By Sanjay Seth
6 months ago
73
0

Why Cybersecurity Today Requires More Than Just Firewalls

I’m writing this after my third cup of coffee — strong, black, the kind that hits you right when you need it. Been doing cybersecurity for what seems like forever (1993 to be exact, early days I was a network admin). Yup, I was wrestling the wild, wild world of PSTN networking & voice/data mux gear that seemed like it came from some sci-fi movie. I can tell you, I still remember the fear that set in when the Slammer worm hit — there’s no stress quite like that of a live worm eating up your bandwidth and servers. It was chaotic in those early days, but I learned things that no textbook could ever teach me.

It’s been many years and, fast forward to today, I am P J Networks Pvt Ltd in my little niche in the security world. Recently, I’ve been finishing up helping three banks — yes, banks — transition to a zero-trust architecture. It’s a mouthful and a headache all in one, but it’s also exactly what you need now to keep your infrastructure secure. Plus I just got back from DefCon (hardware hacking village — what an eye opener) and I am still vibrating. It’s not really until you’re getting hands-on and tinkering with it that you realize security is not just software or policies or whatever, but it’s also in the physical tech around us.

So here’s your no-nonsense, no-fluff look at why cybersecurity today is more than simply throwing firewalls at the problem — and a couple of stories and pointers you actually want to hear.

The Firewall is Dead? Naw — but It’s a Different Place Now

Since the very early days of networking, firewalls have been the first line of defense. But trusting firewalls as your sole form of defence is akin to putting a chain lock on your car and leaving the keys in the ignition. Yes, it’s beneficial, but you must be inviting trouble if that’s your only defense.

What I say to my clients (sometimes to their dismay as not everybody loves it when I rock the boat): firewalls are a tool and not a silver bullet. And too many organizations treat them as if they were magic words — slap it on, turn it on, and hope for the best.

But here’s the catch — attackers have adapted. Slammer worm? Ancient history now but at the time it was a wakeup call about how explosively fast exploits can sweep across the globe. Today’s ransomware gangs and APTs (Advanced Persistent Threats) are hiding in your networks like hackers in a spy movie — patient, stealthy and sophisticated.

It’s why zero-trust architecture is the new normal. I assisted in moving those banks from old perimeter thinking to the idea of not trusting any device or user automatically, but rather of verifying all access requests. Sounds complicated, it is; but the reward is immense in shrinking attack surfaces.

Solution Brief Why You Need to Stop Trusting Everything on the Network

Assume internal networks are hostile.
Authenticate and authorize every user and every device. Every time.
Employ micro-segmentation to contain the blast radius of any breach.
Don’t skip your patches. No, even that annoying update counts.

Hardware is More Important Than You Realize

At the hardware hacking village at DefCon, I discovered in person how often oracles of cybersecurity fail to pay attention to the physical layer. Hardware backdoors, USB attacks, even malevolent chips embedded on devices — they’re becoming less science fiction than science fact. That’s why the question Is your firewall sufficient? always starts sounding silly.

Consider your network routers, switches, even your servers. Every piece of gear is a potential point of failure. And it’s not just a question of buying the most flashy, latest models; it’s about configuring and monitoring them. Back in the 90s, a router was a fancy traffic cop. Now? It’s a mini-computer, complete with OSes and potential for exploits.

And here’s something I rant about all the time? Why are we still married to password policies that everyone hates?

Seriously. If you’ve spent any time in the security industry, you know that the industry seems to come up with new, best practice password rules every couple of years and that these rules usually just make life miserable and don’t actually meaningfully improve security. Complex passwords, forced changes every 30 days, these rules often lead to less secure passwords — people write them down or reuse them anyway.

I’m certainly in favor of strong, unique passwords — but what about adding authentic bespoke coverage like multi-factor authentication (MFA)? This is where I think a lot of security teams are going down the rabbit hole – they trust all to the password and treat MFA as an optional extra.

Here’s my analogy for you:

Relying only on passwords and not enabling MFA is like a complex dish that took many hours to prepare, relying only on a couple of burnt spices. Even if the recipe is great, the outcomes will be lacking.

So What Are Businesses Supposed to Do or Not Do?

Look, I understand — it’s easy for security to seem overwhelming. I have been in the trenches where everything is on fire (metaphorically). And here’s the bare bones of what I actually say to my clients, stripped of all the language games I’m still playing after more than 30 years in this business:

Zero-Trust principles Auto-trust nothing, always verify.
Layer those defenses Firewalls, but also endpoint protection and logging and monitoring.
Patch religiously None of those are just annoyances or nag screens; they’re your medicine against known holes.
Hardware security Don’t forget your routers, switches and servers; invest in them. Treat them like you treat your software, by which I mean securely and monitored.
Dual-Factor Authentication is MUST Don’t even think and take it seriously Add More-factor authentication: It is most important and must. Implement it yesterday.
Train your people You can say virtually all attacks start with some form of human error. Lead phishing drills, sessions on awareness with regularity.

On AI Cleansing Services — I am Skeptical to my Core

Here’s a contrarian opinion I hold: I am highly suspicious of any security product that’s simply tagged AI-powered and then advertised as some kind of miraculous answer to all your security challenges. AI is a powerful tool, sure. But the hype train is selling it like it’s some all-seeing, always accurate bouncer at the door — and it’s not.

I’ve watched tools advertised as AI-powered flounder in the real world, whether because they depend on lousy data sets or because attackers innovate more quickly than algorithms. And the bizarre false positives that waste your team’s time?

My advice? Evaluate AI-based tools critically. Understand the data they are trained on, and don’t give up control without appropriate oversight. AI assists humans. It does not replace them.

Nostalgia Time Networking Used to Be Easier Are You Feeling Old?

I wish this had been around in the 90s, I’d spend as much as 8 hours on slow PSTN lines configuring voice and data mux boxes. Crusty machines that required patience, smarts and a little luck — just like our security challenges today, only not so complicated (or so caffeinated).

Back then, a botched configuration could take down a whole branch office and you’d be running around with a screwdriver and cables to fix it. If only cybersecurity today could instead be fixed with a wrench, not code and policy.

But here’s the bottom line — for all the bells and whistles of tech, the security fundamentals are still there: know your network, manage access, monitor like crazy, and never take your foot off the gas pedal.

In Conclusion Because I’m Already Starting to Feel the Coffee Wear Off

Cybersecurity isn’t a destination.

It’s a trip that begins with respecting your infrastructure — hardware, software, people and process. Your half hour is about upgrading your mindset, from old-school perimeter security, and it’s constantly evolving.

And if you’re a business owner musing Do I actually require all this? — I would like to remind you the banks I’ve bailed out recently. If institutions that handle billions daily are taking zero-trust seriously, maybe you should too.

As always, if you want to talk about firewalls, servers or how to keep hackers from turning your router to a launching pad — you know where to find me.

Sanjay Seth
P J Networks Pvt Ltd
Cybersecurity consultant since 1993

We’re going to fortify your network the way you would protect your grandmother’s secret recipe — painstakingly developed, tested and zealously protected.