3 Lessons for Apple IT admins from Cisco’s Annual Security Report

Post by Tad Johnson, Enterprise Solutions Manager

Cisco released their 2014 Annual Security Report last week (free to download if you provide your email address) and it provides a good overview of the changing threat landscape for IT security. I read the report with the Apple IT ecosystem in mind and wanted to share three key takeaways and a few ideas on how to keep your organization secure.

1. Apple computers are not immune

A decade ago, the popular wisdom held that Apple computers were largely immune from threats because the vast majority of viruses and malware targeted the Windows platform. This is no longer the case. While it's true that OS X and iOS are secure computing with good security features like FileVault 2 and Gatekeeper, the Apple platform is not immune to malware. Cisco found that 91% of web-based exploits used a Java compromise as the attack vector. Java is no longer included in OS X by default, but it's a common enough to become the target of choice for cybercriminals.

To reduce your risk, we recommend comprehensive patch management to keep Java up-to-date on all your Mac computers. You can subscribe to JAMF Nation and get alerts when a new version of Java is released and quickly deploy the patch with a policy. Most attacks on Java rely on outdated software, so keeping your Macs up-to-date is a good dose of prevention.

2. Attackers like mobile devices too

As we use mobile devices for more of our daily computing needs, cybercriminals are targeting these platforms too. iPhone and iPad are less vulnerable than Android (99% of mobile malware targets Android), but we can't be complacent. The iOS App Store model reduces the risk of malicious software, so mobile malware targets users on the web. iPhone users are second behind Android with 14% of exposures to malware on the web. If you're offering a Bring Your Own Device policy, it's essential to implement good security policies for mobile devices.

We recommend that any device on your organization's network is managed with a password requirement, remote-wipe capability, and security policies to manage the types of apps and data available to the device.

3. Plan for the worst

In case their report wasn't ominous enough, Cisco makes it plain:

"All organizations should assume they’ve been hacked, or at least agree that it’s not a question of if they will be targeted for an attack, but when ... and for how long."

Based on their research, Cisco finds 100% of business networks have web traffic from compromised servers hosting malware. The threats are real and constantly evolving. Most attacks are engineered to remain undetected for long periods of time so they can inflict the most damage. It makes sense to build your security plan assuming that you will be attacked.

As a good place to start, we recommend keeping a dynamic inventory of all assets on your network, including both hardware and software. With the Casper Suite, you can collect this information for all Apple devices and easily share that data with other IT systems. When vulnerabilities are discovered, you can quickly deploy software patches or adjust system settings to remediate threats. And as you plan for the worst, you have the tools to rapidly recover and return compromised systems to a known good state.

We're in this together

Don't just take my word for it. Hear from David Stoicescu as he shares his story with the 2013 JNUC audience how Mandiant, a leader in enterprise security, implements good security practices with the Casper Suite.

What do you think? Continue the conversation on Twitter: @tadfad #CiscoASR