SlideShare a Scribd company logo

SMBs Face Growing Cyber Threats

M
martin_lee1969

"SMBs: The Threat Ahead" give at Infosec Europe, April 2012.

1 of 22
SMBs: The Threat Ahead Martin Lee CISSP CEng Senior Analyst Infosec 2012 – SMBs: The Threat Ahead. 1
Why SMBs? Infosec 2012 – SMBs: The Threat Ahead. 2
Why SMBs? 99.8% of all EU enterprises are SMEs 85% of net new jobs in the EU between 2002 and 2010 were created by SMEs 67% of all EU employees work in a SMEs Source: Annual Report on EU Small and Medium sized Enterprises 2010/2011. DG Enterprise. Do SMEs Create More and Better Jobs? EIM Business & Policy Research Infosec 2012 – SMBs: The Threat Ahead. 3
Predicted Data Growth. Year. Source: 2011 IDC Digital Universe Study. Infosec 2012 – SMBs: The Threat Ahead. 4
Predicted Growth in Number of Info. Sec. Staff. Year. Source: The 2011 (ISC)2 Global Information Security Workforce Study. Infosec 2012 – SMBs: The Threat Ahead. 5
Shortage of Specialist Staff. ~ 750 000 info sec staff in EMEA. ~ 20.8 million companies in EU. 1 info sec professional for every 28 companies! Source: Annual Report on EU Small and Medium sized Enterprises 2010/2011. DG Enterprise. Infosec 2012 – SMBs: The Threat Ahead. 6
Data Breach Cost Per Record. Year. Year. Source: Cost of a Data Breach, Ponemon Institute. Infosec 2012 – SMBs: The Threat Ahead. 7
CISO Benefits. Having a CISO reduces breach costs. £ -18 per breached record! Average EU SME size: 4.2 employees. Will this include a CISO? Source: Annual Report on EU Small and Medium sized Enterprises 2010/2011. DG Enterprise. Cost of a Data Breach, Ponemon Institute. Infosec 2012 – SMBs: The Threat Ahead. 8
SMBs: Malware Infections Impact the Business Concerns of SMBs 54% 46% Targeted 36% 20% Targeted attack would attack would Hackers cause drive away Productivity could access would drop proprietary information revenue loss customers Source: SMB Threat Awareness Poll. Symantec. Infosec 2012 – SMBs: The Threat Ahead. 9
SMBs: Understanding of Threats Are Malware / DDOS a Threat to Your Company? 50% 43% 6% 1% As a SME, We’re we’re not I’m in denial Other. protected. targets. Source: SMB Threat Awareness Poll. Symantec. Infosec 2012 – SMBs: The Threat Ahead. 10
SMB Relative Threat Rates. Global Threat Rates. SMB Threat Rates. 68.3% 1 in 265.7 1 in 262.5 Source: Symantec Intelligence Report, February 2012. Infosec 2012 – SMBs: The Threat Ahead. 11
SMEs Use Email More. 4.4x more emails. Legitimate emails per month per employee for clients <250 users & clients > 1000 users. March 2011 – Feb 2012 Infosec 2012 – SMBs: The Threat Ahead. 12
SMEs Get Sent More Email Malware. 3.1x more email malware Malware emails per month per employee for clients <250 users & clients > 1000 users. March 2011 – Feb 2012 Infosec 2012 – SMBs: The Threat Ahead. 13
SMEs Get Sent More Phish. 3.1x more phish attacks Phish emails per month per employee for clients <250 users & clients > 1000 users. March 2011 – Feb 2012 Infosec 2012 – SMBs: The Threat Ahead. 14
Web Malware. Up to 9000 new malware hosting websites per day! Infosec 2012 – SMBs: The Threat Ahead. 15
Not Forgetting the Malicious Insider. Male technical employee, 37 years old. 86% stole data they were involved in. 60% stole information they had developed. 65% had other employment arrangements. 75% stole material they had authorised access to. Source: A. Moore et al. A Preliminary Model of Insider Theft of Intellectual Property. CMU Technical Note. Infosec 2012 – SMBs: The Threat Ahead. 16
What’s the Damage? Infosec 2012 – SMBs: The Threat Ahead. 17
Average Cost of Attacks. Information Breaches Survey. Large companies averaged 45 incidents / yr. Small companies 14 incidents / yr. Cost of worst incident: Large companies £280 000 - £690 000 Small companies £27 500 - £55 000 Source :“Information Security Breaches Survey 2010” , Infosecurity Europe. Infosec 2012 – SMBs: The Threat Ahead. 18
“We had malware problems left and right, almost weekly; we would be down for a day or half a day. We would need to call someone to come in and fix these malware issues so that I could get bids out. When people look at that and you aren’t timely, they relate that to ‘How will he work when he’s on the job?’” Richard Johnson Sales Consultant, Coddington Construction Infosec 2012 – SMBs: The Threat Ahead. 19
Conclusions Infosec 2012 – SMBs: The Threat Ahead. 20
Conclusions. Information is at the heart of business (small and big). SMBs more exposed to attacks. Unlikely to have in-house security expertise. Driving adoption of cloud systems. Infosec 2012 – SMBs: The Threat Ahead. 21
Thank you! Martin Lee martin_lee@symantec.com +44 7775 823 278 Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Infosec 2012 – SMBs: The Threat Ahead. 22

