“Be wary then; best safety lies in fear,” said Laertes to sister Ophelia in William Shakespeare’s Hamlet. That’s a quote that should be on the desk of every business professional, as the digital environment is full of danger.
Jamf provides us with a good look at what’s becoming a dangerous environment for Mac and iOS users in its new Security 360 reports (Mac report, mobile report). The publications drive home the pervasive nature of the threats. For instance:
- 44% of devices have malicious network traffic.
- 41% of devices use critically out-of-date operating systems, a particular concern after the recent rash of big Apple security scares.
- 72% of devices carry vulnerable apps.
- 53% of organizations have at least one device with a critically out-of-date OS.
- 8% of devices have users who’ve clicked a phishing link.
The picture the report draws is an environment in which we are surrounded by a digital sea of troubles. And while you end them by protecting against them, these threats are, like the weather, a constant struggle rather than passing storm.
In a sea of troubles, be wary
To reach its conclusions Jamf anonymously examined a sample group, including tens of thousands of Macs and 1.7 million iOS and Android devices. The company also uncovered some interesting, non-security-related insights, such as determining that Mac market share grew by 16.4% between 2024-2025. And while this has turned apple devices into attractive targets, the platforms’ inherent security advantages mean good device management (along with good employee education) should help protect your deployments.
“As Apple devices continue to expand across the enterprise, the selected security solutions should be built specifically for the Apple ecosystem, not adapted from a Windows-first approach,” Jamf said. “Organizations should prioritize security products architected from the ground up for macOS, ensuring that threat detection, compliance enforcement and response capabilities are fully aligned with how Apple platforms operate, not treated as an afterthought.”
The opponents are not dumb
The report surfaces a new reality in which attackers are inventive, organized, and well-resourced, meaning no tech navigator can ever truly relax. They use all kinds of exploits, with infostealers emerging to be the most commonly distributed malware, often used as part of a larger attack. The report also notes that Trojan-style attacks have spiked in the last 12 months, and now account for more than 50% of malware.
Attackers are also innovative, which is why standard virus protection can’t keep pace. Jamf Threat Labs cited its own research, which identified that about 50% of identified virus examples aren’t yet recognized by virus-checking software. Jamf warns that as threats are frequently tweaked, security also needs us to understand how malware works to help spot common signs of infection.
“The point is threats targeted at Mac are common and varied. Attackers are building malware for their own gain and to sell to the highest bidder — and the demand is higher than ever. To begin to stay protected, you need to know what malware you’re fighting against,” the report explained.
Can you trust your apps?
You also need to know what apps you’re using, since these are central to new battleground. The thinking is simple: your platforms may be secure, but are your apps? How do they handle data storage and transit? What data do they collect? What privacy policies do they use? What about the supply chain — what libraries are used? The threat posed by the latter became particularly evident recently with the axios attack and recently-disclosed AI vulnerabilities. Jamf paints an even starker picture, analyzing 135 of the most popular and widely distributed business and personal apps to find about 86% of them have known security flaws.
That’s the equivalent of leaving the key under the mat, as Apple CEO Tim Cook said in 2015: “If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.”
It’s important to understand we’re not dealing with a stupid enemy. Somewhere within Apple’s last 50 years of existence, founder Steve Jobs once said the people “crazy enough to change the world are the ones who do.”
This extends to the security environment on any platform. Opponents in this space are skilled people, and within that community there will be some crazy enough to innovate in threat design. Once you accept this, it becomes easier to understand that it’s only a matter of time before a threat breaks through — and you need to be aware enough to spot if something comes through.
What can you do?
User and employee education matter. The report urges use of MDM solutions, now available to even smaller businesses thanks to Apple Business, and strict enforcement of compliance and OS updates. Jamf also recommends DNS filtering and phishing protections be in place, along with agent-based security that monitors for jailbreaks, malicious behavior and OS-level threats. You need endpoint security, identity management, separation of personal and corporate data, strict management of Wi-Fi networks, rapid security updates, and software downloads only from trusted sources.
Education, discipline, and vigilance are not “soft” defenses; they are the difference between a close call and a costly breach. In an environment of constant threat, the greatest danger is not malware itself, but the false confidence that someone else’s technology will solve the problem for you. In other words, security is a state of mind, one in which, like Hamlet, we must bear the slings and arrows of outrageous fortune in constant battle with a sea of troubles.
You can follow me on social media! Join me on BlueSky, LinkedIn, and Mastodon.