GRTech
Sophos Partners with Tenable to Launch New Sophos Managed Risk Service
. New Fully Managed Solution Provides Visibility, Risk Monitoring, Prioritization, Investigation, and Proactive Notification to Prevent Cyberattacks
April 4, 2024 – Sophos, a global leader of innovative security solutions that defeat cyberattacks, today announced a strategic partnership with Tenable, the Exposure Management company, to provide Sophos Managed Risk, a worldwide vulnerability and attack surface management service.
The new service features a dedicated Sophos team that leverages Tenable’s exposure management technology and collaborates with the security operations experts from Sophos Managed Detection and Response (MDR) to provide attack surface visibility, continuous risk monitoring, vulnerability prioritization, investigation, and proactive notification designed to prevent cyberattacks.
The modern attack surface has expanded beyond traditional on-premises IT boundaries, with organizations operating frequently unknown numbers of external and internet-facing assets that are unpatched or under protected, leaving them vulnerable to cyberattackers.
This is evident in the newest Sophos Active Adversary Report, also released, which identifies three tasks that organizations must prioritize to minimize the risk of brazen intrusions that lead to ransomware or other types of attacks.
These include closing exposed Remote Desktop Protocol (RDP) access, enabling multi-factor authorization and patching vulnerable servers, all of which were top entry points in breaches handled by Sophos Incident Response in 2023.
The Sophos Managed Risk service can assess an organization’s external attack surface, prioritize the riskiest exposures, such as open RDP, and provide tailored remediation guidance to help eliminate blind spots and stay ahead of potentially devastating attacks.
“Sophos and Tenable are two industry security leaders coming together to address urgent, pervasive security challenges that organizations continuously struggle to control. We can now help organizations identify and prioritize the remediation of vulnerabilities in external assets, devices and software that are often overlooked. It is critical that organizations manage these exposure risks, because unattended, they only lead to more costly and time-consuming issues and are often the root causes of significant breaches,” said Rob Harrison, senior vice president for endpoint and security operations product management at Sophos. “We know from Sophos’ worldwide survey data that 32% of ransomware attacks start with an unpatched vulnerability and that these attacks are the most expensive to remediate. The ideal security layers to prevent these issues include an active approach to improving security postures by minimizing the chances of a breach with Sophos Managed Risk, Sophos Endpoint, and 24×7 Sophos MDR coverage.”
“While the latest zero day may dominate the headlines, the biggest threat to organizations, by a large margin, is still known vulnerabilities – or vulnerabilities for which patches are readily available,” said Greg Goetz, vice president of global strategic partners and MSSP, Tenable. “A winning approach includes risk-based prioritization with context-driven analytics to proactively address exposures before they become a problem. Sophos Managed Risk, powered by the Tenable One Exposure Management Platform, delivers outsourced preventive risk management, enabling organizations to anticipate attacks and reduce cyber risk.”
Specific key benefits of Sophos Managed Risk include:
- External Attack Surface Management (EASM): Advanced identification and classification of internet-facing assets, such as web and email servers, web applications, and public-facing API endpoints
- Continuous monitoring and proactive notification of high-risk exposures: Proactive notification when a new critical vulnerability is identified in an organization’s internet-facing assets
- Vulnerability prioritization and identification of new risks: Swift detection of high-risk and zero-day vulnerabilities, followed by real-time notification to ensure critical internet-facing assets are promptly identified, investigated and responded to by order of importance
“One of the biggest challenges organizations face when improving their security posture is prioritizing what to handle first. This type of guidance helps solve that issue and reduces the workload for security teams tasked with tackling vulnerability and exposure management,” said Craig Robinson, research vice president of Security Services, IDC. “Solutions such as Sophos Managed Risk can be a differentiator by enabling overwhelmed teams to take a more holistic approach to continuous monitoring and threat management.”
Sophos Managed Risk is available as an extended service with Sophos MDR, which already protects more than 21,000 organizations globally. The Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments.
