In the years that have followed the pandemic, cybersecurity has become a central concern for governments, businesses and individuals alike thanks to a seemingly endless array of geopolitical events and disputes.
The convenience unlocked by our interwoven digital presence has opened the door to increasingly sophisticated cyber threats, and the rise of artificial intelligence has only served to accelerate things. High-profile data breaches, ransomware attacks and other cybercrimes seem to hit the headlines almost every week, and while targeting individuals has previously resulted in quick wins, it’s now easier than ever for threat actors to pinpoint vulnerabilities to exploit within companies and other larger organizations.
Traditional perimeter-based defenses are struggling to keep up with the alarmingly dynamic nature of emerging threats, and many existing endpoint detection and response (EDR) tools are no longer sufficient in an environment where employees are handling sensitive data.
The evolving cybersecurity landscape
Another big shift we’ve seen recently is considerable growth in remote working, and while many large corporations are pushing for a mass return to the office, the reality is that many workers continue to spend some time away from the office. Just by their very nature, controlled offices are considerably easier to secure than an uncontrolled environment like someone’s home.
Add to this a shift away from on-prem infrastructure to a mix of cloud and hybrid setups, with data crossing yet more boundaries, and the potential for vulnerabilities is at an all-time high.
Speaking at the recent ThreatLocker’s Zero Trust World 2024 event, Dr Chase Cunningham used biblical symbolism to introduce a fifth horseman of the Apocalypse on top of pestilence, famine, war and death: cyber.
Highlighting the disconnect between lawmakers and the severity of threats, Cunningham argues that economic recession and all of its related effects could fuel cyber threats to thrive, putting cybercrime on track to become a significant global economy.
The future of cybersecurity is intricately tied to emerging technologies and evolving threat landscapes, but the problem is that each day seems to change what we know about cyber criminals.
While AI possesses the potential to revolutionize the way we detect, prevent and respond to cyber threats, it also has the power to produce novel malicious code in seconds – a concern that ThreatLocker CEO Danny Jenkins shared.
Predictive analytics, behavioral analysis and threat intelligence can all be leveraged and harnessed to proactively mitigate some risks, however, also speaking at Zero Trust World 2024, security expert and “the people’s hacker” Jenny Radcliffe reminded the audience of the complex connection between cyber and human.
Throughout her speech, Radcliffe highlighted the significance of human vulnerabilities, behaviors and errors in security breaches, delving into some of her ‘people hacking’ moments that allowed her to breach the security of companies in order to carry out mock cybercrime in a bid to demonstrate to companies their vulnerabilities.
Defining social engineering as ‘the manipulation of human factors to gain unauthorized access to resources and assets’, Radcliffe discussed the various methods that criminals use to gain access to confidential systems, such as phishing, smishing, vishing, quishing and even less technical physical security exploits.
Embracing a culture of zero trust, default deny
Amid an evolving and complexifying cyber landscape whereby even hours of staff cyber training couldn’t prevent every attack, the zero-trust, default-deny approach emerges as a worthy strategy to strengthen digital defenses.
While traditional security models operate under the assumption that entities within the network can be trusted by default, a zero-trust model challenges this by asserting that no entity – inside or outside the network – should be trusted by default.
In the case of ThreatLocker, deploying a zero-trust tool begins with a week or so of ‘learning mode’, where the system ascertains normal procedures and operations for a business.
Companies can then use allowlisting to approve certain applications, leaving untrusted software including malware and ransomware to be denied by default.
Another benefit of using a zero-trust security tool like ThreatLocker is ringfencing, which places a digital barrier around an application that prevents it from communicating beyond whatever is necessary. Limiting how software interacts with other endpoint systems prevents attackers from weaponizing software and legitimate tools like PowerShell.
Besides configuring protective measures, what makes ThreatLocker unique is that it has the digital tools and a team of human workers to analyze telematic data behind the scenes, so that suspicious behavior or a series of abnormal steps raise a flag, ultimately leading to system prompts or even a phone call to verify authenticity.
In the case of ThreatLocker specifically, its average response time equates to around 23 seconds, whereas it claims with some other less sophisticated solutions, the average time it takes to detect or identify an attack is 49 days. With ransom payouts totalling more than $1 billion in 2023, it’s clear that a more robust approach needs to be ushered in.
In essence, zero-trust cyber protection assumes that every user, device and application is malicious, aligning with least privilege and limited access protocols to prevent unwarranted actions.
Default-deny cybersecurity has been credited for its ability to mitigate lateral movement within networks, which means that even if a threat actor is able to break entry, further damage can generally be prevented or at least minimized. With insider threats a growing concern, companies employing this latest type of defense can arm themselves against evolving threat techniques.
Strengthening our position through cooperation and collaboration
As of February 2024, the company looked after around 46,000 businesses and millions of endpoints, ranking it as one of the biggest names in zero-trust cybersecurity alongside the likes of VMware’s Carbon Black and SentinelOne.
When asked about the sense of community that ThreatLocker seems to encourage, such as allowing customers to share policies with one another, and the importance of interoperability amid plentiful antitrust cases, CEO Danny Jenkins affirmed the company’s position as a collaborative player in the security space, adding that ThreatLocker shares important findings with companies that would usually be considered rivals, in the interest of creating a more secure landscape for all businesses.
The next stages of cybersecurity
The current state of cybersecurity reflects the challenges posed by increasingly sophisticated adversaries, making now a crucial time for companies to reassess how they think about security.
The zero-trust, default-deny approach emerges as a clear solution that promises to take us forward into the next stages of fighting off digital threats by challenging traditional assumptions about trust and privilege.
The future of cybersecurity lies in embracing these new principles, greater collaboration and interoperability, and cultivating a culture that acknowledges the ever-present nature of threats. While there are other providers offering similar approaches, and we don’t doubt more will get in on the zero-trust game, a first-hand experience seeing how ThreatLocker approaches the next stage of cybersecurity does give us some optimism about the future.
- These are the best endpoint protection software choices around today
