Cloud security company, Wandera, a Jamf Company, joined Mobliciti at VIEW 2021 to discuss how businesses can prepare their Apple estate for the challenges and cybersecurity risks faced in today’s cyberthreat landscape. Wandera was recently acquired by Jamf, to securely connect users to corporate applications and data in today’s evolving workplace.
Mac in the Enterprise
Whilst Windows and Microsoft has remained the predominant player in the enterprise market, Apple Macs have seen strong growth in the enterprise market in recent times, rising from 17% in 2019 to 23% in 2020.
But why is Mac now seeing growth in the enterprise space?
Firstly, the almost global shift to remote working has drastically sped up the adoption of personal computers, with global shipments increasing by 26% in 2020 compared to 2019. Apple recorded huge growth in the sector during this time, with Mac shipments increasing far above the industry average at 49%.
This growth can partially be attributed to the introduction of the new M1 Mac. Running on Apple’s ARM chip rather than Intel, the M1 Mac offers a greater performance at a lower price point than other comparable devices. As a result, consumers and businesses alike rushed to purchase these devices, with Apple recording an 11% growth in sales of the M1 Mac compared to their Intel predecessors.
Historically, Apple and its Mac offerings have always been perceived as very secure platforms or at least one that didn’t get viruses. Apple created an operating system and ecosystem built with security in mind from the ground up. However, Mac malware does exist, and its prevalence has been increasing hand-in-hand with the expansion of the Mac footprint. In 2019, Malwarebytes reported an increase of 400% of detections on Mac – nearly double the number of detections on Windows devices during the same period.
Fast-forward to the enterprise in 2022. Macs are still ascending as work becomes increasingly hybrid and hackers are seeking out every entry point possible. An evolving cyber landscape also leads to security threats continuing to develop. As a result, more sophisticated malware for Macs is emerging, with bad actors quickly adapting to the new M1 architecture.
Whilst it might take software developers months to respond to changes, hackers are often able to develop relevant malware in a matter of days. This focus highlights the attention that bad actors are paying to Mac devices, straying from the traditional Windows target.
Apple undoubtedly performs a good job of embedding native security into their operating systems, however, the increasing sophistication of malware has resulted in a cat and mouse game. Hackers are seeking ways to get around Apple’s security. Once detected, Apple releases patches, and the cycle continues. By forcing Apple to raise the bar with each new iteration, hackers are prompted to demonstrate truly malicious behaviour, requiring limited or no user interaction, resulting in an increase of zero-day threats and user-driven exploitation such as the rise in social engineering. Native security for Apple products is set to a high standard, therefore the simplest way for hackers to gain access is getting the user to do it for them, utilising the likes of social engineering and trojanised attack vectors.
Although UEM can assist with managing these threats, Macs in the enterprise tend to be woefully undermanaged. As the minority within the enterprise, alongside Apple’s long-standing reputation for security, Macs tend to be swept to the bottom of the priority list.
Recent times have only highlighted the exploitability of Macs:
The Silver Sparrow malware is one of the first to include native code for Apple’s M1 chips, as well as being universally binary – meaning it could also target Macs with Intel chips. Silver Sparrow spread extremely rapidly, infecting over 40,000 Macs in a matter of weeks. Unusually, the malware didn’t have a payload, leading Wandera to believe that Silver Sparrow was a test malware, released to measure its effectiveness, which will then prompt hackers to subsequently release malicious malware that operates in the same way.
An adware malware, Shlayer is one of the most common threats on the macOS platform. A zero-day exploit, Shlayer monitors users through its adware. Whilst adware itself may not be directly malicious, it can be extremely aggravating and distracting for users, preventing them from accomplishing work. In their very nature of not being malicious, there’s often little incentive for adware to be well-written, leading to bad bugs.
Securing Devices and Protecting Data
The consequences of the shift to remote working over the last decade, particularly the sudden uptick since coronavirus, means that traditional ways of providing access to company data are no longer sufficient. With data no longer held inside the office perimeter, businesses are increasingly using more cloud services. As a result, businesses should now be focusing on zero-trust network access (ZTNA) to ensure that users can securely access business data wherever they are, from whichever device they choose.
Securing a business starts with securing its users. When it comes to mobile, these threats could be at the device level, or a user could download a malicious app or one that simply requests too many permissions. An extremely common issue within the mobile estate is the number of permissions that apps request. 65% of applications ask to record video, with the majority not needing this permission to function.
The best way for an organisation to protect its users is by providing device-level security to detect threats at the endpoint level, coupled with network security. When it comes to iOS, there’s very little that can be seen of the systems and background processes with endpoint security alone. Marry this with conditional access in real-time and businesses can ensure that access to sensitive resources is restricted if the user has a risky device.
As with macOS, it’s never been more important to protect iOS. Pegasus spyware made a return to the headlines last year, with it turning both iOS and Android devices into a spyware tool.
Phishing remains the primary threat on mobile. Many organisations combat phishing by focusing on education and prevention that centres around email security. Fake phishing emails, orchestrated by organisations to educate and alert their workforce is commonplace, yet over 80% of phishing attacks on mobile are outside of email, instead concentrating on text messages.
With significant growth noted in all kinds of malware, but particularly mobile phishing attacks, it’s imperative to not only keep corporate devices secure but also ensure that users have secure access to corporate data as well.
Key defences against mobile threats:
Device Security
Detect and prevent on-device threats including malware and vulnerabilities.
Internet Security
Prevent web-borne cyber threats including phishing, ransomware and data leaks.
Conditional Access
Realtime contextual policy dictates access to sensitive data resources.
How Can We Help?
Mobliciti can work with Wandera, a Jamf company, to understand your needs and ensure that your corporate devices are kept secure, leaving employees to work uninterrupted. Get in touch to find out more.
