"Assume that the bad guys are already in" | Rob Allen, Threatlocker @ Tech Show London 2023

Published on
10/03/2023 02:23 PM
Link to video on Youtube

Tech Show London has just kicked off in London’s ExCel Centre, and the EM360 team was there to interview business leaders and industry experts about everything Enterprise technology – from AI to cybersecurity to data.    

Yesterday we spoke to Rob Allen, VP of Operations at ThreatLocker and multiple speakers at the tech show about the power of zero trust in the new age of cybersecurity. 

Zero trust as the gospel for cybersecurity 

When asked about how IT security teams can protect critical infrastructure and assets against the ever-evolving cyber threat landscape, Mr Allen explained that zero trust must a key principle in any organisation’s defence strategy. 

“[Zero trust] is a principle which is to remove implicit trust and explicit trust. It is to assume that the bad guys are already in, so assume a breach is inevitable or has already occurred and constantly limit access to only what is needed. So, it’s effectively default and eye. Permit by exception. 

“A lot of organisations currently depend on detection to protect themselves, so basically detecting bad things that are happening. Very often detection is too late, so if you're depending on detection, you probably already lost they could have been walking around your network for weeks or months beforehand.

What We recommend is controls, so it's controlled over what can run what can't run and what certain applications can do whilst they're running. So putting limits on what things can do – again deny by default permit by exception."

Data exfiltration a significant challenge in 2023

When asked about some of the biggest concerns and challenges companies are facing in 2023, Mr Allen explained that data exfiltration is a greater problem than the enterprise than ever before. 

“The biggest worry is data exfiltration, data loss. Once Upon a time, you got hit by ransomware It was a clean-up job – It was a restore from backup, get back up and running – that might take you a couple of days, might take you a week, but it was not something that was that difficult to recover from," Mr Allen explained.

"These days, 90 per cent of ransomware attacks include the threat to leak exfiltrated data. So they will steal your stuff, and they could be robbed around your network for weeks or months before they actually run the ransomware, so the running of the ransomware is probably the least of your worries. 

It is the data exfiltration – the fear of your data being out there and in the wrong people's hands – that is what IT managers, CSOs a CIOs don’t sleep at night because of. The fear that your data is out there is something a lot of people worry about. And stopping that from happening is a top priority for organisations."