The state of cyber security

The Problem

This week, I attended Zero Trust World 2025 in Orlando, Florida.

I heard from and spoke to some of the world’s most experienced cybersecurity experts.

The event confirmed and underscored some of my thoughts from the last two years.

Think about this:

1. There are thousands of cyber security solutions, yet hackers and malware are still a big problem.
2. We have spent more money on cyber security than curing cancer. Yes, that’s true!

There is clearly something wrong here.

It seems to me that the industry is overcomplicating things and undoubtedly has financial motivation behind it.

The Solution

This solution I am proposing is backed by data and shared by experts, but to few businesses fully embrace it.

This solution is encapsulated in the mantra of ThreatLockers CEO Danny Jenkins, and that is that we must move from ‘Default allow, to default deny’.

If hackers and malware don’t have space to work in, they lose.

I accept this simple concept is challenging for large enterprises with complex distributed networks. However, for SMEs with less than 250 employees, it is achievable.

A ‘default deny’ posture is really about attack surface reduction. You win by allowing only devices, locations, networks and software that you explicitly trust.

Partly, this is because new threats come out so often that cyber security solutions can’t keep up.

This is why ‘default deny’ works so well.

Here is some data to support these assertions, courtesy of Dr Chase Cunninghams blog:

• Identity-Centric Security – According to Verizon’s 2023 Data Breach Investigations Report, 74% of breaches involve human elements, including privilege misuse and compromised credentials. Enforcing strict identity verification and least privilege access drastically reduces risk.
• Research shows that organisations adopting Zero Trust see a 50% reductionin breaches compared to traditional perimeter-based security models.
• A 2022 study by the Ponemon Institutefound that 60% of organisations that focus on compliance alone experience recurring breaches. In contrast, those prioritising security outcomes significantly reduce attack success rates.
• Browser Isolation – Researchers estimate that 70% of cyber threatsoriginate from web-based attacks. Browser isolation mitigates this by executing all browsing activity in a separate environment, preventing malware from reaching endpoints.
• Application Allow/Blocklisting – According to the NSA, organisations utilising application allowlisting reduce ransomware incidents by 85%, preventing unauthorised or malicious software from executing within networks.

Implementation

With today’s technology, this posture can be implemented easily and cost-effectively.

You only need two solutions to do it:

1. Microsoft 365 Business Premium
2. ThreatLocker

Microsoft 365 Business Premium comes with Conditional Access, App Protection and Intune. Combined, these technologies allow control over which devices, locations, and networks gain access and enforce strict authentication methods on your user identities.

As part of a layered approach, you should also use Defender for Endpoint and Defender for Office 365 from the Microsoft stack. All included with Business Premium.

ThreatLocker provides Application Allow List and Application Ring Fencing, which blocks all software except that which you explicitly allows.

Time and effort are involved in setting up these technologies, but it’s a one-time process.

Summary

I am advising my customers to simplify their security stack and focus on configuring it correctly whilst moving from a ‘default allow to default deny’ posture. It’s simple, costs very little and is highly effective.

If you are a customer of Atomyc’s these solutions will be built into your technology roadmap for implementation at the appropriate time.