Macs under attack?

It's arguable that the recent Flashback Trojan episode has been the tipping point when it comes to changing the face of the Mac security threatscape. But who is targeting OS X and iOS devices, how are they doing it and should the average business user be worried? Davey Winder investigates...

The expert's view

Whilst it is true that Apple's operating systems are reasonably secure, iOS particularly so, they are by no means invulnerable.

Users and administrators should be encouraged to take sensible steps to attempt to mitigate any risks, such as only opening email attachments from recognised sources, not simply entering admin details and clicking OK but reading the contents of the dialog asking for admin details and asking themselves if this is something that they were expecting

Bill Gallop, Mac Consultants Manager at Insight UK

"It's probably going to require a rethinking of the centralised management approach and the concept of internal and external networks. New security policies will have to be redesigned to provide protection also for/from non-managed devices," Mador reckons.

Si Kellow, security consultant and CSO at Proact added: "What our under-thanked security manager needs before he starts to deploy technical controls, is a written policy that permits the use of iStuff. This should also set out the corporate position on who is responsible for the upkeep and maintenance of iStuff, and whether any technical controls will need to be deployed in order for the user to make use of iStuff".

What steps should the enterprise take to ensure that Macs and iPads are safe?

"For Mac laptops, the same basic rules apply as for any other laptop: keep the patches current, ensure updates for any third-party software are installed promptly, and enforce robust local security on the device in the form of strong passwords and remote access permissions. Apple has a lot of great remote-management features, such as Desktop Sharing and network bridging, which are easy to turn on and use, so administrators should make themselves familiar with those features and choose consciously whether or not to permit their use. The single most important goal is to have as much uniformity of policy across platforms as possible, because if one platform has an advantage' it will be the one favoured and that advantage will likely accelerate the discovery of weaknesses and exploits. Separating out the security configuration from the usability issues is a challenge, but it's not a new one; administrators have had to manage large populations of Windows laptops running multiple versions at the same time for many years now, so the lessons are similar" - BT's Global Head of Business Continuity, Security & Governance, Jeff Schmidt.

Featured Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now

Most Popular

mergers and acquisitions

Xerox threatens hostile takeover after HP rebuffs $30bn takeover

22 Nov 2019

Microsoft issues statement debunking Teams ransomware rumours

21 Nov 2019

Salesforce takes AWS relationship to the next level

19 Nov 2019

Tests show UK's 5G network is 450% faster than 4G

20 Nov 2019