Jamf Threat Labs reveals that organisations are still using out-of-date software on devices, exposing them to cyber threats
Jamf (NASDAQ: JAMF) today announced the release of its latest Security 360 Report analysing the threats impacting devices used in the modern workplace. A significant finding from the report is that 1 in every 5 devices ran an operating system that was not up to date.
As we approach the three-year mark since the global pandemic led to a drastic change in global work
environments, the focus for many has shifted from “how do we continue business operations?” to “how do we keep remote users and organisational resources continually protected?”
Reports finding include the following key takeaways:
· Social engineering continues to lead the charge as the top threat: In 2022, 31% of organisations had at least one user fall victim to a phishing attack, and 16% of users were found to be exposing sensitive data by connecting to risky hotspots. This suggests that users tampered with their devices much less than before, and bad actors are increasing their attacks on company devices.
· Novel threats: The modern threat landscape is seeing more converged threats being used actively in the wild to target distributed workforces in new ways to gain unauthorised access to protected services and resources. In a single month of 2022, 53% of compromised devices accessed conferencing tools, while 35% accessed email, 12% accessed a CRM, and 9% accessed cloud storage services.
· Compliance: The added complications of on-prem and remote/hybrid workforces can be a pain point for organisations with compliance requirements and are navigating the modern threat landscape. In 2022, 21% of employees were using devices that were misconfigured, exposing them to risk.
· Workforce distribution: 64% of vulnerable devices accessed collaboration tools while 34% accessed enterprise email. This indicates that, while risk and compromise indicators are subjective and will vary from business to business, routine tasks such as patch management are not occurring on all devices. This leaves the devices themselves at risk and puts organisational resources at risk too.
Manufacturers and developers, like Apple, have been actively banging the privacy drum for some time now. Generally, other technology vendors have historically not held privacy protections to the same level of consideration as other security measures in their hardware and software offerings.
The report finds that 0.4% of Android devices had a potentially unwanted app installed in 2022 compared to 0.1% of iOS devices, and 21.7% of Android devices accessed third-party app stores compared to 0.002% of iOS devices.
Android is an open ecosystem that results in more risky apps. Apple has created a curated app ecosystem and offers more stringent user privacy protections that limit the introduction of these risky apps.