Recommended

2012 security services clientprex
2012 security services clientprex2012 security services clientprex
2012 security services clientprexKim Aarenstrup
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
PwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO ReprintPwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO ReprintKim Jensen
 
White Paper: Mobile Security
White Paper: Mobile SecurityWhite Paper: Mobile Security
White Paper: Mobile SecurityRogers Communications
 
CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19IBM Sverige
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletterDominic Vogel
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...GFI Software
 
Cybersecurity infographic
Cybersecurity infographicCybersecurity infographic
Cybersecurity infographicCSC Australia
 

Recommended

2012 security services clientprex
2012 security services clientprex2012 security services clientprex
2012 security services clientprexKim Aarenstrup
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
PwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO ReprintPwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO ReprintKim Jensen
 
White Paper: Mobile Security
White Paper: Mobile SecurityWhite Paper: Mobile Security
White Paper: Mobile SecurityRogers Communications
 
CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19IBM Sverige
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletterDominic Vogel
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...GFI Software
 
Cybersecurity infographic
Cybersecurity infographicCybersecurity infographic
Cybersecurity infographicCSC Australia
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security IntelligenceIBMGovernmentCA
 
THE 5 CHALLENGES
THE 5 CHALLENGESTHE 5 CHALLENGES
THE 5 CHALLENGESMartin Andenmatten
 
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010Jorge Sebastiao
 
Cyber Threat Management Services
Cyber Threat Management ServicesCyber Threat Management Services
Cyber Threat Management ServicesMarlabs
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsBooz Allen Hamilton
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityBooz Allen Hamilton
 
Solving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtSolving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtRoopa Nadkarni
 
The 10 most trusted cyber security solution providers 2018
The 10 most trusted cyber security solution providers 2018The 10 most trusted cyber security solution providers 2018
The 10 most trusted cyber security solution providers 2018Insights success media and technology pvt ltd
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOsIBM Security
 
Manifesto_final
Manifesto_finalManifesto_final
Manifesto_finalSarah Jarvis
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareGFI Software
 
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseThe Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseReadWrite
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aMark Henshaw
 
The TOP 10 tech trends of 2011
The TOP 10 tech trends of 2011The TOP 10 tech trends of 2011
The TOP 10 tech trends of 2011dvasilyev
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
Wall street journal 22 sept 10 - perspectives on risk it
Wall street journal 22 sept 10 - perspectives on risk itWall street journal 22 sept 10 - perspectives on risk it
Wall street journal 22 sept 10 - perspectives on risk itMessiernl
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook SecurityRogers Communications
 
Issa Seattle 5 09 Social Engineering
Issa Seattle 5 09 Social EngineeringIssa Seattle 5 09 Social Engineering
Issa Seattle 5 09 Social EngineeringMike Murray
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!Ludmila Morozova-Buss
 
