CNME Editor Mark Forker sat down with Danny Jenkins, CEO and co-founder of cybersecurity company ThreatLocker, to examine the evolution of ransomware attacks, the need for businesses to adopt a zero-trust approach to their security architecture – and why organisations need to use AI to improve their products and not reduce costs.
Danny Jenkins grew up in the town of Telford in Shropshire, England. His love for computers began at an early age, as he spent time taking them apart and putting them back together.
By the age of 15, the highly intelligent youngster left school to pursue a career in the computer field. After applying to every company in Telford, Jenkins finally landed a position in IT. His journey from modest beginnings to leading one of the top cybersecurity companies is both inspiring and impressive.
Jenkins began his cybersecurity career in 1997, and during the years that have elapsed he has firmly established himself as both a hugely respected and influential cybersecurity professional amongst his industry peers.
During his distinguished career, Jenkins has worked for Kingspan, MXSweep and Sirrustec.
Jenkins is now the CEO of cybersecurity company ThreatLocker, which he co-founded in 2017, along with his wife and COO Sami Jenkins and CQA John Carolan.
The company has gone from strength-to-strength since its inception, and its mission statement is to transform the cybersecurity industry by moving from a default allow model to a default deny model.
In a compelling interview with CNME, Jenkins was candid in relation to the challenges facing the global cybersecurity ecosystem.
We began the conversation by putting a lens on the topic of ransomware.
In June of this year, hackers stole 450 million data points from American Hospital Dubai.
It was one of the largest data breaches of a healthcare facility in the UAE, and despite global reports indicating that ransomware attacks were on the decline, it was a stark reminder of the devastating impact and ramifications a cyberattack can have.
Jenkins stressed that whilst the volume of ransomware attacks may be reduced, the sophistication of the attacks have grown ten-fold.
“The number of ransomware attacks have gone down slightly, but that’s been subsidised by the sheer size of the attacks involved. If we go back to 2017, when ThreatLocker was founded, we saw a lot of attacks where companies were being shaken down for anywhere between $1,000 dollars to $20,000 dollars. However, the problem now is the fact that these ransomware attacks are so sophisticated and coordinated that they’re able to demand so much more money,” said Jenkins.
As a former ethical hacker, Jenkins said that it has become evident how ransomware attacks have changed over the years and explained how dark web gangs are now using a tactic called ‘double extortion’.
“Ransomware attacks have evolved from solely focusing on encrypting data to also including data exfiltration as a primary tactic. This shift increases the pressure on victims to pay ransoms. The traditional ransomware model involved the process of encrypting files, making them inaccessible, and demanding a ransom for the decryption key. Now these attackers are more sophisticated and not only do they encrypt data, but they also exfiltrate sensitive information before encrypting it. This means that many smaller businesses are less likely to pay and will say to the hackers to go and dump their data on the internet, but the larger businesses are more likely to pay,” said Jenkins.
Jenkins also highlighted how many hackers actually lie about how much data they have stolen.
“In the case of the ransomware attacks on the American Hospital Dubai, they said they stole 450 million data points, and four terabytes of data. However, it’s highly likely that this isn’t true. What often happens is the hackers will take 10% of the data, but will tell businesses that they’ve got it all, and they’ll just start drip feeding you data. But if you extract 450 million medical records and four terabytes of data then more than likely you’re going to get caught. Now if you extract 400 gigabytes of data then that’s not going to trigger any alarms,” said Jenkins.
Many IT analysts and commentators have been critical of businesses who have paid to get their data back, saying that it creates a marketplace for hackers.
However, as Jenkins points out, it’s not as black and white as that.
“Look let’s be frank, ransomware is a multi-billion-dollar industry, this isn’t one person sitting in his basement writing code, it’s big business. It’s highly sophisticated, it’s expertly coordinated, you have hackers creating footholds on systems, getting on servers and pushing ransomware out at a global level. It is easy to say don’t pay, but when you’ve got an airport shutdown, a hospital, or an oil pipeline then you’ve got to get your business back up and running. The first ransomware case I worked on was a small insurance broker that paid $22,000, and they didn’t get their data back, but they paid it because they had no choice, they needed their business to be operating, so paying doesn’t always guarantee that you’ll get your data back,” said Jenkins.
