Has Security Bloom Fallen off the Rose for Macs?

 

April 11, 2012

For years in terms of security, Windows has been considered inferior to Macs. But no longer thanks to malware security epidemics. Apple is under increasing pressure to take preventative security measures by cyber experts in the wake of 600,000 malware-infected Macs.

“Myths die hard,” writes security guru Dr. Stan Stahl. “Users can no longer naively claim that they don’t need to be concerned with security because they use a Macintosh.”

He believes cybercriminals see no difference between Mac OS X and Windows.

“It’s cold comfort that this particular vulnerability surfaced in Java-so well known as a source of attack exploits that we recommend users disable it,” he writes. “The lesson we need to take away from the Mac OS X story is humility in the face of software complexity.”

As one of the nation’s leading authorities, Dr. Stahl is a principal at Citadel Information Group, www.citadel-information.com, in Los Angeles.

“In the 1980s I was a staff security engineer at TRW when my manager gave me a piece of wisdom that applies to the myth of Mac security,” he writes:

There are three kinds of knowledge,” he said. “There’s what you know that you know you know. There’s what you don’t know that you know you don’t know. And there’s what you don’t know that you don’t know that you don’t know.”

Dr. Stahl warns about the dangers of the third category of what we don’t know.

“It’s this third category that is most dangerous-what we don’t know that we don’t know we don’t know,” he writes. “This-our hidden ignorance-is what gets us into trouble. Believing the myth of Mac security-jumping to the conclusion that Macs are secure because we don’t know about their insecurities-is dangerous because the myth keeps us from taking the actions necessary to protect sensitive information on our Macs.”

He has more thoughts about myths.

“There is the myth that IT can effectively manage cyber security; that senior management doesn’t need to get involved,” believes Dr. Stahl. “There is the myth that antivirus and anti-malware solutions provide sufficient security.

“There is the myth that ‘we have nothing of interest to a cyber criminal.’ And the most dangerous myth of all-that we can be secure if we simply do A, B and C, whatever A, B and C happen to be,” he warns. “It is these and other myths that keep us from being open to what we don’t know that we don’t know we don’t know.”

His parting shot:

“When it comes to cyber security management, myths are particularly dangerous,” he writes. “Our greatest security weakness-our greatest vulnerability-lies in the security myths we believe. That’s why this week’s stories of more than 600,000 Macs infected by the Flashback malware is so important, for it serves as a warning about the dangers of all cyber security myths.”

From the Coach’s Corner, here are more security insights:

Our Mobile-Banking Warnings about Security Prove Prophetic

5 Safety Measures to Thwart Mounting Social-Network Attacks

Who Profits from Android’s Security Issues? Not Users.

Lesson about Passwords after Theft of 16,000+ UCLA Patient Records

Cyber Security: Is Your Business Prepared with Precautions and Response Philosophy?

“If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.”

-Richard Clarke 

 

__________

Columnist Terry Corbell is also a business-performance consultant and profit professional. Click here to see his management services (many are available online). For a complimentary chat about your business situation or to schedule Terry Corbell as a speaker, why don’t you contact him today?