A firewall blocks traffic that is preset as unwanted. This is usually traffic that tries to enter the company from the internet. Traffic from the inside to the outside is almost always allowed. If a part is already blocked, then ports 80, 443 and 53 are always open. Attackers therefore use methods such as phishing to gain entry and thus communicate through the open ports. Attackers are then in the network at that time, while the firewall is not aware of anything. The malware can then communicate freely to the internet, making data breaches possible. A firewall is necessary but not the ultimate goal.