesses reportedly surged by almost 600 percent in early2010. Trend Micro experts cite at least two factors accountingfor this alarming increase. First, larger companies are investingmore in Internet security, pushing cybercriminals to look forsmaller but just as abundant targets. Second, small businessespresent a huge market for exploitation, as they now numberover 25 million in the United States alone. Adding to smallbusinesses’ appeal to cybercriminals is their lack of budgetfor an IT team, much less a department, devoted tomaintaining security.There have been cases wherein small businesses lost hundredsof thousands of dollars to cybercriminals whose weapon ofchoice has become bots. Bots are malicious software thatstealthily infiltrate PCs, enabling cybercriminals to remotelycontrol and ultimately steal critical data without the employeesand customers’ knowledge. In January 2011, the Federal Bureauof Investigation (FBI)3 reported that a certain U.S. companylost US 150,000 via unauthorized money transfers triggeredby malware-laden email messages. The malware in questionbelonged to the ZeuS/ZBOT family of Trojans, which is notoriousfor defrauding small businesses.TrendLabs experts have also seen phishing campaigns andvulnerability exploits specifically targeting small businesses.Fraud often comes in the form of tax-related messages using thenames of legitimate government agencies, usually invoking fearthrough customer complaints or threats of legal action. Exploits,meanwhile, arrive via frequently used legitimate applications.Small businesses can be more vigilant against these attacks byensuring that every employee—technical or not—stays abreastof the latest in cybercrime. They should be educated aboutthe newest fraud schemes and urged to employ best practicessuch as not responding to or opening attachments and clickingsuspicious links in unsolicited email messages. Small businessesare also advised to enforce their internal security policies andto enhance their network security and their corporate bankingprotocols. Finally, they need to be constantly on the lookout forsuspicious online activities and to prepare a contingency plan forinstances of actual ll-businesses-with-malware-attacks-2502833

Small Business Is Big Business in CybercrimeCompliance is costly, but noncomplianceis costlier and can serve as a windowto cybercrime.Not all small businesses are aware of compliance issues.Some even believe that they are compliant and have sufficientsecurity measures in place. However, nearly 1 million U.S. smallbusinesses have already fallen victim to data security fraud,revealed a January 2011 study4 on the data security and fraudprevention strategies practiced by small and medium-sizedbusinesses (SMBs).Noncompliance may eventually lead to productivity loss,business disruption, and high legal costs. The cost of complianceis placed at US 3.5 million5 for multinational organizations butthat is a small price to pay compared with the much higher costof noncompliance. Small businesses would be ill advised to thinkthat they are exempted from complying with data protectionregulations. Like their large enterprise counterparts, they alsodeal with processes, people, and technologies, all of which areunder equal threat of emon-cost-of-compliance/pressKit/True Cost ofCompliance Report.pdf454

Small Business Is Big Business in CybercrimeSmall businesses are moving to thecloud and are embracing cloud security butcybercriminals are not far behind.Cloud computing has well crossed over from being a catchphraseto become a reality. Today’s overall SMB cloud market is valuedat US 8.6 billion6 and is set to approach US 100 billion7 by2014. In addition, up to 74 percent of SMBs plan to increasetheir spending on cloud-based software in 2011—a markedimprovement from late 2010 when cloud computing adoptionamong SMBs stood at only 14 percent.Small businesses needto keep these fivefacts in mind as theystrengthen efforts tokeep their own andtheir customers’data secure.Despite these overall positive developments, small businessesare still not spending nearly enough on cloud security. A 2010Forrester report8 says while 84 percent of SMBs considered datasecurity a high priority, only about one-third (36 percent) ofthe respondents planned to increase their spending on networksecurity and only by a factor of 5 percent.Small businesses run the risk of losing data, productivity,sales, even their reputation—and most of all, dollars—in theface of the exponentially increasing number of threats thatcybercriminals rvices/showArticle.jhtml?articleID htm?itc MBs-532369/65

Small Business Is Big Business in CybercrimeWhat Trend Micro Can Do to Protect YouIn the current threat landscape, no organization is safe. Every organization is a prime cybercrimetarget. This is why Trend Micro always strives to protect its product users from any and every possiblethreat with the aid of the Trend Micro Smart Protection Network .Small businesses will do well to use the followingproducts to protect their own and theircustomers’ data: Trend Micro Worry-Free Business SecurityAdvanced protects Windows PCs, Macs, fileservers, and mail servers from viruses, threats,and dangerous websites. The latest edition keepsbusiness information private by locking downUSB drives and other storage devices as well asby preventing data loss through email. It alsoblocks spam both before it reaches and while onExchange Servers.In addition to providing industry-leading securitysolutions, we also provide information on the latestthreats and threat trends to let users know whatthey can do to stay protected in today’s digitalworld. For more information on the threats featuredin this primer, please refer to our materials in thefollowing portals: Trend Micro Worry-Free Business SecurityStandard protects Windows PCs and servers fromviruses, threats, and dangerous websites. Itfeatures security scans that run quickly and quietlyin the background and keeps business informationprivate by locking down USB drives and otherstorage devices. Trend Micro Worry-Free Business SecurityServices is a cloud-based security solution thatprovides protection anytime and anywhere foryour business data. It secures PCs, servers, andother Windows-based devices such as point-of-sale(POS) machines and tablets. Threat Encyclopedia: Our malware, spam,malicious URL, and Web attack entries like“Another LinkedIn Spam Leads to ZeuS-RelatedSite” provide more information on the vectorscybercriminals use to infect users’ systems andcorporate networks. TrendLabs Malware Blog: Our blog entrieslike “Malicious .RTF Files Exploit MicrosoftOffice Vulnerability” provide threat news andinformation direct from the experts.ABOUT TRENDLABSSMABOUT TREND MICRO TrendLabs is a multinational research, development,and support center with an extensive regional presencecommitted to 24 x 7 threat surveillance, attackprevention, and timely and seamless solutions delivery.With more than 1,000 threat experts and supportengineers deployed round-the-clock in labs locatedaround the globe, TrendLabs enables Trend Micro to:Trend Micro Incorporated is a pioneer in secure contentand threat management. Founded in 1988, Trend Microprovides individuals and organizations of all sizes withaward-winning security software, hardware and services.With headquarters in Tokyo and operations in more than30 countries, Trend Micro solutions are sold throughcorporate and value-added resellers and service providersworldwide. For additional information and evaluationcopies of Trend Micro products and services, visit ourWeb site at www.trendmicro.com. Continuously monitor the threat landscape acrossthe globe Deliver real-time data to detect, preempt, andeliminate threats Research and analyze technologies to combat newthreats Respond in real time to targeted threats Help customers worldwide minimize damage, reducecosts, and ensure business continuityTREND MICRO INC.10101 N. De Anza Blvd.Cupertino, CA 95014US toll free: 1 800.228.5651Phone: 1 408.257.1500Fax: 1 408.257.2003www.trendmicro.com 2011 by Trend Micro, Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo aretrademarks or registered trademarks of Trend Micro, Incorporated. All other product or company namesmay be trademarks or registered trademarks of their owners.

ABOUT TREND MICRO Trend Micro Incorporated is a pioneer in secure content and threat management. Founded in 1988, Trend Micro provides individuals and organizations of all sizes with award-winning security software, hardware and services. With headquarters in Tokyo and operations in more than 30 countries, Trend Micro solutions are sold through