How does Sophos aim to improve cybersecurity?
Founded in 1985, and protecting more than 500,000 organisations and millions of consumers, Sophos is a recognised worldwide leader in next-generation cybersecurity.
Powered by threat intelligence, AI and machine learning (ML) from SophosLabs and SophosAI, Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyberattacks.
Sophos provides a single integrated cloud-based management console, Sophos Central – the centerpiece of an adaptive cybersecurity ecosystem that features a centralised data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity vendors. Sophos sells its products and services through reseller partners and managed service providers (MSPs) worldwide.
Reaching a peak in ransomware
Sophos recently released its annual survey and review of real-world ransomware experiences in the State of Ransomware 2022. The report shows that 66% of organisations surveyed were hit with ransomware in 2021, up from 37% in 2020.
The average ransom paid by organisations that had data encrypted in their most significant ransomware attack, increased nearly fivefold to reach US$812,360, with a threefold increase in the proportion of organisations paying ransoms of US$1mn or more. 46% of the organisations that had data encrypted paid the ransom to get their data back, even if they had other means of data recovery, such as backups.
“Alongside the escalating payments, the survey shows that the proportion of victims paying up also continues to increase, even when they may have other options available,” said Chester Wisniewski, principal research scientist at Sophos. “There could be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site. In the aftermath of a ransomware attack there is often intense pressure to get back up and running as soon as possible. Restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option. It’s also an option fraught with risk. Organisations don’t know what the attackers might have done, such as adding backdoors, copying passwords and more. If organisations don’t thoroughly clean up the recovered data, they’ll end up with all that potentially toxic material in their network and potentially exposed to a repeat attack.”
Expanding Sophos’ cybersecurity ecosystem
Sophos has acquired SOC.OS, an innovator of a cloud-based security alert investigation and triage automation solution.
With SOC.OS, Sophos plans to advance its Managed Threat Response (MTR) and Extended Detection and Response (XDR) solutions for organisations of all sizes. SOC.OS will also help Sophos expand its Adaptive Cybersecurity Ecosystem, which underpins all of Sophos’ security solutions. This will include providing alerts and events from third-party endpoint, server, firewall, Identity and Access Management (IAM), cloud workload, email, and mobile security products.
“Alert fatigue and lack of visibility still plague security teams worldwide. Considering this, against the backdrop of constantly changing cyberthreats and a challenging talent landscape, defenders need new and innovative products and services that can help them solve more complex incidents in less time,” said Dave Mareels, chief executive officer and co-founder, SOC.OS. “For many defenders, however, the complexity and cost of traditional security solutions act as barriers to adoption.By joining forces with Sophos, we can address these challenges together, head on. The sum is greater than our parts, and by combining our capabilities, we’re positioned to offer truly unique, cost effective and highly accessible products and services to those who need it most, on a global scale.”
