If you want security, start with secure products

While in these post-CrowdStrike days it is reasonable to think one of the best ways to improve endpoint security in any business is to replace Windows with Apple devices, that’s just the starting point in a serious security journey.

But it’s a pretty good starting point. 

Writing on LinkedIn, Google CISO Phil Venables recently drew attention to his company’s latest cybersecurity report, which quite clearly makes a strong case for the need to purchase products that — like Apple’s — are secure by design.

If you want security, start with security

The report explains: “Organizations don’t need more security products; they need more secure products. That’s one of the key takeaways from our new global cyber security survey. The research reveals that incremental security fixes no longer work. In fact, the more security tools an organization throws at the problem, the worse it gets.”

Supporting that argument, there’s data:

Organizations with 10 or more security tools endure 14 security incidents each year.

Those with 10 or fewer such tools have to weather just six such events.

82% of security decision-makers acknowledge the need to improve security measures.

More than half admit that the complexity of modern work environments hinders their efforts. 

59% say reliance on outdated technology leaves them ill-equipped to handle future security needs.

In other words, one way to halve the number of security incidents your company is exposed to is to rationalize spending on security tools, ensure those tools are effective in protecting the entire attack surface of company operations, and invest in computers, smartphones, and tablets that are secure by design.

Such as those from Apple (and maybe even those from Google).

Away with the clouds

You might also consider recent data that suggests Google Cloud and AWS are more secure than Microsoft Azure — and consider the value of your data as AI heads into the server farms and wraps itself around the globe. (I can’t help but think Apple’s Private Cloud Compute could eventually be a competitor in this space, too.)

Most enterprise decision makers have heard all these arguments before. Facing rapid change, new technology deployments, and multiple waves of digital transformation, they aren’t just time poor, but budget-constrained. In those environments (which is most environments) it feels like the best decision is to continue managing more of the same. 

That means patching together mish-mash networks of systems and solutions and constant investment in teams to manage it all (and the ongoing costs of internal tech support for when those ad hoc systems inevitably go wrong).

But on an increasingly unstable globe, we aren’t in Kansas anymore. The digital frontier is just as important a permiter as any geographical one, and the rising prevalence of nation state-backed attacks from all sides represent this. Business, every business, is now as compelling a target as any government entity in this brave new digi-world. And complacency will have (and is already having) huge impacts worldwide. 

Protecting your health 

The UK’s National Health Service is a frequent victim of ransomware, for example. In part, this is because it remains heavily reliant on clapped out vintage computing equipment due to decades of ideologically inspired attacks against the integrity of the service. 

The truth is that UK infrastructure is pretty much a poster child for how to manage your digital platforms wrong. 

Complacency is a big part of that, with the nation’s National Cyber Security Center head, Richard Horne, about to warn that the UK is unprepared for the looming cyberwar (which some argue has already begun). Years of under-investment, a laissez-faire approach to security, and continued insistence on using legacy technologies have left the nation’s digital underbelly exposed. 

“There is no room for complacency about the severity of state-led threats or the volume of the threat posed by cybercriminals,” Horne plans to say. “The defense and resilience of critical infrastructure, supply chains, the public sector and our wider economy must improve.”

Cyber-physician, heal thyself

While recommending a root-and-branch Mac migration might well seem to be an overly simplified diagnosis to the problem, it is a good starting point. After all, when did you last hear of a security incident impacting Apple’s systems putting global business out of action? 

Never? Why is that? Because Apple’s products are secure by design.

That’s not to say they are perfect. You must still put security policies and procedures in place, deploy secure endpoint management solutions, and ensure employees are fully up to speed with good security practices. 

Just because Macs haven’t fallen victim to a Windows-level cyberattack yet doesn’t mean they never will, so you still need to have action plans prepared and rehearsed to go into effect on the day they inevitably do. But protecting your business by making such a migration is going to make a lot more sense as the cyberwars intensify. 

You need more secure platforms

Even in the UK, IBM estimates the average cost of a data breach on UK businesses as $3.4 million, and while that does depend on the size of your enterprise, that’s the kind of money that makes the seemingly higher one-off investment in a new platform seem aminor in contrast to the consequences of leaving yourselves vulnerable to attack through reliance on patched together solutions with so many built-in security weaknesses your top tech teams struggle to protect them.

You don’t need more security products. You need more secure platforms. That’s the bottom line.

You can follow me on social media! Join me on BlueSky,  LinkedIn, Mastodon, and MeWe.