Jamf has released its Security 360 Report, analysing security risks for both mobile and macOS environments. The report identifies critical threats such as phishing, infostealers, and operating system vulnerabilities that organizations must address to enhance their security posture.
Josh Stein, VP of Product Strategy at Jamf, emphasised the importance of this research in informing security leaders about the risks impacting their organisations.
“Our goal with this research is to inform security leaders about the risks impacting their organizations – whether those risks impact Mac or mobile – and provide tangible recommendations for safeguarding their organisations against increasingly sophisticated attacks,” he stated.
Threat trends facing mobile environments
As mobile devices become the primary work tools for many employees, understanding the threats they face is vital. Jamf's mobile device threat analysis categorises four key areas of concern:
- Mobile phishing: Over the past year, Jamf recorded approximately 10 million phishing attacks, with 25% of organisations impacted by social engineering attacks. Alarmingly, 1 in 10 users clicked on a malicious link. Training programmes are essential in mitigating these risks, alongside a layered zero-trust approach.
- Vulnerability management: The report revealed that 32% of organisations have at least one device with critical vulnerabilities, and 55.1% of mobile devices are running on vulnerable operating systems. Regular security updates from Apple and Google are crucial for mitigating these vulnerabilities.
- Application risk and malware: Recent research highlighted a bypass vulnerability affecting iOS devices. It underlines that using the latest OS is insufficient; robust security practices must extend to the application layer.
- Malware and spyware: High-profile users, including journalists and politicians, are frequent targets of sophisticated spyware. Apple notified users of spyware compromises in around 100 countries last year, indicating the seriousness of mobile malware threats.
Threat trends facing macOS environments
The report also addresses the evolving threat landscape for macOS. The findings are organised into three main categories:
- Application risk and malware: Infostealers now account for 28.36% of all Mac malware analysed, up from just 0.25% last year. Employees in high-profile industries must be vigilant against these threats.
- Vulnerability management: Jamf has repeatedly dispelled the myth of Mac invincibility, discovering vulnerabilities in critical components like Gatekeeper. Proper controls and training are essential for risk mitigation.
- Social engineering: As Macs become more prevalent in workplaces, the attack surface expands. Phishing attempts are diversifying beyond email, including tactics like LinkedIn messaging.
Jamf's report is based on an analysis of 1.4 million devices protected by its services, encompassing data from 90 countries. The findings underscore the need for comprehensive security measures tailored to both mobile and Mac environments.
According to a report by Cybersecurity Ventures, cybercrime is projected to cost the world $10.5 trillion annually by 2025, reinforcing the urgency of addressing these security risks.