PlayScience: 10 Things You Need to Know About Kids as Digital Learners
PlayScience: 10 Things You Need to Know About Kids as Digital LearnersPlayScience: 10 Things You Need to Know About Kids as Digital Learners
PlayScience: 10 Things You Need to Know About Kids as Digital LearnersPlayScience
 
Identifying Risk Factors for Subjects of Targeted Attack
Identifying Risk Factors for Subjects of Targeted AttackIdentifying Risk Factors for Subjects of Targeted Attack
Identifying Risk Factors for Subjects of Targeted Attackmartin_lee1969
 

More Related Content

What's hot

GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010Jorge Sebastiao
 
Cyber Threat Management Services
Cyber Threat Management ServicesCyber Threat Management Services
Cyber Threat Management ServicesMarlabs
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsBooz Allen Hamilton
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityBooz Allen Hamilton
 
Solving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtSolving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtRoopa Nadkarni
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOsIBM Security
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareGFI Software
 
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseThe Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseReadWrite
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aMark Henshaw
 
The TOP 10 tech trends of 2011
The TOP 10 tech trends of 2011The TOP 10 tech trends of 2011
The TOP 10 tech trends of 2011dvasilyev
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
Wall street journal 22 sept 10 - perspectives on risk it
Wall street journal 22 sept 10 - perspectives on risk itWall street journal 22 sept 10 - perspectives on risk it
Wall street journal 22 sept 10 - perspectives on risk itMessiernl
 
Issa Seattle 5 09 Social Engineering
Issa Seattle 5 09 Social EngineeringIssa Seattle 5 09 Social Engineering
Issa Seattle 5 09 Social EngineeringMike Murray
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!Ludmila Morozova-Buss
 

What's hot (20)

Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
 
THE 5 CHALLENGES
THE 5 CHALLENGESTHE 5 CHALLENGES
THE 5 CHALLENGES
 
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
 
Cyber Threat Management Services
Cyber Threat Management ServicesCyber Threat Management Services
Cyber Threat Management Services
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber Analysts
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
 
Solving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtSolving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holt
 
The 10 most trusted cyber security solution providers 2018
The 10 most trusted cyber security solution providers 2018The 10 most trusted cyber security solution providers 2018
The 10 most trusted cyber security solution providers 2018
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOs
 
Manifesto_final
Manifesto_finalManifesto_final
Manifesto_final
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of Bloatware
 
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseThe Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's Enterprise
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 a
 
The TOP 10 tech trends of 2011
The TOP 10 tech trends of 2011The TOP 10 tech trends of 2011
The TOP 10 tech trends of 2011
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
Wall street journal 22 sept 10 - perspectives on risk it
Wall street journal 22 sept 10 - perspectives on risk itWall street journal 22 sept 10 - perspectives on risk it
Wall street journal 22 sept 10 - perspectives on risk it
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook Security
 
Issa Seattle 5 09 Social Engineering
Issa Seattle 5 09 Social EngineeringIssa Seattle 5 09 Social Engineering
Issa Seattle 5 09 Social Engineering
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
 
Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!
 

Viewers also liked

PlayScience: 10 Things You Need to Know About Kids as Digital Learners
PlayScience: 10 Things You Need to Know About Kids as Digital LearnersPlayScience: 10 Things You Need to Know About Kids as Digital Learners
PlayScience: 10 Things You Need to Know About Kids as Digital LearnersPlayScience
 
Identifying Risk Factors for Subjects of Targeted Attack
Identifying Risk Factors for Subjects of Targeted AttackIdentifying Risk Factors for Subjects of Targeted Attack
Identifying Risk Factors for Subjects of Targeted Attackmartin_lee1969
 
J. Alison Bryant - Navigating between academic and non-academic worlds
J. Alison Bryant - Navigating between academic and non-academic worldsJ. Alison Bryant - Navigating between academic and non-academic worlds
J. Alison Bryant - Navigating between academic and non-academic worldsPlayScience
 
PlayScience: Media as a prompt for play
PlayScience: Media as a prompt for playPlayScience: Media as a prompt for play
PlayScience: Media as a prompt for playPlayScience
 
