It does not seem that long ago I would hear Mac users say “I don’t need Anti-Virus”, or “Mac’s are not affected”.
To a certain extent they were right. Apple’s use of tightly controlled application approvals reduced the surface area for attack. Mac users did not enjoy the variety of application choices a Windows user had, and that contributed to their safety. The smaller application base also restricted business use of Mac devices. Less Mac developed applications also meant less skilled developers. The combined result of this meant that targeting Mac was an expensive exercise, in a restricted pool of targets.
As more and more applications moved to the cloud, the usage of Macs for business has increased, along with overall market share. We have seen figures that Mac now has 20% of the operating system market share. If you combine that with the sense that Mac users may have of being safe,then targeting Mac looks a lot more profitable for software authors and hackers alike.
We see this shift in product availability. Good security vendors will now always have a Mac version of their product. Application vendors are putting more resources into deploying Mac versions of their product or ensuring that their SaaS solution will work in Mac browsers. Security researchers take greater interest in what is happening on the Mac desktop and that means we see more and more vulnerabilities being found. The recent announcement of the new “GoFetch Apple M-Series” vulnerability is an example of this.
A Mac user needs to be just as security aware as a Windows user.
Many hacks are about tricking you into giving away information. Your Operating System or Security Application are of only limited effect if you make a mistake when answering an onscreen prompt.
Kinetics KARE Foundation helps a lot. It includes DNS scrubbing and our special in-browser security extension. Both of these work to keep you out of harm’s way, but ultimately, you are in control of your actions.
Keep your device and its common applications up to date. Many common attack vectors are via known application weaknesses. Our KARE Foundation team is in the process of releasing a new Mac patching system using tools from an industry leader in Mac management. The objective is to give the same level of O/S and software patching that Windows users receive.
Run strong security software. I started this article talking about Anti-Virus. However no one with a strong understanding of security and risk relies purely on anti-virus anymore. It is now EDR (EndPoint detection and Response) that is the common standard. When we were choosing our EDR product, strong Mac support was high on the list of must haves. We also made sure our new MDR (SOC /SEIM 24×7 security monitoring and response) product includes agents for Macs.
It is a changing world!
A lot has changed over the past four years. We have more choices about where and how we work. That freedom comes at a cost. Cybercrime is increasing year on year. Like any growth business cyber criminals are expanding their base and improving their techniques. There is no safe haven.
The good news is that you can be safer, and reduce the opportunity for a cyber event.
Training, MFA, security software and good practises all help you and hinder them.
New “GoFetch” Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys