Here’s Why MacBooks Are a Huge Business Security Risk

Below CEO Today hears on the dangers and concerns surrounding the security of Apple MacBooks. Paul Kenyon, co-Founder & co-CEO at Avecto, delves into some of the operating system worries all businesses should beware of.

For over a decade, the Apple MacBook has lead the way in blurring the boundaries between technology and style.

Its clean lines, powerful performance and usability were in sharp contrast to the clunky and often frustrating experience on offer from the traditional PC. The MacBook transformed home offices around the world and left many hoping to replicate that experience in the workplace.

In business what the chief executive wants, the chief executive usually gets and that has led to MacBooks being used by a large number of senior decision makers at work. Accordingly, they are now a boardroom staple across the globe.

The impact of this, might not seem like a negative on the face of it, but it actually poses a significant security risk.

Executives typically hold the keys to the corporate kingdom with access to the businesses’ most sensitive and valuable data. Whether its emails concerning upcoming M&A activity, payroll data or unrestricted administrative rights to the network, their devices and files are rich treasure troves for prying eyes and malicious hackers.

This fact – along with the expanding footprint of Apple products – has caught the attention of hackers and malware writers. MacBooks are now a worthwhile and valuable target for them to attack, whereas previously they would simply have focused on Windows devices.

Recent high-profile vulnerabilities have made this threat more real. In January, OSX/MaMi was detected, a type of malware that specifically infects Apple computers. It worked in a similar way to DNSChanger, which, in 2012, compromised millions of systems by hijacking DNS servers and routing traffic through a hacker’s server of choice, allowing them to steal sensitive information. In fact, last year McAfee found that malware attacks on Mac computers were up 744 per cent in 2016.

Specifically, ransomware attacks on Mac computers are beginning to gain speed. The first detected was in 2016, known as “KeRanger”, and was downloaded more than 6,000 times before the threat was contained – accessing devices via a tainted copy of Transmission, a popular app for transferring data. Since then, new and ‘improved’ malicious software has been developed and made easier for even the least technical cyber criminals to access, meaning the number of ransomware attacks targeting Mac computers has continued to grow.

Yet there still exists a potentially dangerous belief that Apple devices are immune to security threats.

Mac security expert Patrick Wardle summed it up perfectly when he said: “Apple devices aren’t protected by some divine force, they are vulnerable to many of the same attack methodologies as any Windows computer.”

Add this to the fact that Apple is often the penchant of the c-suite and you start to see why this mix of factors can create a serious security risk.

What this means is companies must invest in protection that specifically takes into account Apple devices – something that many mainstream security technologies do not offer.

In terms of specifics, businesses must get control of any Mac devices and ensure anyone using a MacBook is running it with no administrative privileges – meaning they (and in turn a malicious hacker) can only access certain non-sensitive areas of a corporate network.

Secondly, unknown applications should be blocked. Employ a detailed whitelist of known, trusted applications and ensure unsanctioned software cannot execute. This simple measure will ensure malicious apps cannot run – stopping one of the most popular attack types.

Many businesses aren’t currently employing these practices. Those that continue to neglect this area of security need to be very wary of the CEO with the Mac – he or she could provide cyber criminals an easy way into your business and impacting its profits and reputation.

Leave A Reply