Social engineering remains the top threat for enterprises
The latest Annual Trends Report from Jamf, based on a sample of 500,000 devices protected by the company's technology, looks at the threats impacting devices used in the modern workplace and finds social engineering tops the list.
The combination of an increasingly distributed workforce with the relative ease with which bad actors can carry out phishing campaigns, leads to the leakage of user credentials. In 2022, 31 percent of organizations had at least one user fall victim to a phishing attack.
It's important that users are made aware of the threat, says Michael Covington, VP portfolio strategy at Jamf. "We're at a time where we're hearing a lot about passwordless technologies. We're seeing a lot of adoption in the consumer space of biometrics, and yet social engineering is still top for entities and organizations that are using compute and distributing it to their workers. And so for me, there's a real call to action, that I hope comes out of this report, that continues to beat the drum around educating workers around phishing and modernizing that education program. I think so many are still stuck with focusing their phishing education around corporate email, but times have changed. Phishing is coming across in SMS and compromised ads and social media apps, I think it's time that we make sure that workers are aware of all these different threat vectors."
Other trends identified by the report include an increased focus on user privacy, with eﬀective privacy controls continuing to gain prominence alongside security. Alongside this there’s emphasis on complying with regulations like GDPR and CCPA which is a challenge when enforcing compliance across a distributed workforce that must be able to access organizational resources from anywhere, on any device and at any time.
Jamf also reports that bad actors are combining attacks to create novel threats in order to target remote workforces. Once a device is compromised it can give attackers access to a number of different areas. In a single month of 2022, 53 percent of compromised devices accessed conferencing tools, while 35 percent accessed email, 12 percent accessed a CRM, and nine percent accessed cloud storage services.
"The user is always the weakest link in the chain," adds Covington. "You can break the user, it's a lot easier than breaking one of these modern operating systems. I think also when you have statistics like one in five users running a vulnerable operating system, that gives attackers plenty of time to go out and not only find the vulnerability to exploit, but to continue to run that exploit because people just aren't updating their OS so we are seeing new vulnerabilities exposed."
You can get the full report from the Jamf site.
Image credit: tashatuvango/depositphotos.com