New Video from @collinsinfosec Debunks Common Cybersecurity Myths

In this video, Collins addresses several common myths in the field of cybersecurity, demystifying certain misconceptions and offering enlightened perspectives on various topics. Cybersecurity Beyond Hacking Collins begins by emphasizing that cybersecurity is not limited to hacking. Although hacking and penetration testing are important components, they represent only a small part of the security needs in a professional context. Cybersecurity is a vast field that includes various roles, ranging from software developers to general engineers, with integrated security elements. He stresses the importance of communication skills and teamwork, as well as collaboration with management. VPNs and Online Security Another myth addressed is the idea that VPNs are essential for online security. Collins explains that, thanks to the widespread adoption of HTTPS and the use of anonymous DNS services like Quad9, VPNs are no longer as necessary for daily security. Their primary use today is geolocation control. He warns against delegating access to a VPN provider, highlighting that privacy depends entirely on the provider's policy. Viruses and Operating Systems Collins also demystifies the idea that MacOS and Linux devices are immune to viruses. Although less common, these systems are increasingly targeted, especially with the rise in consumer use of MacOS and Linux in development environments and servers. He emphasizes that all operating systems have their vulnerabilities and zero-day exploits. Limitations of Antivirus and EDR Another myth concerns the effectiveness of antivirus and EDR (Endpoint Detection and Response) solutions. Collins explains that, while these tools are useful for filtering common threats, they do not protect against all attacks. Attack techniques are constantly evolving, and methods such as targeted phishing, fileless malware, and supply chain attacks can bypass these defenses. He recommends using these tools as a first line of defense but also adopting other security practices such as multi-factor authentication and regular software updates. Multi-Factor Authentication (MFA) Collins also addresses the limitations of multi-factor authentication (MFA). Although MFA adds a layer of security, not all methods are equal. For example, SMS-based MFA is vulnerable to SIM swapping attacks. He recommends using more secure methods such as authentication apps or physical keys and disabling less secure options to avoid downgrade attacks. Honorable Mentions Finally, Collins mentions a few honorable mentions, such as the idea that cybersecurity is always a well-paid field, which depends on many factors. He also highlights that compliance does not guarantee security and that insider threats remain a major risk. In conclusion, this video provides an enlightened perspective on several common myths in the field of cybersecurity, offering practical information and recommendations to improve security in various contexts.