I don't think Apple can effectively oversee who qualifies as a "business"
If you make the hurdle too high (like having a DUNS ID) you will disqualify the smaller players.
They clearly need to get a handle on this as it is being abused, but there are probably better ways. One might be to include a click through agreement that attests you are an employee when you install the certificate, along with a "report" button you can click if you are induced to install software that tells you you need to click OK as part of the process and lie about your status as an employee.
Even if 99 out of 100 people looking for a porn or gambling app will happily click OK saying they are an employee to get access to the app, all you need are a few people who say "hold on" and click report. Then Apple can follow up with them about how they got the certificate and revoke it. These illegitimate app purveyors would have to carefully screen their customers to insure they are equally as unscrupulous to avoid the risk of someone hitting the 'report' button.