It’s Monday Morning, Don’t Set Your Human Firewall to “Allow Any Any”

Views: 5,210

Last Updated on June 8, 2015

During the football season, Monday morning is probably the most critical moment for a network administrator and the reason is pretty simple: after the match day, the first thing users normally when sitting at their desks (and powering on their computers) is to browse their preferred sport sites to watch the latest commentaries and the highlights of their beloved team.

This is so true to such an extent that, when a new network security device is installed, the ability to keep up with the infamous “Monday Morning Ramp up” is often considered the ultimate acceptance test. If no degradation is perceived by the users (and they really cannot afford to see their streaming connection breaking up just before a goal), the acceptance test is positive.

For this reason, I just could not help but smiling after I stumbled upon the Annual NTT 2015 Global Threat Intelligence Report published earlier this month, whose findings suggest that malware detections increase on Monday mornings (and drop accordingly during the weekends).

in_this_corner_we_have_daveOnce again this demonstrates that the human being is the weakest link (one of the few certainties in information security), even if the funny aspect is that this vulnerability surface just broadens on Monday mornings for a deadly combination of factors:

  • The number of connections surges (match commentaries and highlights can’t wait).
  • The probability to be compromised grows accordingly.
  • Users are keen to watch the highlights of the match day (and set their human firewall to “Allow Any Any”).

The same vulnerability surface narrows accordingly during the weekends, when offices are normally empty, but in theory the protection should be the same since firewalls, IPS systems, network and endpoint AVs and sandboxes never rest.

That’s the funniest part of the report that, for the records, includes other important findings:

  • Finance continues to represent the number one targeted sector with 18% of all detected attacks.
  • Across the world, the 56% of attacks against the NTT global client base originated from the United States.
  • 76% of identified vulnerabilities throughout all systems in the enterprise were more than two years old, and almost 9% of them were over 10 years old.
  •  Of the vulnerabilities discovered across enterprises worldwide, 7 of the top 10 exposed vulnerabilities resided within user systems and not on servers.
  •  Threats against the end user are higher than ever, attacks show a clear and continuing shift towards success in compromising the endpoint.
  • Attacks against Business & Professional Services increased from 9% to 15%

Come on! just one Monday morning and the football season will finally close. The 6th of June is approaching and I am eagerly waiting for the UEFA Champions League Final Game. That said, I will pay particular attention the following Monday, in case I will decide to have a look at the match highlights (but in the worst case I won’t probably need to do it!).

Tags: , ,

This Post Has One Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.