Falsi miti sicurezza informatica Piergiorgio Venuti

False IT security myths: because backup, cloud, firewall and antivirus alone are no longer enough

Estimated reading time: 4 minutes

Introduction

Cyber security has become a major concern for businesses and individuals. With cyberattacks and data breaches on the rise, many still believe that solutions like data backup, cloud storage, firewalls, and antivirus are enough to protect their digital assets. However, these solutions alone are no longer enough to deal with today’s threats. In this article we will analyze why these solutions can no longer be considered adequate and what you can do to improve your IT security.

The backup myth

Data backup has always been one of the pillars of any IT security strategy. Having a copy of your data allows you to restore them in the event of a ransomware attack or malfunctions. However, backup alone is no longer enough in the face of today’s Advanced Persistent Threats (APTs).

APT attacks expect hackers to remain hidden on the victim’s network for up to months, silently exfiltrating valuable data before being detected and neutralized. In these cases, the backup will contain a copy of the already compromised data, making it useless. Also, if hackers’ access is not eliminated, they will still be able to continue accessing the network and newly created backups. It is therefore necessary to integrate backup with active network monitoring solutions to identify and block this type of threat.

The false myth of the Cloud

Cloud storage is often seen as a way to increase data security, thanks to the redundancy and protection provided by providers. However, moving data to the cloud does not in itself improve cybersecurity. The attack surface simply moves from internal servers to those of the cloud provider. Also, the basic security offered by most providers only covers the protection of the cloud infrastructure, but does not analyze the data content for threats.

Encryption and data access policies must be implemented and managed by the customer. In case of a ransomware attack that encrypts your files, they will remain inaccessible even if they are in the cloud. It is therefore necessary to integrate additional security services to truly protect data in the cloud, as well as train personnel on the correct configuration of access policies.

The false myth of the Firewall

Firewalls are a crucial element for defining the perimeter of the corporate network and controlling incoming and outgoing traffic. However, a traditional firewall alone is no longer enough to block today’s cyberthreats. This for two main reasons:

  • Many attacks occur using legitimate channels that are allowed by the firewall, such as email, websites and file sharing. The firewall controls only the communication channel, not the conveyed content.
  • Insider threats—attacks originating from compromised employees or devices already on the network—bypass the firewall completely.

To improve protection, it is necessary to adopt new generation firewalls with advanced functions such as IPS (Intrusion Prevention), sandboxing and advanced threat protection to also control the contents conveyed by the network. You also need internal network monitoring tools.

The false myth of the Antivirus

Antiviruses are essential for protecting endpoints such as PCs, laptops and servers from malware such as viruses, ransomware, spyware, trojans and worms. However, even traditional antivirus alone is no longer enough to stop today’s advanced threats. The reasons are two:

  • They rely on signature databases of known malware, and are therefore ineffective against new, unknown threats.
  • They can be fooled or disabled by advanced malware.

To improve the level of protection, enterprises should equip themselves with next-generation antiviruses that incorporate artificial intelligence and machine learning to detect even unknown threats based on their anomalous behavior, as well as signature databases. Furthermore, these advanced antiviruses adopt self-protection techniques to prevent deactivation.

Conclusion: The need for a modern integrated approach

As we have seen, solutions such as backup, cloud, firewalls and antivirus – while still important – are no longer sufficient by themselves to protect businesses and users against today’s advanced and constantly evolving cyberthreats.

Serve invece un approccio stratificato e moderno che integri: protezione avanzata degli endpoint, monitoraggio attivo 24/7 della rete per rilevare minacce interne ed esterne, formazione continua del personale, backup crittografati e immutabili, e server e postazioni separate per limitare l’impatto di eventuali attacchi.

In this context, services such as Secure Online Desktop SOCaaS, which combine professional 24/7 monitoring of the corporate network with threat analysis via a modern Security Operation Center, and advanced endpoint protection, can significantly improve the level of security for companies and organizations.

Useful links:

Share


RSS

More Articles…

Categories …

Tags

RSS darkreading

RSS Full Disclosure

  • BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH) April 19, 2024
    Posted by malvuln on Apr 19Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/6cc630843cabf23621375830df474bc5.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Dumador.c Vulnerability: Remote Stack Buffer Overflow (SEH) Description: The malware runs an FTP server on TCP port 10000. Third-party adversaries who can reach the server can send a specially […]
  • SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app April 19, 2024
    Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 19SEC Consult Vulnerability Lab Security Advisory < 20240418-0 > ======================================================================= title: Broken authorization product: Dreamehome app vulnerable version:
  • MindManager 23 - full disclosure April 19, 2024
    Posted by Pawel Karwowski via Fulldisclosure on Apr 19Resending! Thank you for your efforts. GitHub - pawlokk/mindmanager-poc: public disclosure Affected application: MindManager23_setup.exe Platform: Windows Issue: Local Privilege Escalation via MSI installer Repair Mode (EXE hijacking race condition) Discovered and reported by: Pawel Karwowski and Julian Horoszkiewicz (Eviden Red Team) Proposed mitigation:...
  • CVE-2024-31705 April 14, 2024
    Posted by V3locidad on Apr 14CVE ID: CVE-2024-31705 Title : RCE to Shell Commands" Plugin / GLPI Shell Command Management Interface Affected Product : GLPI - 10.X.X and last version Description: An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via the insufficient validation of user-supplied input. […]
  • SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue April 14, 2024
    Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 14SEC Consult Vulnerability Lab Security Advisory < 20240411-0 > ======================================================================= title: Database Passwords in Server Response product: Amazon AWS Glue vulnerable version: until 2024-02-23 fixed version: as of 2024-02-23 CVE number: - impact: medium homepage: https://aws.amazon.com/glue/ found:...
  • [KIS-2024-03] Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability April 11, 2024
    Posted by Egidio Romano on Apr 10------------------------------------------------------------------------------ Invision Community
  • [KIS-2024-02] Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability April 11, 2024
    Posted by Egidio Romano on Apr 10-------------------------------------------------------------------- Invision Community
  • Multiple Issues in concretecmsv9.2.7 April 11, 2024
    Posted by Andrey Stoykov on Apr 10# Exploit Title: Multiple Web Flaws in concretecmsv9.2.7 # Date: 4/2024 # Exploit Author: Andrey Stoykov # Version: 9.2.7 # Tested on: Ubuntu 22.04 # Blog: http://msecureltd.blogspot.com Verbose Error Message - Stack Trace: 1. Directly browse to edit profile page 2. Error should come up with verbose stack trace […]
  • OXAS-ADV-2024-0001: OX App Suite Security Advisory April 11, 2024
    Posted by Martin Heiland via Fulldisclosure on Apr 10Dear subscribers, We&apos;re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack. This advisory has also been published at https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0001.html. […]
  • Trojan.Win32.Razy.abc / Insecure Permissions (In memory IPC) April 11, 2024
    Posted by malvuln on Apr 10Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/0eb4a9089d3f7cf431d6547db3b9484d.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Win32.Razy.abc Vulnerability: Insecure Permissions (In memory IPC) Family: Razy Type: PE32 MD5: 0eb4a9089d3f7cf431d6547db3b9484d SHA256: 3d82fee314e7febb8307ccf8a7396b6dd53c7d979a74aa56f3c4a6d0702fd098 Vuln ID: MVID-2024-0678...

Customers

Newsletter

{subscription_form_1}