“Sophos Managed Risk simplifies the difficult and resource consuming task of identifying vulnerabilities, really understanding the extent of risk exposure, and prioritizing necessary remediations,” said Kieron Stone, cybersecurity business development manager at Phoenix Software Ltd. “As a trusted managed service provider (MSP), this is a service we’re proud to stand behind, and nearly all our customers using it have already discovered significant vulnerabilities that they were previously unaware of. For organizations that don’t already have a well-defined vulnerability patching cadence, this is a must-have service for the identification of vulnerabilities and building that schedule; and for organizations that are already managing vulnerabilities, it’s a second set of eyes for added peace of mind that they’re not missing anything.”
Organizations benefit through regular interaction, including scheduled meetings with Sophos experts to review recent discoveries, insights into the current threat landscape, and recommendations for remediation and prioritizing actions. Additionally, organizations can initiate inquiries via the Sophos Central platform, allowing users to directly engage with the Sophos Managed Risk team for tailored support, reports and to review their latest prioritized alerts.
“You can’t fix what you can’t see. Sophos Managed Risk is shining a light on areas of exposure that require remediation in order to keep customers protected. Combining Sophos’ elite MDR experts with Tenable’s industry-leading exposure management technology gives us a full picture view of vulnerabilities with the guidance we need to minimize risk,” said Brooks Roy, president at Communications Consulting, Inc. “The real value add for us as a channel partner is having the ability to easily manage Sophos Managed Risk’s prioritized alerts across our customer base on the Sophos Central dashboard.”
Sophos Managed Risk is available with a term license through Sophos’ global network of channel partners and Managed Service Providers (MSPs). A Sophos MSP Flex version will be available in 2024.
GRTech
Unlocking Digital Inclusion: S.Mobile and MTN Nigeria Partner for MoMo PSB and Data Bundles, Airtime
In a move that promises to revolutionize access to digital services and financial inclusion for millions of Nigerians, S.Mobile has joined forces with MTN Nigeria.
This strategic partnership focuses on the distribution of MTN’s MoMo Payment Service Bank (PSB) and data bundles, offering a seamless gateway to financial services and connectivity.
The collaboration brings together two industry leaders with unique strengths. MTN Nigeria, the country’s largest telecom provider, boasts an extensive network and deep understanding of the Nigerian market. S.Mobile, known for its innovative digital solutions and commitment to financial inclusion, enhances the digital landscape with its user-friendly platforms. Together, they are poised to deliver unparalleled services to everyone, from individuals to businesses.
Boosting Financial Inclusion with MoMo PSB
A key aspect of this partnership is the promotion of MTN’s MoMo PSB, a groundbreaking initiative aimed at extending financial services to the unbanked and underbanked. By leveraging MTN’s vast network, MoMo PSB empowers users to access banking services, make transfers, settle bills, and save money directly from their mobile devices, eliminating the need for traditional bank accounts.
S.Mobile plays a crucial role by facilitating MoMo PSB adoption through its digital platforms and partner network. Integrating MoMo PSB simplifies participation in the formal financial system, especially for Nigerians in remote or underserved areas. This move is expected to significantly boost financial inclusion across the country, enabling more people to manage their finances efficiently and securely.
Revolutionizing Data Bundle Distribution
Beyond MoMo PSB, the partnership focuses on distributing MTN data bundles through S.Mobile’s platforms. With internet usage skyrocketing in Nigeria, the demand for reliable and affordable data is paramount. This collaboration seeks to meet that demand by providing consumers with easy access to data bundles, ensuring uninterrupted connectivity for work, learning, and entertainment.
S.Mobile’s user-friendly interface allows customers to purchase data bundles directly, with real-time updates and instant delivery. This convenience is invaluable for businesses and individuals who rely on a steady internet connection. Integrating MTN’s data services enhances the digital experience for S.Mobile’s customers while driving data usage throughout the country.
A Win-Win Collaboration
This partnership benefits both companies and, more importantly, the millions of Nigerians who stand to gain from enhanced services. For MTN Nigeria, collaborating with S.Mobile represents an opportunity to further expand their reach and deepen their impact in the Nigerian market. S.Mobile’s distribution network and digital expertise ensure wider accessibility of MTN’s services.
