It’s no secret that cybersecurity concerns are increasing. Last year saw massive breaches, such as the national public data breach (with 2.7 billion records stolen) and several significant data breaches. Snowflake Customers such as Ticketmaster, Advance Auto Parts and AT&T. More than 165 companies were affected by Snowflake-related breaches alone, according to a Mandiant investigation.
According to CheckPoint Searchglobal cyberattacks increased by 30% in the second quarter of 2024, reaching 1,636 weekly attacks per organization. A IBM report says the average cost of a data breach globally increased by 10% in 2024, to $4.8 million.
So it’s probably no surprise that Orlando, Fla.-based cybersecurity company ThreatLocker has grown to 450 employees since its launch in 2017. InformationWeek caught up with Danny Jenkins, CEO of ThreatLocker, at the Gartner IT Symposium/XPO in Orlando last month.
(Editor’s note: The following interview has been edited for clarity and brevity.)
Can you give us a little insight into what you were talking about at the event?
What we’re talking about is that when you install software on your computer, that software has access to everything that you have access to, and often people don’t realize if they download this game, and there had a backdoor in there. game, if there was a vulnerability in this game it could potentially steal my files, grant someone access to my computer, grab the internet and send data. So we were actually talking about supply chain risk. Most important are vulnerabilities: things a vendor didn’t intend to do, but accidentally gave someone access to your data. You can really improve your security through smart controls and limiting access to these apps rather than trying to find every bad thing in the world.
AI was the major recurring theme throughout the symposium. Can you talk a little bit about how we approach these threats and how that will change as more companies adopt emerging technologies like GenAI?
What’s interesting is we’re doing a session right now on how to create effective malware, and we’re going to talk about how we can use AI to create undetectable malware versus the old method. If you think about AI, and if you think about two years ago, if you wanted to create malware, there were a limited number of people in the world who could do it — you had to be a developer, you had to to have some experience, you would have to be smart enough to avoid the protections. This pool of people was quite small. Today, you can simply ask ChatGPT to create a program to do whatever you want, and it will spit out the code instantly. The number of people capable of creating malware has increased dramatically…the way to defend against this is to change the way you think about security. The way most businesses now think about security is to scan their environment for threats, but that’s not effective. The best way to approach security is actually to say, “I’m just going to block what I don’t need, and I don’t care if it’s good and I don’t care if it’s bad.” . If it’s not necessary in my business, I’ll stop it from happening.
As someone working in security, is the pace of AI adoption in businesses a concern?
I think the problem is the pace and the fear. AI has been around for a long time. What we’ve been seeing for the last two years is generative AI and that’s what’s scaring people. If you think about self-driving cars, you think about the ability of machine learning, the ability to see data and manipulate and learn from that data. The scary thing is that the consumer now sees the AI that produces and before, it was always things in the background that we never really thought about. You’ve never really thought about how your car is able to determine if something is trash or if it’s a person. Now this thing can draw pictures and write documents better than me and create code. Am I worried about AI taking over the world from this point of view? No, but I worry about the set of tools that we’re now giving to people who may not be ethical.
It used to be that if you were smart enough to write malware, at least in the Western Hemisphere, you were smart enough to get a job and you weren’t likely to go to jail. People who previously created successful malware or cyberattacks were in countries where there were no opportunities, such as Russia. You don’t have to be smart enough to launch successful cyberattacks, and that’s what concerns me. If you give someone who doesn’t have the ability to earn a living access to tools that can allow them to steal data, the path they will follow will be cybercrime. Just like any other crime, when the economy is in decline and people don’t have jobs, people steal and crime increases. Previously, cybercrime was limited to technology-savvy people. Now the whole world will have access to it and that’s what scares me – and GenAI has made that easy.
How do you see your business evolving in the next 5-10 years with AI adoption?
Ultimately, this changes the way people view security, to the point where they need to start adopting more zero trust approaches and more restrictive controls in their environment. This is how things should be: there is no alternative. Before there was a 10% chance you would be damaged by an attack, now it’s an 80% chance.
If you are the CIO of a company, how should you consider developing these new technologies and leveraging these new platforms? How should you think about security?
Ultimately, you have to take into account the internal politics of the company. And we came out of a world where IT and CIOs, who often come from introverted backgrounds where they don’t communicate with boards, were seen as the people who make our computers work, not the people who protect our company…now the board says we need to hire security. I feel like if you’re the CIO, you should be leading the conversation with your security team… as the CIO, you should be leading this.
What was one of your biggest takeaways from the event overall?
I think the biggest thing I’m seeing in the industry is that fear is increasing, and rightly so. We see more and more people willing to say, “I have to solve my problem. I know we are easy targets right now. “That’s because we’re on the technology side and we live and breathe this stuff. But what we don’t necessarily always understand is what the customer’s point of view is and how to solve their problems.