Hiding Behind A Mac Is No Longer An Option
For many mid-market and SMB firms one of the benefits of using Apple Macs was that you didn’t have to worry too much about security. At least that was the perception. So besides the “coolness factor” of using a sleek MacBook or Mac Air, all of those mass market worms, Trojans and malware were nothing for you to worry about. This made the job of securing endpoints at many firms a heck of a lot easier.
This image was reinforced by the cute commercials that showed that smug Mac guy making fun of the bumbling PC guy who had all kinds of insecurities. Behind the marketing spiel however there was a truth. As a result most shops running Macs did not even bother installing anti-virus or anti-malware on them. In fact for a long time Apple advocated that you didn’t need to put any security software on your Macs.
Many in the security community always said that the reason we didn’t see more Mac attacks was there were not enough Macs to make it worthwhile. They believed that when Macs captured a big enough market share, the malware authors would then turn their attention to them and we would see Macs under attack.
Well the chickens have come home to roost for Apple it seems. Along with selling lots of iPads, iPhones and iPods, they have done a great job of Mac market share. Estimates are that Macs now make up anywhere from 9% to 18% of the PC market. That is phenomenal considering that Macs hovered around the 3% to 5% for most of the last two decades. The downside of this though is that now there are enough Macs out there to make a mass attack worthwhile.
We have seen perhaps the biggest, if not the most publicized of these mass attacks with the recent Flashback malware which infected upwards of 600,000 machines. What is worse, the response by Apple was not handled as smoothly as they handle their marketing. There were multiple updates released to address the malware with some mixed results reported.
We have grown to take for granted the monthly patch Tuesday’s that Microsoft puts out every month. But pushing out patches and having them do the job without upsetting the apple cart (no pun intended) is not as easy as it looks. The good news is that Apple will in all likelihood get more practice to get their processes down tight. The bad news is that Apple in all likelihood will be the target of even more attacks.
So what does this mean for the midmarket? Well it means that if you have been running Mac in your office and homes and not worrying about security, you better start worrying. It is great news for companies that make Mac security suites. Some of the usual names like Symantec, McAfee, Kapersky and Sophos have Mac versions of their suites available. There are some Mac specific security companies as well that have been in the Mac security market for some time. Companies like Intego have specialized in Mac security and may be worth looking into as well.
But don’t rely just on the tools. Common sense and educating your users is still the most effective means your company may have to stay safe. Don’t open attachments from suspicious emails. Don’t click on links from non-trusted sources in social media, email or web sites. Whether you use a PC or a Mac, the weakest link in the chain is still the person sitting behind the keyboard.
In the meantime this should be a wakeup call for Mac users. Apple is advocating that you install security software. Don’t wait until you are the next victim. Install and maintain endpoint security software now. Virtually any of the choices out there are better than no security software at all.
One thing you can be sure of is that we have not seen the last of targeted malware against Macs. But before all of you Windows users out there gloat, remember you are targets as well.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.