Security 360 spotlight: Back to basics

Last year’s annual report saw a shift in what threat actors were targeting. Namely, we looked at user privacy as a new frontier ripe for exploitation. Though different from say, enterprise data, privacy data has a high criticality rating for end-users with certain facets of it being confidential in their own right and classified as a protected data type under certain regulations.

That being said, the report delivered in 2024 eyes data security —and by extension, user privacy protection — as a crucial element of the annual trend data the Jamf Threat Labs team gathered using real-world data samples from over 15 million endpoints across 90 countries.

Beyond identifying which threats to endpoint security were of the greatest concern to organizations around the world, analysis of this data yielded an overarching message to IT and Security teams tasked with managing risk for macOS and mobile devices across their infrastructure: a back-to-basics approach is exactly what’s needed in the design and implementation of a security strategy capable of performing the full gamut of workflows required to keep endpoints safeguarded throughout the device lifecycle (which we’ll cover broadly later on).

Four pillars of risk

The analysis of our data is structured around four categories of risk that organizations around the globe grapple to manage effectively:

Device risks

Modern work environments and educational institutions rely just as much on technology as they do on those who use these devices to stay productive or teach and learn. They help us to do more with less, more effectively and more efficiently.

These very devices introduce a significant amount of complexity — from embedded sensors that contextualize information to different modes of communication through Bluetooth, Wi-Fi and cellular connectivity to name but a few of the advancements that shape our work and personal lives.

And yet, “an often-overlooked side effect is that each component expands the surface area available for an attacker to exploit.”

Application risks

There are two fundamentally different types of applications in use on devices:

1. Native: Code that resides on-device, like those downloaded from first-party app stores, that utilizes the hardware resources of your device to deliver functionality.
2. Web: Applications hosted in data centers, like SaaS, that have a minimal footprint. Deployed over a network connection and relying on remote servers for processing and data storage needs.

Despite their differences, these two application types share similar risks in that the protection of data in transit and data at rest are of equal importance when managing risk factors for application usage.

Malware risks and attack evolution

Our analysis dives into the granularity of which malware families and types were “the biggest threats impacting organizations and their frequency in the wild in 2023.”

One of the most pervasive myths that exist in modern Apple computing is that the Mac doesn’t get viruses. This is even though “Jamf Threat Labs tracks around 300 malware families on macOS. In fact, 2023 saw the rise of 21 new malware families on Mac!”

What are the top five Mac malware instances studied and counted in 2023?

• Adware: 36.77%
• PUA: 35.24%
• Trojan: 17.96%
• Exploit: 4.40%
• Ransomware: 2.00%

Web-based risks

Web threats are a very important and strategic part of the attack chain against mobile devices. It’s a common starting point in many attacks and one that has broad exposure to users and devices as threat actors seek to perform a data breach against their target.

“9% of users fell for a phishing attack in 2023, and 18% of organizations had at least one user fall for a phishing attack.”

Although phishing reigns supreme as far as web-based threats go, it is by far not the only tool in threat actors’ bag of tricks. Other examples of malicious network traffic that consistently places mobile users at risk are:

• Malware download
• Command and control (C2)
• Data exfiltration
• Scams
• Password leak
• Risky hotspot
• Man-in-the-Middle

Back to basics

The data that was gleaned from threat research carried out in 2023 is of little consequence if we don’t put it into action, using it to inform processes and align with best practices, right?

Right.

This is where we take what we have learned and “shift the focus from threat trends to mitigation strategies to better maintain device compliance and manage configuration vulnerabilities”.

Role of management in security

Management and Security are not unlike the concept of Yin-Yang. Simply put: One cannot exist without the other. Consider how security provides insight into device health while management enforces configurations according to standards. A crucial balance is achieved when both are implemented, working together towards the same goal: compliance through minimized risk.

Standardizing compliance

Aligning processes and practices to the unique needs of your organization is the pivotal role of standardization. By implementing security benchmarks that line up with your compliance goals, organizations ensure “a logical, systematic approach to generating configuration payloads and settings to enforce compliance after deploying them to your device fleet.”

Defense-in-depth

The core aim is to integrate various security controls and solutions into layers, with each layer being a security tool in its own right but also one that acts as a safety net for the previous one.

No solution or tool is bulletproof.

Should a threat manage to inadvertently squeeze passed one tool (or layer) the next layer can mitigate that risk and prevent it from leading to something far worse.