Macs in the Enterprise: Insider Threats
Macs have long been considered low maintenance devices due to their solid Unix-based architecture, native encryption options, and high-quality hardware that guarantee protection against intrusive attacks and breakdowns. Apple has also shown its commitment to increasing Mac security through its move to deprecate kernel extensions in favor of new system extensions, eliminating a popular attack vector for Macs. However, while cyberattacks on Macs may be more difficult to execute, there is one type of data breach that they are just as vulnerable to as devices running on other operating systems: those caused by insiders.
According to the Ponemon Institute’s 2020 Cost of Insider Threats Global Report, the number of security incidents caused by insiders increased by a staggering 47% since 2018. A second report on the overall costs of data breaches in 2020 released by the Institute attributed 23% of data breaches to human error, with 17% of malicious attacks being caused by social engineering and phishing attacks that targeted employees directly and a further 7% by malicious insiders.
Types of insider threats
As the name suggests, insider threats are caused by individuals that have access to a company’s infrastructure and network and include current and former employees, contractors, and third-party vendors. Insider threats are particularly problematic because, while cyberattacks can be prevented by securing company networks and blocking access to them from the outside, insiders need to regularly access them to perform their duties and it is, therefore, hard to guard against data breaches caused by them.
Insider threats can be separated into three categories: negligence, malicious intent, and outside manipulation. The first category is also the most prevalent. Employees, often unaware of best data security practices, accidentally send private company information to the wrong sender or use unauthorized online file-sharing services or web messaging tools to share information with colleagues and customers. They can use unencrypted storage devices to take files with them while traveling or working remotely. All these incidents can spell disaster for data security, with sensitive data being made public or vulnerable to being breached.
The second category includes disgruntled employees, whether current or former, that may want to harm a company’s image and earnings by causing data breaches. It can also mean employees looking to steal sensitive information before they move on to another company.
The last category refers to employees that can be manipulated by malicious outsiders into revealing their credentials, clicking and opening infected files and links. Using various tactics such as phishing scams and social engineering, malicious outsiders can gain access to a company network and infect it.
Securing Macs from insider threats
As previously mentioned, Macs are not any more secure from insider threats than Windows or Linux-running machines. Mostly because these types of threats are not related to device security, but to the human operators behind them. The first and most important step in securing Macs from these types of threats is to train employees. Especially in the case of outsider manipulation, it is essential employees learn how to recognize and avoid attempts at stealing credentials or infecting a device.
When it comes to insider data theft and carelessness, companies can implement Data Loss Prevention (DLP) solutions to monitor, limit or block the transfer of sensitive data. Whether it’s personal information protected under data protection regulations or data that is sensitive to a particular field or company, DLP tools can be used to protect it through predefined and custom policies, both in the office and while employees work from home. Their monitoring capabilities also mean that any attempts to violate a policy are logged, helping companies identify whether an insider is acting with criminal intent or there are particular data protection practices that they need to raise awareness of.
That being said, companies need to ensure that, when choosing DLP solutions for Macs, they offer the same features for macOS as they do for other operating systems. It is often the case that DLP developers focus their attention on Windows-running devices as they still represent the bulk of enterprise machines and offer a stripped-down version of their products for macOS.
DLP tools also allow companies to control peripheral and USB ports, blocking or limiting the use of removable devices to company-issued ones. Some, such as Endpoint Protector, even include Enforced Encryption features which ensure that any files copied onto a device connected to a Mac are automatically encrypted.
Due to its reliability, quality, and increased security, Mac’s presence in the enterprise has been cemented and is likely only to grow. However, companies must remain vigilant when it comes to data security. While Macs may stand a better chance against external attacks than devices running on other operating systems, they are just as vulnerable to insider threats and it is up to organizations to mitigate them.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.