IT pros still see Mac as safest OS; Windows, Android seen more vulnerable

Some 28 percent of IT and IT security practitioners say Android is the operating system most vulnerable to a data breach or cyberattack while 23 percent cite Windows, according to a survey by Ponemon Institute.

The least vulnerable is the Mac, which was picked by 7 percent of respondents.

However, recent developments show Mac users have become targets for cyber attacks. This March, Palo Alto Networks researchers revealed KeRanger ransomware targeted Mac users for the first time, realizing Bitdefender’s predictions about ransomware’s expansion to new operating systems in 2016.

Ransomware for Mac was seen as a major threat in the top predictions list in cybersecurity for 2016 by Bitdefender CTO Bogdan Dumitru:

“We’ve already seen ransomware for Linux, Windows and Android. Mac OS is just around the corner,” he said in December 2015. “It targets both consumers and companies, and the 2016 versions not only will encrypt files and ask for ransom, but will also make all documents available on the internet if ransom is not paid. In an ironic twist, the victim will be able to recover encrypted files when they are uploaded on the internet for public shaming.

Ransomware has probably been the largest unresolvable threat to Internet users ever since 2014, and it will remain one of the most important drivers of cybercrime in 2016, Bogdan Dumitru added. “While some operators will prefer the file encryption approach, some more innovative groups will focus on developing ‘extortionware’ (malware that blocks accounts on various online services or that expose data stored locally to everybody on the Internet). Throughout 2016, file-encrypting ransomware will most likely expand to Mac OS X as well.”

At the same time, half of Mac OS users complain that ads and unwanted apps (PUA) are disrupting their browsing experience and endangering online safety, as Bitdefender researchers found this winter. Almost nine in 10 iOS and OS X apps using resource-sharing mechanisms and IPC channels are completely exposed to unauthorized cross-app resource access and password theft, or XARA, attacks, according to a report by university researchers from Indiana University, Georgia Tech and Peking University.

Ponemon Institute surveyed 694 US IT and IT security practitioners involved in endpoint security in a variety of organizations.