Closing gaps in your Mac security

It’s undeniable — employees love using Mac at work, and more companies are increasing their investment in Mac. So much so that 95% of companies expect investment in Mac to grow in the next 12-24 months, according to Mac Stadium’s report, CIO Survey: Apple in the Enterprise.

This is no surprise, considering all Mac has to offer. Built-in security and privacy features, high performance, robust capabilities, employee preference: these drive the increasing adoption of Mac in the enterprise.

Bad actors are noticing. The more Mac devices, the more potential targets. And with hybrid and remote work, companies are forced to shift from traditional network perimeters into other strategies, like Zero Trust Network Access.

These changes can introduce vulnerabilities, despite admins’ best efforts. Although Mac is built with excellent security features, the current threat landscape demands additional protections. But protection from what, exactly? Let’s take a look.

What are the current threats to Mac security?

Social engineering

Many users think their Mac devices can’t be attacked. This sentiment can introduce risk in itself — if your users think their devices are invulnerable, they’re more susceptible to falling for social engineering tricks.

Over 90% of cyber attacks originate from phishing.

— Security 360: Annual Trends Report, Jamf, 2025

Many bad actors pose as familiar organizations to target users. Jamf Threat Labs identified some of the most common brands attackers used to lure unsuspecting users into their trap. These brands, unsurprisingly, tend to be household names, like:

• Netflix

• Outlook

• DHL

• AT&T

• Amazon.com Inc

• Facebook

The odds a user has an account with one of these organizations is relatively high. Imagine: a user with a Netflix account gets an “urgent” email about their account. If they assume their Mac is somehow invulnerable to this kind of attack, they might just go ahead and click on that link and enter their credentials.

It’s really no surprise that attackers go this route. If the user willingly offers their information, they don’t have to go into a technical deep dive to circumvent other security measures. If your organization doesn’t have adequate defenses against social engineering attacks, you’ve left the door open for bad actors to enter.

Malware

In the past, malware authors tended to focus on Windows devices, but this is no longer the case. As mentioned earlier, the increase of Mac made it a hot target for bad actors.

Jamf Threat Labs identified the most common Mac malware in 2024. Infostealers topped the charts at 28.36%, followed by a close second, Adware at 28.13%. Trojans followed at 16.61% and potentially unwanted programs at 15.06%.

Attackers are using malware like infostealers in combination with other attacks. Take ThiefBucket malware as an example: North Korea’s Lazarus using social engineering to lure job seekers into a coding challenge. After downloading and executing the challenge, the downloaded malware steals the victim’s info.

This attack, like many others, shows bad actors' willingness to engineer attacks, rather than simply let users fall upon them. In other words, Mac devices are under direct attack, not passive secondary targets.

Misconfigurations

But not all dangers come from external sources. Misconfigurations can create vulnerabilities in your system that effectively open the door for attackers to walk right in. In fact, according to Verizon’s 2025 Data Breach Investigations Report, 20% of breaches started as exploitation of vulnerabilities.

The vulnerabilities you have to deal with are specific to your systems — your software, hardware, setups, procedures and beyond. And Your system is dynamic. The threat landscape, software versions, access policies, compliance status, technology itself — all of these are constantly changing, requiring you to adapt.

Artificial Intelligence (AI), especially generative AI, is a perfect example. ChatGPT debuted publicly late in 2022. In 2023 ~33% of organizations used generative AI in at least one function. By the next year, this percentage more than doubled to ~71%. This increase in adoption didn’t always come with adequate governance. When IT and Security teams don’t have visibility into how AI is used in their organization, significant gaps open in their security strategy.

According to the 2025 IBM Cost of a Data Breach Report, 13% of organizations experienced a security breach related to an AI model or application. The vast majority, 97%, said this was due to proper AI access controls. In other words, they didn’t have the appropriate configuration to handle AI access appropriately.

There are countless examples of where misconfiguration leads to mishaps. While we can’t list them all here, we’ll talk about how to prevent them in the next section.

A good defense is layered, OS-specific and proactive.

There’s no silver bullet that closes the gaps in your defenses. If we imagine our system as a castle, we need solutions that:

• Prevent attackers from getting through the gate

• Observe/verify the behavior and identity of everyone within the walls

• Proactively respond to anything that looks suspicious

We won’t examine solutions in detail in this blog, but let’s talk about some key strategies that improve security. We’ll assume that you’re already using a mobile device management (MDM) solution.

Identity and access

Establishing identity is a fundamental part of security. This is two fold — who is the user, and “who” is the device? If you can prove that these are genuine, approved users and devices, they are granted access.

This is the first step in preventing threats like phishing attacks. In theory, your systems should be able to tell that, despite knowing credential information, the real user or device isn’t attempting access.

In practice this isn’t so simple. Here are some considerations to help set your organization up for success with Mac:

• Using a MDM platform with supports the Extensible Single Sign-on configuration

• Integrating Platform Single Sign-on with your identity provider (IdP) and MDM

• Requiring authentication for privileged operations beyond initial login

• Using hardware-backed device attestation via the Secure Enclave for conditional access policies

Compliance and monitoring

Keeping devices compliant is paramount. This requires you to enforce your standards, monitor for noncompliance and remediate the issue. Using your MDM with logging and telemetry tools will help you understand your devices statuses.

Aligning your device with frameworks like the macOS Security Compliance Project, CIS Benchmarks or NIST 800-171 can help. Best practices will help mitigate potential vulnerabilities and block or reduce malware’s impact on your system. Consider:

• Deploying automatic updates and yearly software upgrades

• Enabling Rapid Security Responses

• Implementing real-time endpoint protection that leverages built-in macOS features like XProtect, Gatekeeper and Notarization

• Endpoint protection that looks for Mac-specific threats, both known and zero-day

• Automating remediation workflows for fast returns to compliance

Zero trust

Security looks different these days, as cloud-hosted applications and services and remote-enabled work become the standard. Relying on physical networks or legacy VPN isn’t adequate any more.

The zero-trust approach delivers the resilience to mitigate cyber risk, enables modern business capabilities and a hybrid workforce, and provides the flexibility to enable appropriate access methods, while removing implicit access based on location.

— Gartner

That’s why organizations are moving to zero-trust principles: when access is requested, you never trust the request. Instead, you verify the user and the device are who they say they are — each time access is requested. And instead of allowing holistic access to your network via VPN, Zero Trust Network Access (ZTNA) uses microtunnels to grant access to only approved and relevant parts of the network.

Getting your identity, access policies, compliance enforcement and monitoring in line lays the foundation for a zero-trust strategy. ZTNA isn’t a cure all for all Mac threats. It works alongside your security software to shield your precious company data from the outside world. And with your MDM, these tools go a long way in closing the gaps that might show up in your security strategy.