Playing Big Across Generations: 5 Top Tips
Playing Big Across Generations: 5 Top TipsPlaying Big Across Generations: 5 Top Tips
Playing Big Across Generations: 5 Top TipsPlayScience
 
PlayScience: 10 Predictions for the Next 10 Years of Kids' Media
PlayScience: 10 Predictions for the Next 10 Years of Kids' MediaPlayScience: 10 Predictions for the Next 10 Years of Kids' Media
PlayScience: 10 Predictions for the Next 10 Years of Kids' MediaPlayScience
 
PlayScience - Families and Gaming - Casual Connect Seattle 2012
PlayScience - Families and Gaming - Casual Connect Seattle 2012PlayScience - Families and Gaming - Casual Connect Seattle 2012
PlayScience - Families and Gaming - Casual Connect Seattle 2012PlayScience
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.martin_lee1969
 
Clustering Disparate Attacks: Mapping The Activities of The Advanced Persiste...
Clustering Disparate Attacks: Mapping The Activities of The Advanced Persiste...Clustering Disparate Attacks: Mapping The Activities of The Advanced Persiste...
Clustering Disparate Attacks: Mapping The Activities of The Advanced Persiste...martin_lee1969
 
Gen Z and Cause-Related / Pro-Social Branding: 8 Rules for Playing Big
Gen Z and Cause-Related / Pro-Social Branding: 8 Rules for Playing BigGen Z and Cause-Related / Pro-Social Branding: 8 Rules for Playing Big
Gen Z and Cause-Related / Pro-Social Branding: 8 Rules for Playing BigPlayScience
 
PlayScience: 10 things you need to know to PlayBig in the kids gaming space (...
PlayScience: 10 things you need to know to PlayBig in the kids gaming space (...PlayScience: 10 things you need to know to PlayBig in the kids gaming space (...
PlayScience: 10 things you need to know to PlayBig in the kids gaming space (...PlayScience
 
Is Information Security Worth It?
Is Information Security Worth It?Is Information Security Worth It?
Is Information Security Worth It?martin_lee1969
 

Viewers also liked (12)

PlayScience: 10 Things You Need to Know About Kids as Digital Learners
PlayScience: 10 Things You Need to Know About Kids as Digital LearnersPlayScience: 10 Things You Need to Know About Kids as Digital Learners
PlayScience: 10 Things You Need to Know About Kids as Digital Learners
 
Identifying Risk Factors for Subjects of Targeted Attack
Identifying Risk Factors for Subjects of Targeted AttackIdentifying Risk Factors for Subjects of Targeted Attack
Identifying Risk Factors for Subjects of Targeted Attack
 
J. Alison Bryant - Navigating between academic and non-academic worlds
J. Alison Bryant - Navigating between academic and non-academic worldsJ. Alison Bryant - Navigating between academic and non-academic worlds
J. Alison Bryant - Navigating between academic and non-academic worlds
 
PlayScience: Media as a prompt for play
PlayScience: Media as a prompt for playPlayScience: Media as a prompt for play
PlayScience: Media as a prompt for play
 
Playing Big Across Generations: 5 Top Tips
Playing Big Across Generations: 5 Top TipsPlaying Big Across Generations: 5 Top Tips
Playing Big Across Generations: 5 Top Tips
 
PlayScience: 10 Predictions for the Next 10 Years of Kids' Media
PlayScience: 10 Predictions for the Next 10 Years of Kids' MediaPlayScience: 10 Predictions for the Next 10 Years of Kids' Media
PlayScience: 10 Predictions for the Next 10 Years of Kids' Media
 
PlayScience - Families and Gaming - Casual Connect Seattle 2012
PlayScience - Families and Gaming - Casual Connect Seattle 2012PlayScience - Families and Gaming - Casual Connect Seattle 2012
PlayScience - Families and Gaming - Casual Connect Seattle 2012
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.
 
Clustering Disparate Attacks: Mapping The Activities of The Advanced Persiste...
Clustering Disparate Attacks: Mapping The Activities of The Advanced Persiste...Clustering Disparate Attacks: Mapping The Activities of The Advanced Persiste...
Clustering Disparate Attacks: Mapping The Activities of The Advanced Persiste...
 
Gen Z and Cause-Related / Pro-Social Branding: 8 Rules for Playing Big
Gen Z and Cause-Related / Pro-Social Branding: 8 Rules for Playing BigGen Z and Cause-Related / Pro-Social Branding: 8 Rules for Playing Big
Gen Z and Cause-Related / Pro-Social Branding: 8 Rules for Playing Big
 
PlayScience: 10 things you need to know to PlayBig in the kids gaming space (...
PlayScience: 10 things you need to know to PlayBig in the kids gaming space (...PlayScience: 10 things you need to know to PlayBig in the kids gaming space (...
PlayScience: 10 things you need to know to PlayBig in the kids gaming space (...
 
Is Information Security Worth It?
Is Information Security Worth It?Is Information Security Worth It?
Is Information Security Worth It?
 

Similar to SMBs Face Growing Cyber Threats

Who\'s Next? Patterns and Trends in Targeted Attacks.
Who\'s Next? Patterns and Trends in Targeted Attacks.Who\'s Next? Patterns and Trends in Targeted Attacks.
Who\'s Next? Patterns and Trends in Targeted Attacks.martin_lee1969
 
Cybersecurity Myths for Small and Medium-Sized Businesses
Cybersecurity Myths for Small and Medium-Sized BusinessesCybersecurity Myths for Small and Medium-Sized Businesses
Cybersecurity Myths for Small and Medium-Sized BusinessesSeqrite
 
5 Top Cyber Threats That Will Ruin Your Business
5 Top Cyber Threats That Will Ruin Your Business5 Top Cyber Threats That Will Ruin Your Business
5 Top Cyber Threats That Will Ruin Your BusinessIndusfacePvtLtd
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment PresentationLionel Medina
 
Top Security Trends for 2013
Top Security Trends for 2013Top Security Trends for 2013
Top Security Trends for 2013Imperva
 
Bitdefender Corporate July2011 V3
Bitdefender Corporate July2011 V3Bitdefender Corporate July2011 V3
Bitdefender Corporate July2011 V3princescorpio
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
Web security – everything we know is wrong cloud version
Web security – everything we know is wrong cloud versionWeb security – everything we know is wrong cloud version
Web security – everything we know is wrong cloud versionEoin Keary
 
Three Key Ways OEMs Can Mitigate Their Cyber-Threat Risk.pdf
Three Key Ways OEMs Can Mitigate Their Cyber-Threat Risk.pdfThree Key Ways OEMs Can Mitigate Their Cyber-Threat Risk.pdf
Three Key Ways OEMs Can Mitigate Their Cyber-Threat Risk.pdfEnterprise Insider
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Government
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Internet security threat report 2013
Internet security threat report 2013Internet security threat report 2013
Internet security threat report 2013Karim Shaikh
 
BSides SF Security Mendoza Line
BSides SF Security Mendoza LineBSides SF Security Mendoza Line
BSides SF Security Mendoza LineEd Bellis
 
Eliminating Security Uncertainty
Eliminating Security UncertaintyEliminating Security Uncertainty
Eliminating Security UncertaintyDell World
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18Symantec
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...Eoin Keary
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...Invincea, Inc.
 

Similar to SMBs Face Growing Cyber Threats (20)

Who\'s Next? Patterns and Trends in Targeted Attacks.
Who\'s Next? Patterns and Trends in Targeted Attacks.Who\'s Next? Patterns and Trends in Targeted Attacks.
Who\'s Next? Patterns and Trends in Targeted Attacks.
 