The conversation then pivoted towards the subject of market maturity.
Jenkins believes that when it comes to cybersecurity across the GCC, the region has room for growth.
“Cybersecurity maturity varies globally, and while regions like the US have had a longer runway to adopt certain disruptive technologies, the Middle East is making significant strides. In many cases, the region has followed global frameworks and best practices – which is understandable and often effective – and the next phase of growth will likely come from adapting and innovating based on local threat landscapes.
There’s incredible momentum here, especially in the UAE, where leadership is clearly prioritising digital trust and resilience. As the ecosystem continues to evolve, we’ll likely see more tailored strategies that reflect regional priorities rather than global templates. The direction is very promising.”
Jenkins explained the approach their company ThreatLocker takes towards security, which he outlined is very, very different to that of his market rivals.
“We are really taking a different approach in terms of the way we think about security. Currently, the approach consists of businesses building an AI agent that is going to look and scan for everything on your devices and shut down anything suspicious. But here’s the problem. If you have a piece of backup software that took your files, and copied them to the internet for backup, then that’s the exact same functionality as a piece of ransomware that takes your files and copies them to the internet. So, as a direct result of that the EDR are struggling to understand the intent of the application. The attitude that we adopt is one that we don’t care if something is good or bad, we are just going to shut it down and block it and not let it work. However, if you need it within your organisation then you add it to a list, and then the organisation can decide if it is something that they use – then it should be allowed. This approach removes the constant fear of the unknown,” said Jenkins.
Jenkins added that some of the major businesses on their books in the Middle East, include Emirates Flight Catering and Red Sea Global, are both adopting this zero-trust approach towards security, as are a number of major banks, financial institutions and airports across the United States and Europe.
It’s clear with the list of blue-chip organisations that ThreatLocker manage that their technology offering and philosophy on cybersecurity is resonating with markets in the US, Europe and the Middle East.
Jenkins stressed the importance of educating their clients on that zero-trust approach to security.
“We have to educate our clients. We are always demonstrating why we do what we do, we host hacking demos showing why these things are important and show the damage that can be done if EDR’s are bypassed. We do this all over the world, it’s not just in the Middle East. We do 850 events a year, which only goes to show you how committed we are to educating people on security, but eventually the penny drops, and people start seeing it. We have 54,000 companies that are using ThreatLocker technologies, and realistically we are the biggest player when it comes to things like application whitelisting. 54,000 sounds like a lot, but, in reality, it’s just a fraction of what is out there, so there is a still a long way for us to go. But the signs are promising, and people are adapting to change,” said Jenkins.
The conversation then swung towards the topic of you know what, yes, you guessed AI.
AI is everywhere, impacting every industry vertical globally, and it’s no different when it comes to cybersecurity.
Cisco President and Chief Product Officer Jeetu Patel said AI is the biggest challenge that cybersecurity has ever faced.
Jenkins echoed those sentiments somewhat by disclosing that AI is giving those using it for nefarious purposes an advantage.
“I think like most things in life, it provides more advantages to the attackers than it does to the defenders. We’ve gone from a scenario in which we had a population of a few million people in the world capable of creating ransomware to a population of 6 billion people capable of creating ransomware. However, where I see a lot of the problems with AI in the cybersecurity industry is the fact that many businesses are trying to use it to cut costs,” said Jenkins.
He concluded the conversation by highlighting how they use AI to improve their efficacy for their web filtering products and reinforced his views that cybersecurity practitioners need to use AI to enhance products and not slash costs.
“We have an entire department that focuses on AI. We have a web filtering product and within that product we have to determine whether they are adult sites, gambling sites, or regular business websites. We have a huge team of people that do nothing but look at these sites all day and categorise them, and their efficacy rate ranges between 99-99.6%. If you ask AI to do the same thing then it has an efficacy rate of 70%. Now that doesn’t mean it is bad, but we use it to cross-reference our team and that has enabled us to increase our effectiveness. So, it does help us, but the security industry needs to look at AI to improve their product and not to reduce costs,” said Jenkins.
