Are Macs Safe for Enterprise?
Everyone loves a Mac. They’re famously easy to use. Many people find themselves more productive on Macs. And let’s face it—they definitely have a “cool” factor that PCs can’t match.
But are Macs safe to use at the office?
On the face of it, this may seem like a strange question to ask. Apple, after all, has built a rock-solid reputation as a company committed to security and privacy. And Macs in particular have long been held up as the safer alternative to Windows-based machines.
We’re not into scare-mongering or clickbait stories. And we like Macs (a lot). We believe that they are, all things considered, the most secure desktop system out there.
But at the same time, we’ve seen the recent trends in macOS malware. We’ve heard from other security researchers who have noticed the same things. And the cybersecurity threat landscape is changing, and changing fast—just as macOS deployments across the enterprise are rising.
So it makes sense to take a closer look at the security implications of using Macs in an enterprise setting, with a view to offering a balanced perspective on the subject as well as providing some actionable advice for small to medium-sized companies thinking of “going Mac”.
The way we never were
There was a time when the old canard that “Macs don’t get viruses” contained at least a grain of truth.
The vast majority of malware found “in the wild” was aimed at Windows operating systems. Microsoft’s dominance in corporate and organizational environments, coupled with its notoriously insecure OS, made it the obvious target for hackers. Macs, in contrast, were scarce in enterprise settings, and contained far fewer obvious vulnerabilities to exploit—meaning that there was relatively little incentive for threat actors to even bother creating malware for macOS.
Those days are long gone.
Corporate giants like IBM, GE, and Cisco have invested heavily in deploying tens of thousands of Macs across their organizations. And Macs are increasingly common in smaller offices as well—driven largely by employee demand, it seems, as organizations which allow employees to choose between Macs or Windows-based computers see the vast majority of workers opting for Macs. Meanwhile, home users continue to buy MacBooks and iMacs in their millions.
With that many tempting targets to attack, it’s no wonder that we’ve seen a rise in malware aimed at macOS. As malicious actors are now incentivized to create macOS malware, it will only get more sophisticated and more effective.
New day, new threats
But it’s not just the increased number of Macs driving the behavior of threat actors. There have also been significant changes in the world itself. People are now hacking for different reasons than before.
The rise of Bitcoin, Ethereum, and the like has created a market for malware that does little more than borrow an infected machine’s computing power to mine cryptocurrency. Cryptomining malware for macOS has already been discovered.
The development of malware by rogue nations, both as a form of asymmetrical warfare and as a way of funding weapons programs despite sanctions, is also a factor. Both North Korea and Iran have been implicated in macOS malware incidents.
A lag in perception
Mac malware is a very real phenomenon, then, and it can only be expected to increase in the coming years. Apple itself seems to have realized this, having recently created a macOS bug bounty program to help make the platform more secure.
Despite all this, many people are still stuck in a 1990s mindset with respect to Mac security. Among everyday Mac users, there are still those who believe that “Macs are just safe” and run their machines without any kind of antivirus protection.
And this is enough to make any IT group—especially one with limited resources—uncomfortable at the prospect of random executives bringing their MacBooks onto the network.
Users and defenders
Also worth considering is the likely profile of the enterprise Mac user—as well as that of the infosec worker tasked with keeping them safe.
Macs are often preferred by creatives, and will be the first choice of many working in design, marketing, and advertising. They also tend to be used by productivity-focused, high-income employees: executives and senior managers.
These are not the most technically sophisticated employees in an organization, and yet at the same time they have access to a tremendous amount of valuable and confidential information, making them ideal targets for social engineering or spear phishing attacks.
Of course that has little to do with Macs, per se. But many corporate IT personnel lack familiarity with macOS security issues, or best practices for managing enterprise deployments of Macs. Their training has most likely prepared them to function in an office running on Windows machines; they manage networks on Windows or Linux-based servers. For many of them, macOS security is a relative unknown.
Large organizations, which have the resources to either hire macOS specialists or outsource the work, are unlikely to be put off by this. But it may cause small to medium-sized businesses to think twice about allowing Macs at the office.
A perfect storm?
All of these factors raise serious questions for companies whose IT groups may only comprise a handful of staff, yet whose employees are clamoring to bring their Macs to work.
There has been a surge in macOS malware, yet many people still think no such thing exists.
Macs tend to be used by relatively vulnerable, high-value targets. Many security staff feel ill-equipped to protect those users from attacks.
So is it possible to safely integrate Macs into a comprehensive enterprise security strategy?
Absolutely—if you follow a few general guidelines.
Teach for security
Many security breaches (on any platform) are due to employee errors or a lack of basic cybersecurity knowledge. Conduct phishing awareness trainings with your Mac users. Make sure that they are aware of security issues brought on by the potentially unwanted programs (PUPs) which afflict Macs—and that they know how to spot one.
Install reliable AV
There are several reliable antivirus solutions designed specifically for macOS. The best of these will be regularly updated with new definitions and will offer hands-on support. Make sure that every machine is running antivirus software built by Mac security specialists.
Use the power of Mac
macOS has a number of powerful, built-in security features designed to protect users, and these can be configured to varying degrees of strictness. Help your users set up their machines correctly, and they’ll be using the most secure endpoints on your network.
If you’re considering a larger, managed deployment, remember that Apple is actively trying to expand its enterprise footprint, and is thus offering extensive support and documentation to IT departments seeking to deploy Macs at scale. Make use of it.
Ask for help
There are Mac security communities and companies with many years of experience (we’re one of them). If you’re not sure about some aspect of macOS security, drop us a line and ask.