Cybersecurity Myths for Small and Medium-Sized Businesses
Cybersecurity Myths for Small and Medium-Sized BusinessesCybersecurity Myths for Small and Medium-Sized Businesses
Cybersecurity Myths for Small and Medium-Sized Businesses
 
5 Top Cyber Threats That Will Ruin Your Business
5 Top Cyber Threats That Will Ruin Your Business5 Top Cyber Threats That Will Ruin Your Business
5 Top Cyber Threats That Will Ruin Your Business
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
 
Top Security Trends for 2013
Top Security Trends for 2013Top Security Trends for 2013
Top Security Trends for 2013
 
Bitdefender Corporate July2011 V3
Bitdefender Corporate July2011 V3Bitdefender Corporate July2011 V3
Bitdefender Corporate July2011 V3
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
 
Web security – everything we know is wrong cloud version
Web security – everything we know is wrong cloud versionWeb security – everything we know is wrong cloud version
Web security – everything we know is wrong cloud version
 
Three Key Ways OEMs Can Mitigate Their Cyber-Threat Risk.pdf
Three Key Ways OEMs Can Mitigate Their Cyber-Threat Risk.pdfThree Key Ways OEMs Can Mitigate Their Cyber-Threat Risk.pdf
Three Key Ways OEMs Can Mitigate Their Cyber-Threat Risk.pdf
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat Analysis
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
Internet security threat report 2013
Internet security threat report 2013Internet security threat report 2013
Internet security threat report 2013
 
BSides SF Security Mendoza Line
BSides SF Security Mendoza LineBSides SF Security Mendoza Line
BSides SF Security Mendoza Line
 
Eliminating Security Uncertainty
Eliminating Security UncertaintyEliminating Security Uncertainty
Eliminating Security Uncertainty
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18
 
Reputational Risk
Reputational RiskReputational Risk
Reputational Risk
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
 

SMBs Face Growing Cyber Threats

  • 1. SMBs: The Threat Ahead Martin Lee CISSP CEng Senior Analyst Infosec 2012 – SMBs: The Threat Ahead. 1
  • 2. Why SMBs? Infosec 2012 – SMBs: The Threat Ahead. 2
  • 3. Why SMBs? 99.8% of all EU enterprises are SMEs 85% of net new jobs in the EU between 2002 and 2010 were created by SMEs 67% of all EU employees work in a SMEs Source: Annual Report on EU Small and Medium sized Enterprises 2010/2011. DG Enterprise. Do SMEs Create More and Better Jobs? EIM Business & Policy Research Infosec 2012 – SMBs: The Threat Ahead. 3
  • 4. Predicted Data Growth. Year. Source: 2011 IDC Digital Universe Study. Infosec 2012 – SMBs: The Threat Ahead. 4
  • 5. Predicted Growth in Number of Info. Sec. Staff. Year. Source: The 2011 (ISC)2 Global Information Security Workforce Study. Infosec 2012 – SMBs: The Threat Ahead. 5
  • 6. Shortage of Specialist Staff. ~ 750 000 info sec staff in EMEA. ~ 20.8 million companies in EU. 1 info sec professional for every 28 companies! Source: Annual Report on EU Small and Medium sized Enterprises 2010/2011. DG Enterprise. Infosec 2012 – SMBs: The Threat Ahead. 6
  • 7. Data Breach Cost Per Record. Year. Year. Source: Cost of a Data Breach, Ponemon Institute. Infosec 2012 – SMBs: The Threat Ahead. 7
  • 8. CISO Benefits. Having a CISO reduces breach costs. £ -18 per breached record! Average EU SME size: 4.2 employees. Will this include a CISO? Source: Annual Report on EU Small and Medium sized Enterprises 2010/2011. DG Enterprise. Cost of a Data Breach, Ponemon Institute. Infosec 2012 – SMBs: The Threat Ahead. 8
  • 9. SMBs: Malware Infections Impact the Business Concerns of SMBs 54% 46% Targeted 36% 20% Targeted attack would attack would Hackers cause drive away Productivity could access would drop proprietary information revenue loss customers Source: SMB Threat Awareness Poll. Symantec. Infosec 2012 – SMBs: The Threat Ahead. 9
  • 10. SMBs: Understanding of Threats Are Malware / DDOS a Threat to Your Company? 50% 43% 6% 1% As a SME, We’re we’re not I’m in denial Other. protected. targets. Source: SMB Threat Awareness Poll. Symantec. Infosec 2012 – SMBs: The Threat Ahead. 10
  • 11. SMB Relative Threat Rates. Global Threat Rates. SMB Threat Rates. 68.3% 1 in 265.7 1 in 262.5 Source: Symantec Intelligence Report, February 2012. Infosec 2012 – SMBs: The Threat Ahead. 11
  • 12. SMEs Use Email More. 4.4x more emails. Legitimate emails per month per employee for clients <250 users & clients > 1000 users. March 2011 – Feb 2012 Infosec 2012 – SMBs: The Threat Ahead. 12
  • 13. SMEs Get Sent More Email Malware. 3.1x more email malware Malware emails per month per employee for clients <250 users & clients > 1000 users. March 2011 – Feb 2012 Infosec 2012 – SMBs: The Threat Ahead. 13
  • 14. SMEs Get Sent More Phish. 3.1x more phish attacks Phish emails per month per employee for clients <250 users & clients > 1000 users. March 2011 – Feb 2012 Infosec 2012 – SMBs: The Threat Ahead. 14
  • 15. Web Malware. Up to 9000 new malware hosting websites per day! Infosec 2012 – SMBs: The Threat Ahead. 15
  • 16. Not Forgetting the Malicious Insider. Male technical employee, 37 years old. 86% stole data they were involved in. 60% stole information they had developed. 65% had other employment arrangements. 75% stole material they had authorised access to. Source: A. Moore et al. A Preliminary Model of Insider Theft of Intellectual Property. CMU Technical Note. Infosec 2012 – SMBs: The Threat Ahead. 16
  • 17. What’s the Damage? Infosec 2012 – SMBs: The Threat Ahead. 17
  • 18. Average Cost of Attacks. Information Breaches Survey. Large companies averaged 45 incidents / yr. Small companies 14 incidents / yr. Cost of worst incident: Large companies £280 000 - £690 000 Small companies £27 500 - £55 000 Source :“Information Security Breaches Survey 2010” , Infosecurity Europe. Infosec 2012 – SMBs: The Threat Ahead. 18
  • 19. “We had malware problems left and right, almost weekly; we would be down for a day or half a day. We would need to call someone to come in and fix these malware issues so that I could get bids out. When people look at that and you aren’t timely, they relate that to ‘How will he work when he’s on the job?’” Richard Johnson Sales Consultant, Coddington Construction Infosec 2012 – SMBs: The Threat Ahead. 19
  • 20. Conclusions Infosec 2012 – SMBs: The Threat Ahead. 20
  • 21. Conclusions. Information is at the heart of business (small and big). SMBs more exposed to attacks. Unlikely to have in-house security expertise. Driving adoption of cloud systems. Infosec 2012 – SMBs: The Threat Ahead. 21
  • 22. Thank you! Martin Lee martin_lee@symantec.com +44 7775 823 278 Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Infosec 2012 – SMBs: The Threat Ahead. 22

