40% of mobile users are running a device with known vulnerabilities

Apple security leader analyzes 15 million endpoints to better understand the biggest security trends impacting the modern workplace.

  • Friday, 23rd February 2024 Posted 1 year ago in by Phil Alsop

Jamf has released their annual Security 360 report revealing that organizations are extremely ill-equipped to deal with today’s sophisticated cyber threats. The analysis looks at real-world customer data, cutting-edge threat research, and noteworthy industry events to provide an overview of the evolving threat landscape affecting organizations and employees in today’s workplace.

To gather the data, Jamf examined a sample of 15 million desktop computers, tablets and smartphone devices they protect, across 90 countries and multiple platforms (macOS, iOS/iPad, Android and Windows). The analysis, carried out in Q4 2023 and revisiting the prior 12-month period, revealed many key themes, chief among them that organizations’ cyber hygiene is abysmal and threat actors are ready to strike with the most sophisticated attacks yet.

Findings show that:

● 40% of mobile users and 39% of organizations are running a device with known vulnerabilities

● Jamf tracks 300 malware families on macOS and found 21 new families on Mac in 2023

● Trojans are growing in popularity, accounting for 17% of all Mac malware instances

● Phishing attempts were 50% more successful on mobile devices than on Macs

● 20% of organizations were impacted by malicious network traffic

The findings from the report are divided into four threat categories:

● Device risks

● Application risks

● Malware risks and attack evolution

● Web-based risks

Jamf also offers advice on remediation techniques for organizations and users alike to shore up their cybersecurity defenses before they can be impacted by the sophisticated cyber threats targeting verticals from healthcare to high-profile journalists and government leaders. The good news is remediation does not have to be difficult – many of the recommendations provided reiterate the importance of “going back to basics.”

“This report aims to highlight the diversity of the modern threat landscape, with a close look at the primary attack vectors being used to compromise individuals and businesses around the globe,” said Michael Covington, VP of Portfolio Strategy at Jamf. “The data in our report shows that Mac and mobile fleets have fared reasonably well over the past 12-months, but that result is largely due to sheer luck; with a growing list of malicious tactics emerging and with organizations demonstrating poor security hygiene overall, the year ahead is likely to be bad for business if trends do not change. It’s time for organizations to get their modern device estates in order by embracing industry best practices and building a defense-in-depth strategy for the hybrid workforce.”

Failure to prioritise testing and integrate generative AI tools raises concerns as agentic AI adds pressure.

CIOs 'overspend' on cloud

Posted 2 days ago by Phil Alsop
43% of CIOs say their CEOs and/or board of directors have concerns about their company’s cloud spend.
Research revealed at Coterie Connect event highlights shifting team structures, evolving skills priorities, and urgent training needed for partner...
Endava has launched its latest research report “AI and the Digital Shift: Reinventing the Business Landscape”.

3,000% surge in enterprise use of AI/ML tools

Posted 1 week ago by Phil Alsop
Zscaler has released the ThreatLabz 2025 AI Security Report, based on insights from more than 536 billion AI transactions processed between February...
Over one in four (28%) British small business owners have used AI tools to help run their business.

Tech fragmentation cited as biggest cyber challenge

Posted 1 week ago by Phil Alsop
New Palo Alto Networks data shows 82% of UK organisations confident in their use of AI, despite AI being identified as biggest cyber risk for 2025.
MIT researchers crafted a new approach that could allow anyone to run operations on encrypted data without decrypting it first.