Many dealerships are under the impression that simply having a firewall and antivirus software deployed is a solid cyber defense – they’re incorrect. Cybercrime is now big, big business and it’s rare that the cybercriminal is ever caught and prosecuted. As a result, cybercrime has attracted highly sophisticated and well-funded criminals into this lucrative industry. Today’s cybercriminal has multiple options to elude your firewall and antivirus software. This isn’t to say that these tools are worthless. But their true value is only realized when they’re used as part of a comprehensive and modern cyber defense.
Firewalls are a perimeter defense. This technology monitors incoming and outgoing network data and then either allows or prevents data from reaching its destination based on a set of configured rules. Think of a firewall as a filter that blocks malicious traffic coming into your network. However, the cybercriminal can gain access to your network without moving through your firewall.
Antivirus software is a type of endpoint security. It focuses its attention on individual endpoints – like PCs. Antivirus software looks for malicious files based on known software signatures and then removes or quarantines these malicious files so that they can’t cause harm. Your antivirus software is only as good as its library of know malicious software signatures.
In this blog we’ll look at a few ways in which the cybercriminal can bypass your firewalls and antivirus software.
Lack of Effective Employee Cybersecurity Awareness Training
To access your network the cybercriminal doesn’t need to move through your firewall. They can bypass your firewall by simply tricking an employee with a phishing email or a social engineering tactic. The vast majority of cyberattacks begin with an employee clicking on a malicious link in an email. This is an easy way to bypass the filtering done by your firewall.
Unpatched Software & Zero Day Vulnerabilities
All applications have flaws that can leave you vulnerable to a security breach. As software and device manufacturers identify security flaws, they release software updates to patch the flaw. Having unpatched software vulnerabilities is like putting a sign on your dealership that says, “cybercriminals are welcome here.” The cybercriminal specifically targets businesses that have unpatched software.
So, why aren’t patches applied promptly? The answer is that most dealership IT resources simply don’t have the bandwidth and think that patching doesn’t need to be a priority. Therefore, patching is delayed and left to address at some time in the future.
Criminal Targets Your Personal Devices
Your dealership’s firewalls and antivirus software are installed to protect work devices. But what happens when your employees use personal devices and home workstations to access dealership data. Your dealership’s firewall and antivirus won’t help in these situations.
Weak Passwords
According to the Verizon Data Breach Report, 81% of data breaches were caused by employees using weak passwords. Weak passwords make it easy for the cybercriminal to penetrate your network. From there, they can move laterally through your network securing administrative access and then take control of your IT environment.
Firewall Misconfigurations
Firewalls need proper configuration and ongoing management to effectively secure your dealership. Many inexperienced IT professionals simply think that the firewall is a set it and forget it type of defense. But firewalls require a lot of care to be effective. Firewall management is an ongoing process that involves adding and tweaking IP’s, users, services, applications, and rules to keep it effective. Failing to properly manager your firewall will make it ineffective.
The most effective cyber defense is a comprehensive defense that includes a set of technologies like SIEM and XDR as well as a team of well-trained, certified cybersecurity and IT experts who continuously monitor your IT environment 24x7x365. It’s the combination of technologies and human expertise that makes it possible to detect indicators of suspicious behavior, investigate this behavior, and then stop and attack in its infancy. Cybersecurity – and IT – has evolved. Things have changed and this is what it now takes to defend against today’s cybercriminal.
