2023 was a bumper year for bad actors working against Apple. The corporation released 20 zero-day patches in 2023, double the 10 reported and fixed in the year prior.
To make matters worse, IT isn’t always passing on the patches to enterprise endpoints – a problem as three-quarters of big businesses now use more Apple devices. For example, research shows that just over half of Macs used in the workplace remain unprotected by recent security patches.
This is a digital disaster waiting to happen. In the face of growing threats, IT managers must be vigilant, bolster the first line of defense, and get patch management right. Let’s explore how.
Don’t be complacent with Apple
The doubling of zero-day threats is a timely reminder for enterprises. The lesson? Don’t take Apple’s security for granted. While Apple products are generally considered more secure than their counterparts, this doesn’t mean they’re immune to vulnerabilities.
Such security complacency stems from the traditional preference for Windows over Mac. The organizations that did allow Apple endpoints over the years viewed them as “safer” and didn’t make them a security priority. Unfortunately, this mindset has left Apple workflows and vulnerability management lagging in the enterprise.
Fast forward and Apple’s cybersecurity enemies have grown at pace with the corporation’s market share. As endpoint numbers skyrocket, Apple’s platforms become even more attractive hacking targets. For example, IDC anticipates the number of Macs sold to business users worldwide will jump by 20% this year. It’s up to IT management and security operations teams to make sure these endpoints stay up-to-date and out of danger.
Founder and CEO of Hexnode.
Help end users to help your endpoints
Again, in years gone by, Apple products were often considered end-user devices more than enterprise-owned endpoints. Patching was therefore viewed as the user’s responsibility. However, the threat landscape demands reevaluating and reprioritizing these endpoints.
IT must work closely with users to achieve this. Enable auto-updates, promptly install macOS updates, and remember that automation is your friend to schedule changes during non-business hours.
Collaboration between IT and employees is vital since, in some environments, the user exercises control over their devices. As a result, they can resist updates, leading to delays. Therefore, educate about the importance of patches and implement user-friendly update processes.
Further, more than 80% of all data breaches happen due to human error. IT leaders can also work with employees to bring this figure down. For example, show them how to stay digitally hygienic by employing robust passwords and exercising caution with unfamiliar links. If they see something, create a culture for them to say something.
The answer in one word: patch
This year, amidst active hackers and zero-day security holes, patching is mission-critical. However, it’s easier said than done. The average enterprise still takes 200 days to patch a known vulnerability. Additionally, 40% of victim organizations report that a patch was available but not implemented.
Getting patching right requires a strategic approach from IT. This includes regular audits, patch testing, and rollback plans. Also, consider management tools that integrate with existing workflows to prioritize patches.
Unified endpoint management, for example, offers one way to configure updates onto individual devices or groups of devices. Features like scheduled and silent deployments help minimize user disruption, while the option to blacklist updates due to compatibility concerns ensures precise control and transparency.
Implemented correctly, the advantages of patching go beyond zero-day protections. The identification, deployment, and management of software updates can provide enterprises with various benefits, like ensuring compliance, reducing downtime, and increasing endpoint longevity.
Hackers are doubling their efforts and so must IT
The equation is simple for IT. The doubling of zero-day threats demands the doubling of IT patching efforts.
The good news is that Apple is working hard to monitor problems and quickly release fixes. They make it easy to keep up by publishing and updating a complete list of software patches across its ecosystem.
Double-check your systems and keep in mind that older Macs aren’t always covered by these updates. If your ecosystem counts older endpoints, think about upgrading them. Running business-sensitive operations on older, unsupported devices only delivers high risk for low (or no) reward.
Enterprises must do their part and, aided by educated employees and sound patch management, secure their ecosystems now.
We've featured the best iPhone.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
