{"id":24008,"date":"2024-02-28T11:02:54","date_gmt":"2024-02-28T19:02:54","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/02\/28\/news-17738\/"},"modified":"2024-02-28T11:02:54","modified_gmt":"2024-02-28T19:02:54","slug":"news-17738","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/02\/28\/news-17738\/","title":{"rendered":"JAMF warns: Many Apple-using businesses still aren\u2019t secure"},"content":{"rendered":"

<\/p>\n

Your enterprise security does not live in isolation \u2014 the threat environment extends across all your colleagues, partners, and friends.<\/p>\n

That’s why it\u2019s very concerning that so many businesses continue to fail to meet basic security hygiene standards, according to the latest Security 360 report from Jamf<\/a>.<\/p>\n

Data is gold, which attackers recognize \u2014 even many in business don\u2019t. Every stolen address, email, phone number, name, or even passport number is an ID attack waiting to happen, a path to enable a more complex phishing scam, or just an opportunity to call someone up and claim the target has a problem with their computer that they can help them with.<\/p>\n

A friend of mine fell victim to that last pervasive security attack this week. Fooled by the professionalism of the caller and shunted between various fake colleagues, they gave the convincing hackers remote access to their computer, credit card data, and more. As I write this they are changing passwords, wiping the attacked device, and filing police reports.<\/p>\n

This stuff happens, sometimes to people you know. And it could happen to you.<\/p>\n

We can\u2019t be sure how they tracked this friend of mine. We can\u2019t tell which vast pot of stolen data they looked at. (There is some evidence that criminals like to target older people with digital crime<\/a>.)<\/p>\n

There is a temptation to look at the story of my poor chum and dismiss the threat as unlikely. You’re into tech, take security seriously, and use Apple products in your business. But complacency is a security weakness.<\/p>\n

That critical point shines bright and loud in Jamf\u2019s report. Based on a sample group of 15 million mobile devices, PCs, and Macs, the report points out a slew of concerning statistics:<\/p>\n

Michael Covington, vice president of portfolio strategy at Jamf, said in a statement:<\/p>\n

\u201cThe data in our report shows that Mac and mobile fleets have fared reasonably well over the past 12 months, but that result is largely due to sheer luck; with a growing list of malicious tactics emerging and with organizations demonstrating poor security hygiene overall, the year ahead is likely to be bad for business if trends do not change.\u201d<\/p>\n

What kind of strategies should enterprises that rely on Apple devices follow to stay \u00a0safe? The same strategies as on other platforms, albeit from a point of more strength. Some best practices mentioned in the report include:<\/p>\n

Even these simple protections are sometimes undermined by the age-old opinion that Apple devices are immune to attack. The rapidly increasing velocity of security upgrades<\/a> emerging from Apple proves this isn’t the case.<\/p>\n

Citing a recent report on Hacker News<\/a><\/em>, Jamf notes: \u201c57% of Mac users either agree or hesitate to disagree with the statement \u2018Malware does not exist on macOS.’\u201d In addition, \u201cevery third Mac user believes their data is of no interest to cybercriminals.\u201d<\/p>\n

Neither statement is correct, but belief in that ill-fated canard means shocking vulnerabilities exist even across Apple-based business:<\/p>\n

Returning to my friend, she clearly fell victim to a professionally run and well-executed social-engineering based scam. She doesn\u2019t know what data they took while they remotely accessed her Windows computer, or what malware might have been left behind; she\u2019s changing all her passcodes, but that may not be enough. As an individual with limited computer skills, she\u2019s finding it onerous to take all the steps required, is concerned she may make things worse, and fears being ripped off.<\/p>\n

This makes it a truly anxious time for her \u2014 there is no such thing as a victimless crime against an individual \u2014 but it also illustrates the extent to which poor security awareness has consequences. And those consequences scale to the size of your business.<\/p>\n

Even today, too many business users who really should know better are not taking enough steps to secure themselves, employees, and partners.<\/p>\n

That\u2019s not good at all when even Apple itself has warned<\/a>:<\/p>\n

\u201cThe total number of data breaches more than tripled between 2013 and 2022 \u2014 exposing 2.6 billion personal records in the past two years alone \u2014 and has continued to get worse in 2023.\u201d<\/p>\n

\u201cIt\u2019s time for organizations to get their modern device estates in order by embracing industry best practices and building a defense-in-depth strategy for the hybrid workforce,\u201d Covington said.<\/p>\n

With the unravelling of international consensus on just about everything, it\u2019s unlikely the digital security situation will improve before it gets worse. Every Apple-using enterprise must\u00a0batten down the hatches for digital security \u2014 after all, the age of quantum attacks has already arrived<\/a>, and even the smallest weakness will be all the flaw they need.<\/p>\n

Please follow me on\u00a0Mastodon<\/a>, or join me in the\u00a0AppleHolic\u2019s bar & grill<\/a>\u00a0and\u00a0Apple Discussions<\/a>\u00a0groups on MeWe.<\/em><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

\n
\n

Your enterprise security does not live in isolation \u2014 the threat environment extends across all your colleagues, partners, and friends.<\/p>\n

That’s why it\u2019s very concerning that so many businesses continue to fail to meet basic security hygiene standards, according to the latest Security 360 report from Jamf<\/a>.<\/p>\n

Data is gold, which attackers recognize \u2014 even many in business don\u2019t. Every stolen address, email, phone number, name, or even passport number is an ID attack waiting to happen, a path to enable a more complex phishing scam, or just an opportunity to call someone up and claim the target has a problem with their computer that they can help them with.<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10480,8826,10403,714],"class_list":["post-24008","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-ios","tag-iphone","tag-macos","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24008","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24008"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24008\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24008"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24008"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}