Your SlideShare is downloading. ×
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
SMBs: The Threat Ahead
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

SMBs: The Threat Ahead

119

Published on

"SMBs: The Threat Ahead" give at Infosec Europe, April 2012.

"SMBs: The Threat Ahead" give at Infosec Europe, April 2012.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
119
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • In addition to having an awareness of threats, SMBs also recognize there is an impact of malware to the business. 54% said productivity would drop 36% said hackers could gain access to proprietary information They also recognize that a targeted attack has impact on running the business with 20% stating it would drive customers away and 46% stating a targeted attack would cause revenue loss. Coddington Construction (a company that does exterior remodeling work) is an SMB that struggled with malware in the past and it was impacting the business. “We had malware problems left and right, almost weekly; we would be down for a day or half a day. We would need to call someone to come in and fix these malware issues so that I could get bids out. When people look at that and you aren’t timely, they relate that to ‘How will he work when he’s on the job?’” Richard Johnson, sales consultant at Coddington Construction (EMPHASIZE THIS)
  • In addition to having an awareness of threats, SMBs also recognize there is an impact of malware to the business. 54% said productivity would drop 36% said hackers could gain access to proprietary information They also recognize that a targeted attack has impact on running the business with 20% stating it would drive customers away and 46% stating a targeted attack would cause revenue loss. Coddington Construction (a company that does exterior remodeling work) is an SMB that struggled with malware in the past and it was impacting the business. “We had malware problems left and right, almost weekly; we would be down for a day or half a day. We would need to call someone to come in and fix these malware issues so that I could get bids out. When people look at that and you aren’t timely, they relate that to ‘How will he work when he’s on the job?’” Richard Johnson, sales consultant at Coddington Construction (EMPHASIZE THIS)
  • Transcript

    • 1. SMBs: The Threat Ahead Martin Lee CISSP CEng Senior AnalystInfosec 2012 – SMBs: The Threat Ahead. 1
    • 2. Why SMBs?Infosec 2012 – SMBs: The Threat Ahead. 2
    • 3. Why SMBs? 99.8% of all EU enterprises are SMEs 85% of net new jobs in the EU between 2002 and 2010 were created by SMEs 67% of all EU employees work in a SMEs Source: Annual Report on EU Small and Medium sized Enterprises 2010/2011. DG Enterprise. Do SMEs Create More and Better Jobs? EIM Business & Policy ResearchInfosec 2012 – SMBs: The Threat Ahead. 3
    • 4. Predicted Data Growth. Year. Source: 2011 IDC Digital Universe Study.Infosec 2012 – SMBs: The Threat Ahead. 4
    • 5. Predicted Growth in Number of Info. Sec. Staff. Year. Source: The 2011 (ISC)2 Global Information Security Workforce Study.Infosec 2012 – SMBs: The Threat Ahead. 5
    • 6. Shortage of Specialist Staff. ~ 750 000 info sec staff in EMEA. ~ 20.8 million companies in EU. 1 info sec professional for every 28 companies! Source: Annual Report on EU Small and Medium sized Enterprises 2010/2011. DG Enterprise.Infosec 2012 – SMBs: The Threat Ahead. 6
    • 7. Data Breach Cost Per Record. Year. Year. Source: Cost of a Data Breach, Ponemon Institute.Infosec 2012 – SMBs: The Threat Ahead. 7
    • 8. CISO Benefits. Having a CISO reduces breach costs. £ -18 per breached record! Average EU SME size: 4.2 employees. Will this include a CISO? Source: Annual Report on EU Small and Medium sized Enterprises 2010/2011. DG Enterprise. Cost of a Data Breach, Ponemon Institute.Infosec 2012 – SMBs: The Threat Ahead. 8
    • 9. SMBs: Malware Infections Impact the Business Concerns of SMBs 54% 46% Targeted 36% 20% Targeted attack would attack would Hackers cause drive awayProductivity could accesswould drop proprietary information revenue loss customers Source: SMB Threat Awareness Poll. Symantec.Infosec 2012 – SMBs: The Threat Ahead. 9
    • 10. SMBs: Understanding of Threats Are Malware / DDOS a Threat to Your Company? 50% 43% 6% 1%As a SME, We’rewe’re not I’m in denial Other. protected.targets. Source: SMB Threat Awareness Poll. Symantec.Infosec 2012 – SMBs: The Threat Ahead. 10
    • 11. SMB Relative Threat Rates. Global Threat Rates. SMB Threat Rates. 68.3% 1 in 265.7 1 in 262.5 Source: Symantec Intelligence Report, February 2012.Infosec 2012 – SMBs: The Threat Ahead. 11
    • 12. SMEs Use Email More. 4.4x more emails. Legitimate emails per month per employee for clients <250 users & clients > 1000 users. March 2011 – Feb 2012Infosec 2012 – SMBs: The Threat Ahead. 12
    • 13. SMEs Get Sent More Email Malware. 3.1x more email malware Malware emails per month per employee for clients <250 users & clients > 1000 users. March 2011 – Feb 2012Infosec 2012 – SMBs: The Threat Ahead. 13
    • 14. SMEs Get Sent More Phish. 3.1x more phish attacks Phish emails per month per employee for clients <250 users & clients > 1000 users. March 2011 – Feb 2012Infosec 2012 – SMBs: The Threat Ahead. 14
    • 15. Web Malware. Up to 9000 new malware hosting websites per day!Infosec 2012 – SMBs: The Threat Ahead. 15
    • 16. Not Forgetting the Malicious Insider. Male technical employee, 37 years old. 86% stole data they were involved in. 60% stole information they had developed. 65% had other employment arrangements. 75% stole material they had authorised access to. Source: A. Moore et al. A Preliminary Model of Insider Theft of Intellectual Property. CMU Technical Note.Infosec 2012 – SMBs: The Threat Ahead. 16
    • 17. What’s the Damage?Infosec 2012 – SMBs: The Threat Ahead. 17
    • 18. Average Cost of Attacks.Information Breaches Survey. Large companies averaged 45 incidents / yr. Small companies 14 incidents / yr.Cost of worst incident: Large companies £280 000 - £690 000 Small companies £27 500 - £55 000Source :“Information Security Breaches Survey 2010” , Infosecurity Europe.Infosec 2012 – SMBs: The Threat Ahead. 18
    • 19. “We had malware problems left and right, almost weekly; we would be down for a day or half a day. We would need to call someone to come in and fix these malware issues so that I could get bids out. When people look at that and you aren’t timely, they relate that to ‘How will he work when he’s on the job?’” Richard Johnson Sales Consultant, Coddington ConstructionInfosec 2012 – SMBs: The Threat Ahead. 19
    • 20. ConclusionsInfosec 2012 – SMBs: The Threat Ahead. 20
    • 21. Conclusions.Information is at the heart of business (small and big).SMBs more exposed to attacks.Unlikely to have in-house security expertise.Driving adoption of cloud systems.Infosec 2012 – SMBs: The Threat Ahead. 21
    • 22. Thank you! Martin Lee martin_lee@symantec.com +44 7775 823 278 Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.Infosec 2012 – SMBs: The Threat Ahead. 22

    ×