For S.Mobile, partnering with MTN strengthens its position as a key player in the Nigerian digital economy. Offering MoMo PSB and MTN data bundles attracts new customers, enhances service offerings, and fosters greater engagement on their platform. This also aligns with S.Mobile’s mission to empower Nigerians with the tools and services they need to thrive in a digital world.
Looking Ahead
As the S.Mobile and MTN Nigeria partnership takes off, both companies are optimistic about the future. They are committed to continuous innovation and improvement of services to meet evolving customer needs. This collaboration goes beyond business; it’s about empowering millions of Nigerians with the financial and digital tools they need to succeed.
The combined strengths of S.Mobile and MTN Nigeria set a new standard for service delivery, ensuring more Nigerians can access the financial services and connectivity they need. The CEO, Adonu Kingsley Ifeanyi, assures that they will continue to work together, and the impact of this partnership will be felt across the country, driving growth, innovation, and inclusion in the digital age.
GRTech
Ransomware Groups Weaponize Stolen Data to Increase Pressure on Targets Who Refuse to Pay, Sophos Report Finds
Sophos, a global leader of innovative security solutions for defeating cyberattacks, today released a new dark web report, “Turning the Screws: The Pressure Tactics of Ransomware Gangs,” which details how cybercriminals are weaponizing stolen data to increase pressure on targets who refuse to pay.
This includes sharing the contact details or doxing the family members of targeted CEOs and business owners, as well as threatening to report any information about illegal business activities uncovered in stolen data to the authorities.
In the report, Sophos X-Ops shares posts found on the dark web that show how ransomware gangs refer to their targets as “irresponsible and negligent,” and in some cases, encourage individual victims whose personal information was stolen to pursue litigation against their employer.
“In December 2023, in the wake of the MGM casino breach, Sophos began taking note of ransomware gangs’ propensity to turn the media into a tool they can use to not only increase pressure on their victims but take control of the narrative and shift the blame. We are also seeing gangs singling out the business leaders they deem ‘responsible’ for the ransomware attack at the companies they target. In one post we found, the attackers published a photo of a business owner with devil horns, along with their social security number. In a different post, the attackers encouraged employees to seek ‘compensation’ from their company, and, in other cases, the attackers threatened to notify customers, partners and competitors about data breaches. These efforts create a lightning rod for blame, increasing the pressure on businesses to pay up and potentially exacerbating the reputational damage from an attack,” said Christopher Budd, director, threat research, Sophos.
Sophos X-Ops also found multiple posts by ransomware attackers detailing their plans to search for information within stolen data that could be used as leverage if companies don’t pay. For example, in one post, the WereWolves ransomware actor notes that any stolen data is subject to “a criminal legal assessment, a commercial assessment and an assessment in terms of insider information for competitors.” In another example, the ransomware group Monti noted that it found an employee at a targeted company searching for child sexual abuse material and threatened to go to the police with the information if the company didn’t pay the ransom.
These posts align with a broader trend of criminals seeking to extort companies with increasingly sensitive data relating to employees, clients or patients, including mental health records, the medical records of children, “information about patients’ sexual problems” and “images of nude patients.” In one ransomware case, the Qiulong ransomware group posted the personal data of a CEO’s daughter, as well as a link to her Instagram profile.
“Ransomware gangs are becoming increasingly invasive and bold about how and what they weaponize. Compounding pressure for companies, they’re not just stealing data and threatening to leak it, but they’re actively analyzing it for ways to maximize damage and create new opportunities for extortion. This means that organizations have to not only worry about corporate espionage and loss of trade secrets or illegal activity by employees, but also about these issues in conjunction with cyberattacks,” said Budd.
Read the full report “Turning the Screws: The Pressure Tactics of Ransomware Gangs” on Sophos.com.
