Thought Leadership
Jamf has published its annual Security 360 Report for the year 2023. The results are alarming: companies are very poorly positioned overall to respond to today’s often sophisticated cyber security threats.
The analyses in the report are based on real customer data from Jamf, modern threat research and relevant insights from the industry. The report thus provides an overview of the dynamic cyber threat landscape that companies and their employees are confronted with on a daily basis.
For the report, Jamf analyzed a sample of 15 million desktop computers, tablets and smartphones in 90 countries and with different operating systems (macOS, iOS/iPad, Android and Windows). The analysis of the sample, which was carried out in the fourth quarter of 2023 and covers the previous twelve months, shows, among other things, that the cyber security situation in companies is alarming and that threat actors are now using highly sophisticated attack methods.
Selected results of the Security 360 Report are:
- 40 percent of all mobile device users and 39 percent of all companies surveyed use devices with known vulnerabilities
- Jamf is aware of a total of 300 malware variants on macOS, including 21 new variants discovered in 2023
- Trojans are an increasingly popular method of attack and now account for 17 percent of all malware attacks
- Phishing attacks were 50 percent more successful on mobile devices than on (Mac) desktop devices
- 20 percent of all companies surveyed have already been affected by malicious network traffic in their day-to-day business
Malware on the rise – even on Apple devices
The new macOS-specific malware variants are particularly worrying, as there is still a misconception among many Mac users that there is no malware on Mac devices – according to a survey conducted by The Hacker News in 2023, 57% of all Mac users agree with the statement ‘malware does not exist on macOS’. Not only is this assumption wrong – many of the malware variants used by attackers in the past year work on Mac devices just as well as on Windows devices – but there are actually now some malware variants that specifically target Mac devices. These include, for example, the Atomic Stealer, JokerSpy and WTFMiner variants described in the Security 360 report.
As the report also shows, basic security functions were often deactivated on the Apple devices analyzed. These include:
- FileVault, a basic function that helps to protect user data by encrypting it within the data carrier. FileVault is comparatively easy to deploy, configure and manage, but was deactivated on 36 percent of the devices examined.
- Gatekeeper, an important security layer against the installation of malware, which checks every app to be installed to ensure that only the functions specified by the developer are executed. Gatekeeper was deactivated on 10 percent of the devices examined.
- The firewall is one of the most basic protective measures against web-based threats and ensures that end devices do not accept incoming connections from unauthorized applications and services. It was deactivated on 55 percent of the devices examined.
- The lock screen protects mobile devices and the data stored on them from direct, unauthorized access. It was deactivated in three percent of the devices surveyed, with 25 percent of the companies surveyed having at least one device with a deactivated lock screen in their device fleet.
Even basic countermeasures can be effective
Jamf has compiled advice and recommendations for companies and end users to arm themselves against new, technically complex cybersecurity threats. In particular, industries such as healthcare or individuals such as journalists or government officials could be affected by such sophisticated cyberattacks in the future. In most cases, these measures are not overly complex to implement. This is because even basic countermeasures – if implemented correctly – can often provide reliable protection. These recommendations apply to all types of end devices and operating systems as well as company-owned and BYOD devices (“Bring Your Own Device”).
These basic protective measures include
- The use of management and security solutions in order to have as much control as possible over the devices and at the same time have to manage as few different solutions as possible
- The application of industry and regional best practices
- The regular updating of operating systems and applications through updates and patches
- The use of multi-layered protection mechanisms (such as multi-factor authentication)
“This year’s report once again highlights just how complex the modern cyber threat landscape has become. It therefore focuses on the primary attack vectors used by threat actors to compromise the endpoints of individuals and organizations worldwide,” says Michael Covington, VP of Portfolio Strategy at Jamf.
“The results of our analysis show that Mac devices and mobile devices have performed comparatively well in terms of security over the past twelve months, but this good performance is largely due to serendipity. The overall lack of cyber security in companies, combined with the increasingly sophisticated tactics of attackers, will become a serious problem for companies in the future if nothing changes. Accordingly, it is high time that companies protect their device fleets with industry best practices and develop a comprehensive security strategy for their hybrid employees.”
Further information:
The full report will be available for download here from February 22, 2024.
About the report:
A sample of 15 million desktop computers, tablets and smartphones was analyzed for the report. The analysis was conducted in the fourth quarter of 2023 in 90 countries and with various operating systems (macOS, iOS/iPad, Android and Windows) and covers the previous twelve months. To ensure the privacy of the companies and end users studied and the highest security standards in data collection and processing, the metadata analyzed in the report comes from aggregated logs that do not contain any personal information that can be used to identify companies or end users.
www.jamf.com/de
