Only 12% of simulated cyber-attacks triggered an alert and just half (56%) were logged by detection tools, according to a new study from Picus Security.
The security validation company analyzed 136 million simulated attacks to compile its latest research, The Blue Report 2024: State of Exposure Management.
It claimed that, although organizations prevent 70% of attacks on average, gaps in threat exposure management can enable attackers using automation to move laterally through enterprise networks and compromise key assets.
It singled macOS machines as being particularly exposed to threats, claiming they are far more likely to be misconfigured or allowed to operate without endpoint detection and response (EDR).
Read more on security failures: Ransomware Group Bypasses “Enormous” Range of EDR Tools
The report claimed macOS endpoints only prevented 23% of simulated attacks, versus 62% and 65% for Windows and Linux respectively.
Overall, 40% of environments had weaknesses that could allow attackers with initial network access to gain domain admin privileges, Picus Security said.
Co-founder, Suleyman Ozarslan, argued that small security gaps leading to domain admin access are far from isolated incidents, citing a major breach at MGM Resorts International last year.
“Like a cascade of falling dominoes that starts with a single push, small gaps in cybersecurity can lead to big breaches,” he added. “It’s clear that organizations are still experiencing challenges when it comes to threat exposure management and balancing priorities.”
The report also found:
- 25% of companies use passwords that are words commonly found in the dictionary, making it easier for threat actors to crack them if hashed
- Organizations only prevented 9% of data exfiltration techniques used by attackers
- BlackByte is the most challenging ransomware group for organizations to defend against, with attacks prevented by just 17% of organizations, followed by BabLock (20%) and Hive (30%)