Jamf is one of the most well-known Apple device management organizations with nearly 20 years of experience and over 75,000 customers worldwide. With such a vast portfolio of customers, they’re in a unique position to gather and analyze data on a large scale, providing valuable insights on a range of high-impact topics. 

Each year, the Jamf Threat Labs team compiles the Security 360 Annual Trends Report that analyzes the evolving security landscape. In this episode, Victoria and Scott sit down with Michael Covington, Vice President of Portfolio Strategy at Jamf, to talk about their findings in the 2024 report. 

Clear and present danger 

As we covered in episode 5 last season, people still assume that Apple devices can’t be affected by malware. The Security 360 report has found the same. According to the report, “57% of Mac users either agree or hesitate to disagree with the statement ‘Malware does not exist on macOS.’” 

While Apple’s platforms are inherently more secure because of their closed nature, the fact is that Apple’s growing market share, especially in mobile devices, has put a bigger target on their back. The Jamf Threat Labs team currently tracks roughly 300 different families of Mac malware, with an additional 21 appearing in 2023 alone.  

That said, there is good news on the Apple front. While organizations across many industries have been affected by ransomware in recent years, that still hasn’t made its way into the Apple ecosystem. But that doesn’t mean it’s not possible. “The analogy that I've liked to use for this particular year's Security 360 report, it's that of an army that's amassing on the border,” Michael says. “They're not infiltrating yet. They haven't necessarily captured any cities, but they are there...they very much have a presence.” 

1,000 vulnerabilities in your pocket 

Keeping devices up to date is one of the surest ways to avoid malware and patch vulnerabilities. Unfortunately, some organizations can’t or don’t follow this advice due to application incompatibility or the lack of resources to properly test updates.  

According to Michael, “39% of organizations are operating a device with known vulnerabilities. In fact, 40% of all mobile devices being used at work are operating with critical or high vulnerabilities, which is really alarming if you consider where these mobile devices are being utilized. They're being utilized in hospitals, at patient bedside, they're being utilized in commercial aircraft.” 

The increased capabilities of mobile devices have only exacerbated the issue. “One of the things that's been really interesting to me...is the broader set of applications that are being utilized on these devices. I think we used to see a lot of these Apple devices, particularly the mobiles, really just being utilized for personal information management. You'd add your email, your contacts, your calendar, maybe that was it,” Michael says. “Now it's just about every critical work application that you need to be productive. You can almost do your entire job, no matter what your role is, on a mobile device.” 

Malicious code, uh, finds a way 

While it’s important to keep devices on the latest operating system, that’s only part of the story. When users are free to install applications from various sources on their devices, it’s inevitable that someone will end up accidentally installing malicious software. It can also make it more difficult for admins to keep track of what software is being used and what vulnerabilities it may introduce. 

According to the report, 2.5% of devices were running applications with vulnerabilities. That may sound like a small number, but as Michael puts it, “When you consider that's almost three out of 100 devices, that's a pretty significant footprint within an organization that could be exposed to some threats.” 

This is especially critical for admins in the EU to consider. As of the release of iOS 18, iOS and iPadOS users in the EU can install applications from third-party app stores, creating an additional attack vector for bad actors. Apple started the fight against this mandate way back in 2021, but the Digital Markets Act went into effect in 2023 and forced Apple’s hand. 

Plenty of phish in the sea 

Phishing is a huge cause for concern because it tends to be incredibly successful. According to the report, 9% of users fell for a phishing attack in 2023. That marks a 1% year-over-year increase, indicating that attackers are getting more aggressive and targeting users in new ways.  

It can’t be overstated (though we’ve tried this season) that the weakest point in any organization’s security is the user. “Hackers” don’t need to do much hacking if users freely give away their passwords or other sensitive data. That’s why education and training are so important. Apple even published a comprehensive guide on recognizing and avoiding phishing and other social engineering attempts. 

There’s a lot more insight in the report than we can cover here, including specific kinds of malware and how they operate, compliance configuration recommendations, and mitigation strategies. You can download the full report here

--- 
Be sure to check out WeGotYourMac.com for more episodes and content on Mac adoption and other end-user computing topics. 

This episode is sponsored by Jamf. Jamf’s purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. Jamf is the only company in the world that provides a complete management and security solution for an Apple-first environment that is enterprise secure, consumer simple, and protects personal privacy.