Small Business Is Big Business In Cybercrime A TrendLabs .

Small Business IsBig Business in CybercrimeA TrendLabs Primer

Small Business Is Big Business in CybercrimeThings Every Small BusinessShould Know About WebThreats and CybercrimeFor cybercriminals, no business is too small to exploit.Albeit being under a relatively smaller spotlight than typicalenterprises, small businesses can ill afford to take the threatcybercrimes pose for granted. Myths abound regarding smallbusinesses’ security but it’s time to face the facts.FACTAny organisation, regardless of size ortype, can fall victim to cybercrime.Most small businesses are not convinced that cybercriminalsare after them. In a Visa Inc. and National Cyber SecurityAlliance survey1 of 1,000 small business owners, 85 percentbelieved that enterprises are more targeted than theyare. Over half (54 percent) are confident that they aremore prepared than enterprises to protect company andcustomer data. Small businesses may think they are underthe radar because cybercriminals opt to target either verylarge enterprises or consumers instead. In reality, however,cybercriminals do not discriminate among the very largeenterprise, small business, and consumer sectors, as longas these prove profitable and lucrative to exploit. There areno priority targets. Any entity with a weak security system,small business or not, is cybercrime fair p?s 43&item 721

Small Business Is Big Business in CybercrimeFACTSmall businesses manage informationthat is of interest to cybercriminals.Small businesses do not face as many content securityrisks as larger enterprises do—or so they think. The fact is,7.4 percent of small business owners are victims of fraud,according to a May 2010 Council of Better Business Bureausstudy2.Small businesses hold employee and customer information,which makes them prime cybercrime targets in every way.The types of stolen data range from social security numbersto online banking credentials (refer to the figure belowfor the complete list and percentage distribution of stoleninformation).Business Breaches of Personal InformationPhysical address37%Social security number24%Checking account number23%Driver’s license number22%PIN on your credit card19%ATM PIN on your credit card18%E-banking user name and password10%Health insurance information7%A passport3%Medical records3%Military ID card1%0%10%20%30%40%Base all fraud respondents;n 393; year 2009Source: Javelin Strategy & Research2 ttp://www.bbb.org/us/Storage/113/Documents/Cox BBB Presentation%20 11hMay 10.pdf2

Small Business Is Big Business in CybercrimeFACTCybercriminals unleash 3.5 new threatstargeting small businesses every second.The number of online attacks specifically targeting smallbusinesses reportedly surged by almost 600 percent in early2010. Trend Micro experts cite at least two factors accountingfor this alarming increase. First, larger companies areinvesting more in Internet security, pushing cybercriminalsto look for smaller but just as abundant targets. Second,small businesses present a huge market for exploitation, asthey now number over 25 million in the United States alone.Adding to small businesses’ appeal to cybercriminals is theirlack of budget for an IT team, much less a department,devoted to maintaining security.There have been cases wherein small businesses losthundreds of thousands of dollars to cybercriminals whoseweapon of choice has become bots. Bots are malicioussoftware that stealthily infiltrate PCs, enabling cybercriminalsto remotely control and ultimately steal critical data withoutthe employees and customers’ knowledge. In January 2011,the Federal Bureau of Investigation (FBI)3 reported that acertain U.S. company lost US 150,000 via unauthorisedmoney transfers triggered by malware-laden email messages.The malware in question belonged to the ZeuS/ZBOT familyof Trojans, which is notorious for defrauding small businesses.TrendLabs experts have also seen phishing campaigns andvulnerability exploits specifically targeting small businesses.Fraud often comes in the form of tax-related messagesusing the names of legitimate government agencies, usuallyinvoking fear through customer complaints or threats oflegal action. Exploits, meanwhile, arrive via frequently usedlegitimate applications.Small businesses can be more vigilant against these attacksby ensuring that every employee—technical or not—staysabreast of the latest in cybercrime. They should be educatedabout the newest fraud schemes and urged to employ bestpractices such as not responding to or opening attachmentsand clicking suspicious links in unsolicited email messages.Small businesses are also advised to enforce their internalsecurity policies and to enhance their network security andtheir corporate banking protocols. Finally, they need to beconstantly on the lookout for suspicious online activitiesand to prepare a contingency plan for instances of actualcompromise.3 es-with-malware-attacks-250283

Small Business Is Big Business in CybercrimeFACTCompliance is costly, but noncomplianceis costlier and can serve as a window tocybercrime.Not all small businesses are aware of compliance issues.Some even believe that they are compliant and havesufficient security measures in place. However, nearly1 million U.S. small businesses have already fallen victim todata security fraud, revealed a January 2011 study4 on thedata security and fraud prevention strategies practiced bysmall and medium-sized businesses (SMBs).Noncompliance may eventually lead to productivity loss,business disruption, and high legal costs. The cost ofcompliance is placed at US 3.5 million5 for multinationalorganisations but that is a small price to pay compared withthe much higher cost of noncompliance. Small businesseswould be ill advised to think that they are exempted fromcomplying with data protection regulations. Like their largeenterprise counterparts, they also deal with processes,people, and technologies, all of which are under equal threatof aily/Pages/ND0113112.aspx /pressKit/True Cost ofCompliance Report.pdf4

