I helped a company once switch from Kaspersky to Sophos for several reasons. It was cheaper, worked better, and was easier to manage. In the process of switching to Sophos it found malware on almost 50% of the computers it was installed on. Quite disappointing for Kaspersky.
What was even more disappointing is that Kaspersky was hacked. So it doesn’t give a great feeling when your security provider doesn’t have good security. Of course hacking can happen to any company, but again why would you trust something that has already been compromised?
It is surprising but people seem to trust companies that have been hacked. Banks get hacked all the time, yet people don’t take out their money and find a bank that hasn’t been hacked. To me, if a company doesn’t invest in security then they don’t deserve my business. I don’t do business with companies with a poor security record. For example, DropBox was repeatedly hacked yet many people use it. Why?
I get that people are not IT people, but they hear in the general media that a company has been broken into. To me, not caring about the security of your property means that you shouldn’t have a right to complain when there is a problem. If you keep your money or information with a company with a poor security record like Microsoft, what do you expect? From a security point of view, using a Mac more than pays for itself.
Yes I can hear the security people say that Macs get hacked. Yes it is true. However the vast majority of malware is written for Windows and they know that. It is disingenuous to say that you can get the same level of security using a Windows computer that has been secured as a mac that has been secured. I once was asked in an interview for a job how I would secure a mac. I said that I would put it behind many layered networked forms of protection and hope for the best. He interviewer asked why I wouldn’t configure the mac computer to be more secure. I said that I disagree that configuring the client makes any difference. Turning on the secure lock screen or any of that makes no bit of difference for anyone with an average amount of mac knowledge. If they can touch a computer they can compromise it. The biggest risk comes from the outside of the organization, so you have to take a network approach to minimize that.
I have never worked at a company where the threat of data loss was internal. Companies that focus on internal threats or the interviewer that asked me about that, usually are paranoid and focused on the wrong things. I was offered the job in that interview but I turned it down since I didn’t like the atmosphere of the business. I would have been wasting my time configuring things that wouldn’t have helped anyone. There is far more unsecured network systems like SAN’s or file storage than what is on a single or multiple laptops.