Editor's Notes

  1. In addition to having an awareness of threats, SMBs also recognize there is an impact of malware to the business. 54% said productivity would drop 36% said hackers could gain access to proprietary information They also recognize that a targeted attack has impact on running the business with 20% stating it would drive customers away and 46% stating a targeted attack would cause revenue loss. Coddington Construction (a company that does exterior remodeling work) is an SMB that struggled with malware in the past and it was impacting the business. “We had malware problems left and right, almost weekly; we would be down for a day or half a day. We would need to call someone to come in and fix these malware issues so that I could get bids out. When people look at that and you aren’t timely, they relate that to ‘How will he work when he’s on the job?’” Richard Johnson, sales consultant at Coddington Construction (EMPHASIZE THIS)
  2. In addition to having an awareness of threats, SMBs also recognize there is an impact of malware to the business. 54% said productivity would drop 36% said hackers could gain access to proprietary information They also recognize that a targeted attack has impact on running the business with 20% stating it would drive customers away and 46% stating a targeted attack would cause revenue loss. Coddington Construction (a company that does exterior remodeling work) is an SMB that struggled with malware in the past and it was impacting the business. “We had malware problems left and right, almost weekly; we would be down for a day or half a day. We would need to call someone to come in and fix these malware issues so that I could get bids out. When people look at that and you aren’t timely, they relate that to ‘How will he work when he’s on the job?’” Richard Johnson, sales consultant at Coddington Construction (EMPHASIZE THIS)