Macs under attack?

It's arguable that the recent Flashback Trojan episode has been the tipping point when it comes to changing the face of the Mac security threatscape. But who is targeting OS X and iOS devices, how are they doing it and should the average business user be worried? Davey Winder investigates...

The expert's view

Whilst it is true that Apple's operating systems are reasonably secure, iOS particularly so, they are by no means invulnerable.

Users and administrators should be encouraged to take sensible steps to attempt to mitigate any risks, such as only opening email attachments from recognised sources, not simply entering admin details and clicking OK but reading the contents of the dialog asking for admin details and asking themselves if this is something that they were expecting

Bill Gallop, Mac Consultants Manager at Insight UK

"It's probably going to require a rethinking of the centralised management approach and the concept of internal and external networks. New security policies will have to be redesigned to provide protection also for/from non-managed devices," Mador reckons.

Si Kellow, security consultant and CSO at Proact added: "What our under-thanked security manager needs before he starts to deploy technical controls, is a written policy that permits the use of iStuff. This should also set out the corporate position on who is responsible for the upkeep and maintenance of iStuff, and whether any technical controls will need to be deployed in order for the user to make use of iStuff".

What steps should the enterprise take to ensure that Macs and iPads are safe?

"For Mac laptops, the same basic rules apply as for any other laptop: keep the patches current, ensure updates for any third-party software are installed promptly, and enforce robust local security on the device in the form of strong passwords and remote access permissions. Apple has a lot of great remote-management features, such as Desktop Sharing and network bridging, which are easy to turn on and use, so administrators should make themselves familiar with those features and choose consciously whether or not to permit their use. The single most important goal is to have as much uniformity of policy across platforms as possible, because if one platform has an advantage' it will be the one favoured and that advantage will likely accelerate the discovery of weaknesses and exploits. Separating out the security configuration from the usability issues is a challenge, but it's not a new one; administrators have had to manage large populations of Windows laptops running multiple versions at the same time for many years now, so the lessons are similar" - BT's Global Head of Business Continuity, Security & Governance, Jeff Schmidt.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Most Popular

IT retailer faces €10.4m GDPR fine for employee surveillance
General Data Protection Regulation (GDPR)

IT retailer faces €10.4m GDPR fine for employee surveillance

18 Jan 2021
Should IT departments call time on WhatsApp?
communications

Should IT departments call time on WhatsApp?

15 Jan 2021
Citrix buys Slack competitor Wrike in record $2.25bn deal
collaboration

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021