SMB Primer: 5 Reasons Why Your Antivirus . - Trend Micro

APrimer5 REASONS WHY YOURANTIVIRUS SOFTWAREIS NOT ENOUGH

LEGAL DISCLAIMERThe information provided herein is for general information and educationalpurposes only. It is not intended and should not be construed to constitutelegal advice. The information contained herein may not be applicableto all situations and may not reflect the most current situation. Nothingcontained herein should be relied on or acted upon without the benefit oflegal advice based on the particular facts and circumstances presentedand nothing herein should be construed otherwise. Trend Micro reservesthe right to modify the contents of this document at any time without priornotice.Translations of any material into other languages are intended solely asa convenience. Translation accuracy is not guaranteed nor implied. If anyquestions arise related to the accuracy of a translation, please refer to theoriginal language official version of the document. Any discrepancies ordifferences created in the translation are not binding and have no legaleffect for compliance or enforcement purposes.Although Trend Micro uses reasonable efforts to include accurate andup-to-date information herein, Trend Micro makes no warranties orrepresentations of any kind as to its accuracy, currency, or completeness.You agree that access to and use of and reliance on this document andthe content thereof is at your own risk. Trend Micro disclaims all warrantiesof any kind, express or implied. Neither Trend Micro nor any party involvedin creating, producing, or delivering this document shall be liable forany consequence, loss, or damage, including direct, indirect, special,consequential, loss of business profits, or special damages, whatsoeverarising out of access to, use of, or inability to use, or in connection withthe use of this document, or any errors or omissions in the contentthereof. Use of this information constitutes acceptance for use in an “as is”condition.

The vast amount of data small and medium-sizedbusinesses (SMBs) hold, as well as their lack ofsufficient security practices, makes them primetargets for attackers.1 As a result, SMBs believe itis necessary to invest in storage security for theircritical data, such as email messages, financialdocuments, and project files.A study reveals that SMB spending on securitytechnology will grow at a rate of 10-12% per yearand will exceed 5.6 billion in 2015.2 However,security for most SMBs simply means usingtraditional antivirus technology that typicallyconsists of a firewall, file scanner, and removaltools. This creates a risk for most SMBs sincemany new threats in the wild still manage toevade antivirus products.3What makes traditional antivirus softwareinadequate to protect SMBs?1 -your-business-at-risk-of-losing-data/2 http://www.idc.com/getdoc.jsp?containerId prUS235079123 tcomings-mean-for-smb/240146877

Targeted attacks can bypass blacklisting.The basis of traditional antivirus security is blacklisting, or the technology usedin identifying bad files and known malware and then stopping them.In an ISACA and Trend Micro sponsored survey, a high percentage ofenterprises claimed they use traditional network perimeter technologies to battleadvanced persistent threats (APTs).4 APTs manage to stay undetected in anetwork or system for a long period while progressing toward their goal—usuallyto steal data.Since attackers now consider SMBs prime targets, SMBs relying on the samesecurity technologies are also at risk. An APT’s ability to bypass blacklistingallows them to move within the network without detection and steal corporatepasswords in order to gain access to other systems.Recent incidents indicate how attackers sidestep traditional antivirustechnologies to carry out phishing attacks, breach security, and steal data. Theattack on the New York Times, for example, is an example of how threats canavoid security system detection.54 siness/datasheets/wp apt-survey-report.pdf5 /

Customized malware attacks account formost data breaches.A Verizon report still ranks malware as among the top methods used in databreaches. The report recorded 621 confirmed data breach incidents in 2012,40% of which were caused by malware. Almost half of the total incidentsoccurred within companies with less than 1,000 employees. This includes 193incidents in companies with fewer than 100 workers.6The chances of data breach are higher when SMBs believe that their traditionalantivirus is enough to protect their assets, particularly against customizedattacks. Developments in the cybercriminal underground allow attackersto streamline their attacks to suit their targets’ specific circumstances. Forexample, attackers can use polymorphic malware7, target outdated software,and then perform social engineering. These added complexities give them theability to bypass basic antivirus software detection.6 http://www.verizonenterprise.com/DBIR/2013/7 7/WORMVOBFUS%2BA%20Polymorphic%20Downloader

