Firewalls not enough to stop hackers

Security analysts have warned businesses to improve their security knowledge or risk avoidable compromises in their networks.

Ovum analyst Graham Titterington urged businesses to be more aware of the limitations of security tools, especially firewalls. The main danger, he said, is that companies wrongly believe that a firewall is the only security measure they will need.

"In any security set-up a firewall is needed, but it cannot be relied upon on it's own," he said. "Companies continue to fall prey to hackers because of an assumption that the firewall is enough to protect the enterprise."

Titterington added that such a common misunderstanding could cost a business its reputation, or custom, or both.

Iain Franklin, European vice president at security firm Entercept, agreed, saying that firewalls still leave ports open into the network to allow for functions such as internet access. A hacker could send code through such a port and, in this way, gain access to the network.

"When people think of security, they tend to think of a firewall," said Franklin. "But it is dangerous that people think only of firewalls. This shows a lack of awareness about the limitations of security tools, and implies that businesses still possess some naivety in assuming a firewall alone will suffice."

One area that Ovum found to be particularly neglected is at the web server level. The company said that because businesses have relied on firewalls alone to protect websites, this is the reason why we have witnessed so many web server attacks over the past 12 months.

"A firewall works well as a filter but doesn't give a secure environment by itself. People are aware that they need to use a firewall, but are not so aware of its limitations," said Titterington.

Analyst Gartner also warned that cyber criminals could defraud companies of millions over the next two years through lack of preparation, spending, and knowledge.

The research firm said that the economic cost of cybercrime could rocket by between 1000 and 10,000 per cent over the next three years. To avert such a disaster Gartner suggests investments in tools such as firewalls, alongside other security measures.