Apple CEO Tim Cook told the Wall Street Journal the company will alert users via e-mail and push notifications when someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time. Apple also plans to implement two-factor authentication, which would demand hackers have access to at least two pieces of info the user offered when signing up for the account, such as a code, a password, or a log access key.

"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," he told the Journal. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."

Company Not Doing Enough

We caught up with Mike Davis, CTO at real-time endpoint threat detection firm CounterTack, to get his thoughts on Apple’s moves. He told us it’s great to see the company taking security more seriously than before. However, he added, what Apple is doing isn't enough.

“Apple, with its estimated 300 million-plus users, is not just a ‘cloud service.’ They have become like Facebook or LinkedIn in that they are critical to the identity of many users around the world,” Davis said. “Your Apple ID allows you to save files, spend money and purchase applications, and even buy iTunes gift cards.”

Indeed, your Apple ID is just as powerful as your bank ID in many cases, yet Davis argues Apple is taking the stance that its security is not as important as the security of a bank or other large financial institution. He said this could be because Apple is not under any regulatory or compliance requirements like banks and other institutions.

“If you asked my wife, an avid Apple fan, she would probably be more upset her Apple account was compromised than her bank account because she knows she has fraud protection in place with the bank, but has no such confidence with Apple because they don't communicate to her what they are doing to protect her,” Davis said.

What Apple Should Really Do?

As Davis sees it, two-factor authentication is a good first step -- a step Apple should have taken a long time ago. He rightly pointed out that LinkedIn, Twitter, and thousands of other online cloud providers have had two-factor authentication for years. And he also pointed out that two-factor authentication won’t prevent other attacks -- it only helps reduce the risk of one type of threat.

“The issue Tim alluded to really is the right issue Apple should be solving: awareness. Apple's approach to technology, the proverbial walled garden, is anathema to security in general as it focuses on ‘less is more,’ ‘don't overload the user with too much information about what is happening,’ and just ‘make it work,’” Davis said. “Yet as a user you do want to know when your account is being used improperly, or by a device that shouldn't -- and you should know immediately, not just via an e-mail. Send me a phone call, a text, some immediate way so that e-mail doesn't get missed or tossed in spam.”

Davis' conclusion: Apple has to step up and realize it is now a tier 1 cloud provider -- and even though the company is not under any regulatory requirements to secure customer 's data, it must implement the security controls that other tier 1 providers have or else risk massive brand -- and ultimately revenue -- impact.