It’s that time of year again, just after Cybersecurity Awareness Month and just before Black Friday…
…time for the latest Sophos Threat Report.
We know what lots of you are thinking.
Here come pages and pages of thinly disguised product pitches, setting aside science for sensationalism and advice for advertising.
Well, it’s not like that at all!
In fact, rather than write a report about what’s in the report, we’ll let our good friend and colleague Chester Wisniewski, whom many of you already know, tell you in just 2’20” (that’s the video length limit for Twitter, in case you were wondering) what you’ll learn if you read it:
As Chester explains, we’ve covered five main topics: ❶ Malware, ❷ Mobile, ❸ Machine Learning and AI, ❹ Ransomware (because we simply couldn’t not give it a section of its own), and ❺ Where next?
Indeed, the report isn’t just one researcher’s work, or even one department’s work, but the combined effort of SophosLabs, Sophos Managed Threat Response, Sophos Rapid Response, and Sophos Artificial Intelligence.
And as our CEO Joe Levy states in his introduction, at Sophos we strive for credibility (so that we mean what we say), transparency (so that we say what we mean), and scientific rigour (so that we take care to say only what we know).
But don’t take Joe’s word for it… read the report and see how we live up to those three principles!
Learn more
By the way, after you’ve read through the report, we hope you’ll think, “It would be great to learn more about what makes threat researchers tick in general, as much as to learn what they’ve been up to for the past year.”
Rather than summarise the report here (there’s a great synopsis over on our sister site Sophos News), we thought we’d pick four Serious Security articles from the past year to complement it.
So, to give you an idea of the spirit of the “how” behind the “what”, we thought you might also enjoy these articles as an interesting and informative followup:
- Serious Security: Webshells explained in the aftermath of HAFNIUM attacks
- Serious Security: Mac “XcodeSpy” backdoor takes aim at Xcode devs
- Serious Security: The Linux kernel bugs that surfaced after 15 years
- Serious Security: OpenSSL fixes two high-severity crypto bugs
And for a bit of fun to finish with, here’s a reminder of why simply being interested in quirky facts about science and the history of science can help you to do cybersecurity better:
Where next?
Cybersecurity really is a journey and not a destination.
The crooks have shown that they’re willing to learn and adapt their attacks, so we need to make sure we learn and adapt, too.
Yes, we’re proud of the work we do at Sophos to learn and adapt, and we hope the Threat Report makes that clear, but we’re just as proud of of our many readers, followers, customers and fellow travellers for being willing to learn and adapt, too.
Happy Threat Report Day!