Busting the Apple Security Myth: What MSPs Should Know

LONDON, ENGLAND – AUGUST 03:  The Apple logo is displayed on the back of an iPhone on August 3, 2016 in London, England.  (Photo by Carl Court/Getty Images)
Jason Dettbarn, founder and CEO, Addigy
Author: Jason Dettbarn, founder and CEO, Addigy

As far back as I can remember, there has been a misconception about Apple security.

It may have seemed insignificant years ago, but according to the IDC, the use of Macs within office environments has climbed steadily for years. MacOS devices now account for 23 percent of laptops in the workplace, up from 19 percent two years ago. Additionally, iPhones now account for 49 percent of smartphones used in the enterprise. But that’s not all — iPads are the most used tablet among workers.

What does all this mean? Large numbers of corporate employees are transitioning to Apple devices — but they’re not the only ones. Cybercriminals have discovered that Macs hit critical mass in the workplace and are now highly lucrative targets. And despite what’s commonly believed, Apple devices can and are being exploited by bad actors.

As the number of people impacted by this common misperception continues to grow, the more urgent is the need to set the record straight.

A common misconception about Apple’s security

While Apple has done a great job creating secure default configurations, their devices are as vulnerable to cyberattacks as Windows devices. There’s a misconception among users (and even some IT professionals) about Apple’s security; they believe it’s impenetrable. Most cybersecurity professionals know better (or at least they should). So, where did this fallacy originate from?

Simply put — the numbers. Like most of us, cybercriminals put their efforts toward activities with the highest return on investment. For many years, there were not enough Apple devices concentrated in the enterprise to make them a worthy target. After all, focusing on a tiny percentage of the corporate market would be a waste of time and resources. Why attack a small group when you could hit a large one and increase your odds of success?

Windows dominated the global desktop PC operating system (OS) market for years. The OS held more than 91 percent of the market share in April 2013 and didn’t dip below 80 percent until October 2018. So, why would cybercriminals have targeted anything but Windows during this time?

Times are changing and Windows isn’t as dominant as it once was. Even though Windows is still a significant player in the global OS market today (nearly 74 percent), macOS has made great strides, more than doubling its market share since 2013 (15 percent today and growing).

As users move in greater numbers to Macs, cybercriminals are following. And the misconception about Apple’s security is becoming more dangerous and destructive.

The truth about Apple security risks

Again, here’s the truth: Apple devices are susceptible to malware and viruses. Though Apple devices are perceived as impenetrable, the reality is that until recently, they simply weren’t a focus for hackers. As the macOS market share grows, it becomes a more attractive target for malware, according to an investigation by Atlas VPN. The report revealed that 674,273 new macOS malware samples were found in 2020, up from just 56,556 samples detected in 2019 (an increase of 1,092 percent). And as more users turn to Apple devices, you can bet the numbers will rise.

Now, that’s not to say Apple isn’t taking steps to protect its customers. Apple has introduced many native default security mechanisms and does a lot of due diligence with its App Store. For instance, Apple started requiring notarization on apps, which assists with protection and blocking malware.

User behavior can cause vulnerabilities, even in a system that is relatively secure. Because Apple is so consumer-oriented and intuitive in its interface and user experience, they do a great job balancing security, functionality, and performance, which is key to preventing and controlling shadow IT. Unfortunately, users often have the power to bypass security measures and do so if the required action is confusing or is expected to negatively impact performance. Thus, security prompts are ignored.

While Apple has done a good job creating a secure platform, its devices are still at risk — that’s where the opportunity lies for MSPs. Cyberattacks against Apple are expected to continue increasing, but with the help of MSPs and their third-party tools, Apple business users will be more secure than ever before.

Author Jason Dettbarn is founder and CEO at Addigy. Read more Addigy guest blogs here. Regularly contributed guest blogs are part of ChannelE2E’s sponsorship program.