In this interview, Danny Jenkins, CEO of ThreatLocker, shares his expertise on the evolving landscape of cybersecurity, focusing on the vulnerabilities in supply chains and software systems. He discusses the risks associated with legacy software, strategies for mitigating supply chain attacks, and the role of AI in cybersecurity. Danny also delves into the ethical considerations surrounding AI’s involvement in surveillance and security, offering valuable insights for organisations looking to enhance their cyber defences.
Can you share some of the most significant vulnerabilities you have observed in supply chains and software systems recently?
It should come as no surprise that we continue to see attackers go after the weakest links in a company’s cyber defences. Often, companies hesitate to update legacy software due to the pain points of moving to newer, more secure systems, leaving them vulnerable.
What are the key indicators that an organisation may be susceptible to a supply chain attack?
They are running software, which carries risks. The trick is to reduce the risks by reducing software rights.
Could you provide examples of organisations that have successfully mitigated supply chain vulnerabilities?
By simply stopping outbound internet access to SolarWinds, Orion effectively crippled the backdoor, stopping an attack. We saw the same with Microsoft Exchange, where the exchange server was able to download malware to the machine and push out a GPO when a local administrator logged into the exchange server. By using Application Allowlisting or Whitelisting, we stopped this attack from progressing.
In your opinion, where is the ethical line when it comes to AI’s involvement in surveillance and cybersecurity?
I do not think this is a question of an ethical line. It is a question of effectiveness. AI has no ability to determine the intent of something in an environment. It can only be said that this is a known tool used by attackers or an unknown tool used by attackers.
A good example of this is if someone were to run a backup using legitimate backup software as a data exfiltration tool. AI cannot determine if the backup software is being used for data exfiltration or whether it is being used as an attack. What is far more effective is only allowing the backup tools that you need and only allowing them to talk to the backup locations you trust.
Why are supply chain attacks becoming increasingly frequent and sophisticated?
Attacks, in general, are becoming more frequent and primarily driven by the fact that cybercrime is a business that makes very good money. Supply chain attacks are becoming increasingly frequent and sophisticated because their impact can be massive. Malicious actors can target one company and affect hundreds to thousands of companies, bypassing the need to attack each one individually.
How do global regulatory frameworks impact an organisation’s ability to defend against supply chain attacks?
Regulatory approaches to cybersecurity offer companies a guide on what they can and should do to protect themselves. This is useful; however, quite often, regulatory changes take too long to implement.
What role does transparency between partners play in fortifying supply chain security?
Sharing data and vulnerabilities is incredibly important. When vulnerabilities are found by the “good guys”, they should be reported to vendors in a timely manner. Companies sharing information with the government and vice versa are also very important to defend against and prevent attacks.