Cybercrime is expanding.Along with the increased incidences of sophisticated attacks and customizedmalware, the cybercrime underground economy, too, has expanded rapidly overthe past years. This spells trouble for IT administrators because these attackersmay focus on collecting classified data from their systems.Fraudsters who thrive in the cybercriminal underground have managed to makethe Internet their playing field. According to a Trend Micro research paper, theRussian cybercriminal underground continuously improves technologies andmodifies its targets to enhance their seemingly lucrative businesses.Cybercrime enhancements put SMBs at risk. Improved ransomware, forexample, prevents its victims from accessing their systems while holding theirdata hostage.8 Tools have also been crafted to serve mobile threats.9Another research suggests that underground markets are primarily designed forillicit activities which may often involve selling business intelligence and tradinginformation about software flaws.108 ture/9 ound-101.pdf10 /news 20120731.htm

Traditional antivirus software isn’t acure-all.Antivirus software will always be an important element in keeping computerssecure against malware. Good antivirus software can analyze complex filebehavior and block threats accordingly. However, it may not be able to protectagainst more sophisticated threats such as the ZACCESS malware, in whichattackers keep its malware routines out of plain sight.1111 38/Revealing the Hidden Routines of ZACCESS

Social engineering doesn’t go out of style.Even with a reliable antivirus solution in place, SMBs may find it a challenge tostay protected against social engineering attacks in the form of phishing scamsand malicious URLs.12 Social engineering is a tactic that relies heavily on humaninteraction in order to manipulate people into revealing sensitive information orto click certain links. Threats can be disguised as official emails from sites usersare familiar with, like Facebook.Since social engineering does not require a high level of technical expertise.Attackers have long used this technique as a method to gather informationabout a company. Establishing employee trust and psychological manipulationare important components in a successful social engineering attack. Thesecomponents are the reason why having antivirus software is not enough—onceattackers take advantage of an employee’s trust, they can already gain accessto confidential data.12 eering/index.html

What Should SMBs Do?In the current threat landscape, no organization is safe. Even SMBs with inplace antivirus solutions are prime cybercrime targets. The best you can do toprotect your business is to: Empower your employees with best practices and guidelines to minimizethe risk of falling prey to the various aspects of cybercrime. Employ a smarter, more comprehensive all-in-one security solution toprotect your online experience—whatever you’re doing and whatever deviceyou’re doing it on. Set rules for employees using their own mobile devices at work.Antivirus solutions are not able to detect malicious mobile apps or providemobile Web reputation. Use a reputation-based solution as a countermeasure for non-traditionalthreats. Trend Micro solutions are powered by the Trend Micro SmartProtection Network , a global cloud-based threat intelligence network thatuses reputation-based services and finely tuned custom data mining toolsto identify new threats.

Trend Micro IncorporatedTRENDLABSSMTrend Micro Incorporated (TYO: 4704; TSE: 4704), a global cloud securityleader, creates a world safe for exchanging digital information with itsInternet content security and threat management solutions for businessesand consumers. A pioneer in server security with over 20 years’experience, we deliver top-ranked client, server and cloud-based securitythat fits our customers’ and partners’ needs, stops new threats faster, andprotects data in physical, virtualized and cloud environments. Poweredby the industry-leading Trend Micro Smart Protection Network cloudcomputing security infrastructure, our products and services stop threatswhere they emerge—from the Internet. They are supported by 1,000 threat intelligence experts around the globe.TrendLabs is a multinational research, development, and support centerwith an extensive regional presence committed to 24x7 threat surveillance,attack prevention, and timely and seamless solutions delivery. With morethan 1,000 threat experts and support engineers deployed round-theclock in labs located around the globe, TrendLabs enables Trend Microto continuously monitor the threat landscape across the globe; deliverreal-time data to detect, to preempt, and to eliminate threats; research onand analyze technologies to combat new threats; respond in real time totargeted threats; and help customers worldwide minimize damage, reducecosts, and ensure business continuity. 2013 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or companynames may be trademarks or registered trademarks of their owners.

Trend Micro Incorporated. Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years