It's been a couple of months now since the Trident spyware was discovered in Apple devices. The attack was labeled as “the most sophisticated we've seen on any endpoint,” by Lookout, and caused major concern.
Despite this, corporate vice president of enterprise and mobility Brad Anderson still hears about businesses' complete trust in iOS. As a result, he took to the Microsoft blog to issue a wake-up call.
“In these discussions, it's been pretty common to hear a comment like, ‘I don't trust Android because it is like the wild, wild west – but I have tremendous trust in iOS because it is a controlled and procured ecosystem,'” he says. “I'm not attempting to throw stones at Android or iOS – but there is a dilemma with this perspective.”
Always Assume a Breach
According to Anderson, this era of technology results in successful attacks on any platform, despite organization's efforts. Therefore, assuming that a breach is impossible can be downright harmful.
The first step, he said, is to change to that mindset:
“There are two kinds of organizations: Those who have been hacked and those who don't know it yet. When you are evaluating and then utilizing security solutions from your partners, you absolutely must assume breach and then have tools which allow you to identify these intrusions and take action.”
Anderson then pointed to tools that can be helpful in this situation. Two-factor authentication is must and, naturally, Microsoft's Security Graph got a mention. Companies also need to stay updated, and not keep all of their eggs in one basket.
This is because attacks can come from multiple angles. Pegasus is a huge tool, and it's commercially available. It's been used by small governments and likely businesses too. However, larger countries have their own tools, likely more sophisticated. There are multiple ways to gain access, many of which are still unknown.
According to Anderson, the only way to combat this is “a broad and substantive foundation on which you can build everything else.” Microsoft is a big leader in that department, and it's an offer that becoming more compelling each day.
You can find more information on the TechNet blog.