No, I do not want to install your app.

No, I do not want that app to run on startup.

No, I do not want that app shortcut on my desktop.

No, I do not want to subscribe to your newsletter.

No, I do not want your site to send me notifications.

No, I do not want to tell you about my recent experience.

No, I do not want to sign up for an account.

No, I do not want to sign up using a different service and let the two of you know about each other.

No, I do not want to sign in for a more personalized experience.

No, I do not want to allow you to read my contacts.

No, I do not want you to scan my content.

No, I do not want you to track me.

No, I do not want to click "Later" or "Not now" when what I mean is NO.

Today we released the 2025 Sophos Active Adversary Report (AAR), looking at data from 413 incident-response cases handled by our X-Ops MDR and IR teams in 2024. This edition of the report has a number of interesting findings, a vastly expanded dataset, and -- in honor of our fifth anniversary -- a gift for the curious. /1

https://news.sophos.com/en-us/2025/04/02/it-takes-two-the-2025-sophos-active-adversary-report/

The 2025 Sophos Active Adversary Report is out.

I thread these every year as, personally, I think yearly IR and MDR reports are the best source of data for defenders on _real world_ threats.

https://news.sophos.com/en-us/2025/04/02/2025-sophos-active-adversary-report/

Key take aways for me:

- Despite what you read from scare vendors, ransomware dwell time (initial access to deployment) is still measured days.

It is not hopeless and by active monitoring you *can* stop attackers.