Why aren’t firewalls enough to keep corporate data safe?There many reasons organizations should go beyond the firewall and adopt a multi-layered approach to security. First of all, as most IT pros know, firewalls don’t catch everything. Firewalls simply block access to certain ports, which hackers can easily work around. Firewalls don’t necessarily stop phishing attempts, prevent others from eavesdropping, or stop users from installing malware or falling victim to social engineering schemes. Need more proof? Despite hardware and software firewalls being present in nearly every organization at the network and device level, cyberthreats continue to plague companies worldwide. In fact, a recent study from Spiceworks showed that 80 percent of organizations experienced an IT security incident in 2015, even with other forms of defense in place. Additionally, firewalls must be configured correctly to work, and people are typically the ones configuring them. A lot of human judgment (e.g., what firewall rulesets should I enforce and for how long?) goes into day-to-day firewall management, and “to err is human.” On top of that, often busy IT professionals sometimes struggle to keep rules current to address new threats.
Examples of security threats firewalls might miss
- Phishing attacks: Email is one of the weakest links in security, especially because employees often have trouble distinguishing between legit and malicious attachments. The 2016 Verizon Data Breach Investigation Report found 30 percent of all phishing messages were ultimately opened. And if a hacker uses the phone system to phish for information, the firewall is left out of the loop completely.
- Attacks on weak passwords: More than 60 percent of all data breaches documented by Verizon were tied to weak or stolen login credentials. It's no secret that default passwords, or reused ones that are too simple to stand up against a brute-force attack, are rampant.
- SQL injection and cross-site scripting: Both of these attack types are common techniques for attempting a distributed denial-of-service attack. They take advantage of web-based or client-side vulnerabilities and require a different approach to mitigation than a traditional firewall can provide.
- Vulnerabilities in the firewall itself: Sometimes, through either a vulnerability in firmware or an unpublished backdoor, hackers might gain administrative access to firewalls, giving them the ability to change settings, potentially decrypt VPN traffic, and even erase logs that would reveal the intrusion.
How to tackle today's cyberthreatsFirewalls are important pieces of the puzzle, but they shouldn't be the end-all, be-all of a cybersecurity strategy. It's best to think of a firewall as just one of many moving parts that all need to operate together to fend off advanced cyberthreats. For example, a strong security infrastructure must cover all of your bases including people, processes, and technology. So in addition to firewalls, companies need to look into technologies like encryption, policies such as strong password requirements and user access controls, and training people to the types of threats out there, as employees are often the weakest link in the cybersecurity chain. In addition, ensure your firewalls are patched, your rules are up to date, and this vital technology is your first, rather than your last, line of defense against external threats.