Apple's security reputation takes a knock, but enterprise use of Macs is still growing - report

Dose of realism brought about by WireLurker fails to dent enthusiasm for the Mac in business

Apple's reputation for running a tight ship security-wise has taken something of a knock recently following the high-profile theft of photos of actress Jennifer Lawrence, the WireLurker Trojan that attacks both Mac OS and iOS devices, and KeyRaider malware that targets iOS, among others.

On the mobile side, recent Computing research put iOS only just behind Android as the "most problematic mobile ecosystem for enterprise deployment (security, upgrades, deployment, management, etc)", a finding that some respondents put down to Apple's "walled garden" approach, which can create difficulties with integration and upgrades.

Apple has always been able to point to the security benefits of this approach over Android. It also suffers fewer successful malware attacks than Windows on the desktop, but recent attacks have shown that its operating systems, cloud services and other software are far from invulnerable.

"Apple devices aren't protected by some divine force, they are vulnerable to many of the same attack methodologies as any Windows computer. Rather than expecting the vendor to provide complete protection, CIOs should take the matter into their own hands and look to proactive security solutions," said director of research at security vendor Synack, Patrick Wardle.

In spite of the dent in its security credentials - in a recent survey of 100 CIOs from large companies 40 per cent said their confidence in Mac's security has been adversely affected by recent attacks - so far as desktops are concerned, Apple is a growing presence in the enterprise, with 76 per cent saying they use Macs and 32 per cent saying this number is increasing.

The survey, which was commissioned by security vendor Avecto, also discovered that Mac OS is still thought of as more secure than Windows - although the largest proportion said "they are both the same".

As Wardle alludes above, relying on an operating system for protection is not an effective strategy as the software that runs on top of the operating system - such as web browsers, Java and Flash - and most importantly the human element (falling for phishing scams and the like) are just as likely to be the entry point for any attack targeting an organisation.

Avecto's VP, Paul Kenyon, commented: "For too long there has been a false belief and a naivety that Macs are inherently securer than Windows PCs. But either way organisations must view them like any other device: an endpoint that can be exploited."

Join us at our Enterprise Security & Risk Management Summit on 26 November. Registration is free for most delegates.