Skip to main content

New study finds organizations have a significant gap in security on macOS endpoints

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.


A leading cybersecurity firm, Picus Security, has released its annual Blue Report study that analyzes the state of exposure management at organizations. The study uses 136 million simulated cyberattack scenarios executed by Picus customers from January to June 2024 to assess the effectiveness of security measures on Windows, Linux, and macOS systems in an organization’s environment.

In this year’s Blue Report 2024, Picus revealed a massive gap in macOS Endpoint Detection and Response (EDR) misconfigurations leading to vulnerabilities.

According to the study, macOS endpoints prevented only 23% of simulated attacks, compared to 62% and 65% for Windows and Linux, respectively.

Is this the work of people still believing Macs are impervious? Likely in part.

It’s a long-running misconception that macOS systems can’t get malware. And this is certainly not true. As I’ve previously reported, there’s been a substantial ramp in malware targeting Mac, a 50% increase since the start of 2023, to be exact. There’s just no denying that as macOS continues to be more widely adopted in the workplace, it becomes a more attractive target for cybercriminals.

The era of strength in low numbers is quickly coming to an end.

On the other hand, Picus points to a potential gap in the skill sets as a result of organizations being more susceptible to cyberattacks.

“While we have found Macs are less vulnerable to start, the reality today is that security teams
are not putting adequate resources into securing macOS systems,” said Volkan Ertürk, Picus
Security Co-Founder and CTO. “Our recent Blue Report research shows that security teams
need to validate their macOS systems to surface configuration issues.”

Additional key findings include:

  • Common language passwords: 25% of companies use passwords that are words commonly found in the dictionary. This means that it is easy for attackers to crack hashed passwords and obtain cleartext credentials.
  • Organizations only prevent 9% of data exfiltration techniques used by attackers. Data exfiltration is used to steal sensitive data and is commonly used in ransomware attacks.
  • BlackByte, one the most challenging ransomware group for organizations to defend against, is prevented by just 17% of organizations, followed by BabLock (20%) and Hive (30%).

More: Apple addresses privacy concerns around Notification Center database in macOS Sequoia

Follow Arin: Twitter/X, LinkedIn, Threads

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications