Security teams failing to manage Apple devices effectively
It's often accepted without question that Apple devices are more secure. But analysis by Picus Security of 136 million simulated cyberattacks shows that macOS could only protect against 23 percent of them because of how poorly most security teams manage Apple devices.
The research highlights that macOS endpoints are far more likely to be misconfigured or allowed to operate without Endpoint Detection and Response (EDR). Consequently macOS endpoints only prevented 23 percent of simulated attacks, compared to 62 percent and 65 percent for Windows and Linux respectively.
"While we have found Macs are less vulnerable to start, the reality today is that security teams are not putting adequate resources into securing macOS systems," says Volkan Ertürk, Picus Security co-founder and CTO. "Our recent Blue Report research shows that security teams need to validate their macOS systems to surface configuration issues. Threat repositories, like the Picus Threat Library, are armed with the latest and most prominent macOS specific threats to help organizations streamline their validation and mitigation efforts."
The report reveals that, on average, organizations prevent seven out of 10 of attacks, but are still at risk of major cyber incidents because of gaps in threat exposure management that can permit attackers using automation to move laterally through enterprise networks.
Among other findings, of all attacks simulated, only 56 percent were logged by organizations' detection tools, and only 12 percent triggered an alert. only nine percent of data exfiltration techniques used by attackers are prevented.
In addition 25 percent of companies use passwords that are words commonly found in the dictionary. This means that it is easy for attackers to crack hashed passwords and obtain clear text credentials.
"Like a cascade of falling dominoes that starts with a single push, small gaps in cybersecurity can lead to big breaches," says Dr Suleyman Ozarslan, Picus co-founder and VP of Picus Labs. "It's clear that organizations are still experiencing challenges when it comes to threat exposure management and balancing priorities. Small gaps that lead to attackers obtaining domain admin access are not isolated incidents, they are widespread. Last year, the attack on MGM used domain admin privileges and super admin accounts. It stopped slot machines, shut down virtually all systems, and blocked a multi-billion-dollar company from doing business for days."
You can find out more and get the full report on the Picus blog.
Image credit: InkDropCreative/depositphotos.com