Today’s blog on a new Mac malware is a reminder that attackers go where the money is. Apple usage within the enterprise is growing rapidly, with 52 percent of newly issued computers being Macs according to Forrester. Forrester also highlights that executives and manager level employees often the prime targets of advanced attackers represent 41 percent of enterprise Apple users. And with more of the enterprise brain trust using the Mac platform, VIPs are a logical and rich target. And now we see attackers simply porting Windows malware for Mac. The moral for security teams? Today’s blog disproves the “security through obscurity” moniker traditionally associated with using Macs to stay safe. Security teams: gear up now.
How do you do that? Well, for starters, it is important to remember several fundamental security operations and incident response best practices that can help combat this and other threats:
- Develop, continually improve, and follow a formal incident response process
- Perform gap analysis to determine where “blind spots” in visibility may exist
- Ensure proper network instrumentation to address any lack of network visibility
- Ensure proper endpoint instrumentation across all operating system platforms
- Leverage a rigorous content development process to create high fidelity alerting that produces a unified work queue with a high signal-to-noise ratio (ratio of true positives to false positives)
- Practice Continuous Security Monitoring (CSM) to rapidly detect and respond to any potential breaches or intrusions
- Strive for smooth operations to include ensuring that staff are adequately trained and equipped
- Incorporate actionable intelligence
- Participate actively in both formal and informal information sharing forums
There is no one silver bullet that will immediately quash all the risk presented by APT actors and other threats. Rather, as security leaders, we need to ensure that we put the people, process, and technology in place to properly manage the risk our organizations face on a daily basis. A formal, rigorous security operations and incident response program is a key component of this endeavor.