Fact : Linux and Windows both are equally insecure or secure.
Year : 2017
Said by : IT head of a mid-size bank
“We run our entire banking on Linux OS. None of the servers are Windows, so there is no reason why we should worry about being hacked. Because Linux does not need any patching. We will contact you for VAPT requirements only if any when we would include a windows server in the network”
Myth Debunked With The Fact Below
Linux is almost as vulnerable as Windows. There are 2 reasons behind this. First being that any operating system does have its own flaws and those get exploited by hackers as time goes by. Second being that since most of the IT world believes that Linux is secure, there is less effort made towards thinking otherwise. This leaves the operating system with flaws, which eventually get explored. There are security patches available for Linux, although may not be as much as Windows.
There is one more subtle reason. Since Linux (except RedHat) is open source, there is no professional, structured and timely process to find bugs in it, and provide a patch for the same. As we all know, Microsoft takes huge efforts towards fixing their operating system and mark every Tuesday of a month as a Patch Day. There is no such process for Linux, and as such Linux becomes vulnerable from time to time.
Senior management must update their knowledge about information security. They must open their minds up about compliances such as ISO27001 , as well as the vulnerability assessment penetration testing (VAPT) which is imperative for their corporate networks , web and cloud applications and also the mobile applications . Right approach for companies, is to find a best cyber security vendor company or a top of the class information security consulting partner, and improve their organization’s data security via threat modelling and various other apt approaches.
References
1. https://www.valencynetworks.com/blogs/patch-management-tricks-and-techniques/
2. https://www.valencynetworks.com/blogs/top-5-security-assessment-tools/
#cybersecurity #mythbusters #myths #ethicalhacking #datasecurity #ciso #cio #cisos