Small Business Is Big Business in CybercrimeFACTSmall businesses are moving to thecloud and are embracing cloud securitybut cybercriminals are not far behind.Cloud computing has well crossed over from being acatchphrase to become a reality. Today’s overall SMB cloudmarket is valued at US 8.6 billion6 and is set to approachUS 100 billion7 by 2014. In addition, up to 74 percent ofSMBs plan to increase their spending on cloud-based softwarein 2011—a marked improvement from late 2010 when cloudcomputing adoption among SMBs stood at only 14 percent.SMB Cloud Computing AdoptionSmall businessesneed to keep thesefive facts in mindas they strengthenefforts to keeptheir own and theircustomers’ datasecure.07.201014%62%32%Currently usingthe cloudNot using cloud,and have no plansConcerned overunproven technology49%10%38%Using private orhybrid cloudPlanning on usingthe cloudof 1 - 19 SMBsusing the cloudSource: Spiceworks Inc.Despite these overall positive developments, small businessesare still not spending nearly enough on cloud security.A 2010 Forrester report8 says while 84 percent of SMBsconsidered data security a high priority, only about onethird (36 percent) of the respondents planned to increasetheir spending on network security and only by a factor of5 percent.Small businesses run the risk of losing data, productivity,sales, even their reputation—and most of all, dollars—in theface of the exponentially increasing number of threats thatcybercriminals unleash.678 owArticle.hjhtml?articleID 229219131 spending-to-approach100-billion-by-2014.htm?itc refresh 69/5

Small Business Is Big Business in CybercrimeWhat Trend Micro Can Do to Protect YouIn the current threat landscape, no organisation is safe. Every organisation is a primecybercrime target. This is why Trend Micro always strives to protect its product users fromany and every possible threat with the aid of the Trend Micro Smart Protection Network .Small businesses will do well to use the followingproducts to protect their own and their customers’data:In addition to providing industry-leadingsecurity solutions, we also provideinformation on the latest threats and threattrends to let users know what they can doto stay protected in today’s digital world. Formore information on the threats featured inthis primer, please refer to our materials inthe following portals: Trend Micro Worry-Free Business SecurityAdvanced protects Windows PCs, Macs, fileservers, and mail servers from viruses, threats,and dangerous websites. The latest edition keepsbusiness information private by locking downUSB drives and other storage devices as well asby preventing data loss through email. It alsoblocks spam both before it reaches and while onExchange Servers. Threat Encyclopedia: Our malware,spam, malicious URL, and Web attackentries like “Another LinkedIn SpamLeads to ZeuS-Related Site” providemore information on the vectorscybercriminals use to infect users’systems and corporate networks. Trend Micro Worry-Free Business SecurityStandard protects Windows PCs and servers fromviruses, threats, and dangerous websites. Itfeatures security scans that run quickly and quietlyin the background and keeps business informationprivate by locking down USB drives and otherstorage devices. TrendLabs Malware Blog: Our blogentries like “Malicious .RTF Files ExploitMicrosoft Office Vulnerability” providethreat news and information direct fromthe experts. Trend Micro Worry-Free Business SecurityServices is a cloud-based security solution thatprovides protection anytime and anywhere foryour business data. It secures PCs, servers, andother Windows-based devices such as point-of-sale(POS) machines and tablets.ABOUT TRENDLABSSMABOUT TREND MICRO TrendLabs is a multinational research, development,and support center with an extensive regional presencecommitted to 24 x 7 threat surveillance, attackprevention, and timely and seamless solutions delivery.With more than 1,000 threat experts and supportengineers deployed round-the-clock in labs locatedaround the globe, TrendLabs enables Trend Micro to:Trend Micro Incorporated is a pioneer in secure contentand threat management. Founded in 1988, Trend Microprovides individuals and organizations of all sizes withaward-winning security software, hardware and services.With headquarters in Tokyo and operations in more than30 countries, Trend Micro solutions are sold throughcorporate and value-added resellers and service providersworldwide. For additional information and evaluation copiesof Trend Micro products and services, visit our Web site atwww.trendmicro.com. Continuously monitor the threat landscape acrossthe globe Deliver real-time data to detect, preempt, andeliminate threats Research and analyze technologies to combat newthreats Respond in real time to targeted threats Help customers worldwide minimize damage,reduce costs, and ensure business continuityTrend Micro (UK) LimitedPacific HouseThird AvenueGlobe Business ParkMarlowBuckinghamshireSL7 1YLEnglandTel: 44 (0) 1628 400500Fax: 44 (0) 1628 400511www.trendmicro.com 2011 by Trend Micro, Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo aretrademarks or registered trademarks of Trend Micro, Incorporated. All other product or company namesmay be trademarks or registered trademarks of their owners.

ABOUT TREND MICRO Trend Micro Incorporated is a pioneer in secure content and threat management. Founded in 1988, Trend Micro provides individuals and organizations of all sizes with award-winning security software, hardware and services. With headquarters in Tokyo and operations in more than 30 countries, Trend Micro solutions are sold through