Startups
Scaleup with STEP: How STEP Empowering Startups & Talent in Africa
Africa is rapidly becoming a hotbed for innovation, entrepreneurship, and technological advancements.
Yet, for many startups and talented individuals, the journey from concept to market traction and revenue is often fraught with challenges.
Enter the Startup and Talent Enhancement Program (STEP), a pioneering initiative by IDEA Africa, with support from the UK-Nigeria Tech Hub. STEP is not just a program; it’s a transformative force empowering startups and talent across Africa to scale up and achieve sustainable growth.
The vision of STEP is simple yet profound: to bridge the gap between potential and success for startups that have moved beyond the post-revenue stage but are struggling with technical debt, growth hacking, marketing, and other critical areas. How? By giving them access to a large pool of professionally trained talent, strategic market advice from industry experts with years of experience, and a community with like-minded people and fellow founders. By providing targeted intervention and strategic resources, STEP ensures that these startups are not just surviving but thriving.
STEP’s approach is holistic, providing support in multiple areas crucial for startup success. From offering technical assistance, helping startups overcome technical debt and improve their product offerings to providing growth hacking strategies and tools to drive rapid growth and scale operations, to offering marketing insights and resources to effectively market products and reach the right audience and also assisting startups in developing robust business strategies that ensure long-term success.
STEP is committed to empowering individual talent and helping mentors attain fulfilment. By connecting skilled professionals and experienced mentors with high-potential startups, STEP not only helps these individuals find meaningful work and fulfilment but also fosters a culture of innovation and collaboration. This creates a dynamic ecosystem where both startups, talent and mentors can thrive.
To maintain the quality and impact of the program, STEP employs a rigorous selection process. Startups are evaluated based on their growth potential, market fit, and alignment with STEP’s objectives. This ensures that only the most promising startups, ready to embrace transformative changes, are chosen. The result is a cohort of high-potential startups primed for success.
Why STEP?
We are not just another initiative, but an organisation committed to transforming lives and businesses. We believe in the power of local startups to drive economic growth and create jobs. With tailored support and resources, we help you overcome challenges and reach new heights. Also, we provide comprehensive talent and mentor support, connecting you with skilled professionals who can help take your business to the next level. At STEP, we are dedicated to the professional growth of individuals. Through our program, selected talent will receive upskilling opportunities and access to job placements that match their skills, ensuring a bright future for all.
Application Details:
Key Dates:
- Application Period: July 22nd – August 31st, 2024
How to Apply for Startups, Talent and Mentors:
- Click www.steptech.ng
- Select your track
- Create an account with us
- Verify your email
- Log in to start your application
How to Apply for Hubs:
- Send a mail to [email protected] with “Hub Application” as the subject
Join STEP in Transforming the Startup Ecosystem
We invite all innovators, from startups to mentors, talent, and hubs, to join us in this exciting journey. STEP is your opportunity to make a significant impact, drive innovation, and contribute to the growth of the startup ecosystem in Enugu, Rivers, and Ekiti states.
“Scaleup with STEP” is not just a call to action; it is a testament to the potential and resilience of African startups and talent. By providing targeted support, fostering connections, and driving innovation, STEP is paving the way for a brighter future in Africa’s tech landscape. Join STEP today and be a part of this incredible transformation.
Join the Community
Stay connected with us on LinkedIn, Twitter, Instagram, and Facebook for updates, success stories, and live Q&A sessions. One of the most vital parts of STEP is the community that we are creating. By joining STEP, you join a community of like-minded innovators, tech enthusiasts, and industry experts. This community is a place to collaborate, share experiences, and form long-term connections that can help your startup grow.
Follow STEP’s innovative and exciting journey on social media platforms @steptechnigeria on Instagram, Facebook, LinkedIn, and X.
For more information, visit the website or contact the team at [email protected].
About IDEA Africa:
IDEA Africa is a leading organization dedicated to fostering innovation and entrepreneurship across Africa.
Through various initiatives and partnerships, IDEA Africa supports the growth of startups and the professional development of talent, driving economic growth and technological advancement in the region.