One of their conclusions of their report was “Following the detection of WireLurker last year, a type of malware that infects OS X computers, 40% of CIOs say they now have less confidence in Mac security”.
Sounds damning doesn’t it? 40% of CIOs say they have less confidence in Mac security. What we don’t know is whether that represents a large sample of CIOs or just five? And does less confidence mean low confidence? My team, the mighty Hawks won the AFL grand final last weekend. On week one of the AFL finals series I was confident we’d play in the grand final and win. But after getting trounced in the first week my confidence was low. I still thought we’d be a chance of winning the Grand Final – but my confidence was lower.
One of the more interesting findings of the Alecto study was only 21% of companies say they have no Macs in the business at all and 36% of CIOs claim the number of Macs in their business has increased over the last year.
Before accepting research such as this report by Alecto as fact, it’s important to evaluate the research by asking simple questions such as the sample size and what is meant by relative terms such as “Lower” – lower than what?
One thing we do agree with is Alecto VP Paul Kenyon comment that “As Macs become commonplace in business, they will be increasingly targeted by cyber criminals as a way in. Often, Macs are treated as an accepted risk and simply managed outside of corporate policies. It’s no longer possible to ignore this growing risk or wait until a breach forces your hand”.
What’s really important to note isn;t the Mac that is specifically being targeted much of the time. It’s the users that are targeted. Hackers have long since recognised the most vulnerable point in any system is the humans. Phishing attacks and the theft of user accounts remain a significant threat vector. So, while putting appropriate OS X security measures on machines is appropriate, it’s critical to educate users and put in place steps to prevent phishing and other attacks from causing damage.