Companies are often behind on device patch management.
This is one of the findings from research by Jamf into the most important threats to devices in the workplace that occurred in the past year. A very important risk is that patch management on corporate (mobile) devices is not in order.
According to the survey, 64 percent of vulnerable devices work with collaboration platforms and 34 percent use corporate e-mail. That these devices are vulnerable, according to the researchers, means that little attention is paid to routine patch management. Even more striking was that one in five companies had not updated operating systems.
Social engineering and privacy
Another Jamf conclusion is that social engineering, particularly phishing, posed the biggest threat to organizations in 2022. More than a third of respondents had at least one employee fall victim to phishing last year.
In addition, privacy is becoming increasingly important. The survey found that personal information is often collected without consent. Also, information is more often resold or misused by companies in social engineering attacks.
Decrease in malware and stricter security requirements
The study also shows that by 2022 the number of malware infections will have decreased from 150 million to 100 million. However, multiple types of malware and other threats are increasingly being combined in an attack on companies.
For example, Jamf found that during one month, more than half of the compromised devices connected to a conferencing platform, more than a third to a business e-mail system, 12 percent to a CRM platform and 9 percent to cloud storage.
It was also found that companies are paying increasing attention to more stringent security requirements. This is due to having to meet laws, regulations and compliance, as well as the rise of home or hybrid working.
However, the researchers found that nearly a quarter of the employee devices surveyed were not yet configured correctly for this purpose. This made them vulnerable to potential risks.
Risk third-party app stores
Finally, Jamf’s researchers give attention to the use of third-party app stores. These app stores sometimes offer versions of legitimate apps that contain malicious code that then infects the devices.
Android devices in particular are at risk of being affected by this malware. The study shows that one in five Android devices connects to a third-party app store. For iOS devices, this risk is extremely low.