Cyfer Tech Blog

The Impact of Compromised Backups on Ransomware Outcomes: How Cyfer Tech and Sophos Can Help

Ransomware attacks continue to pose a significant threat to organizations across various industries. While many companies rely on backups as their primary defense against data loss, recent research reveals the profound impact of compromised backups on ransomware outcomes. In this blog, we explore the findings from Sophos’ research into the implications of backup compromise and discuss how Cyfer Tech, as a Sophos Gold Partner, can help your organization strengthen its cybersecurity defenses and mitigate the risks associated with ransomware. 

Compromised Backups: A Disturbing Trend 

Backups are critical for business continuity and data recovery in the event of a ransomware attack. However, Sophos’ latest report shows that ransomware actors frequently target backups to increase the pressure on victims to pay the ransom. The study, conducted by independent research agency Vanson Bourne, surveyed 2,974 IT and cybersecurity professionals whose organizations experienced ransomware attacks in the past year. The findings are eye-opening: 

•  94% of ransomware victims reported that attackers attempted to compromise their backups. 
• 57% of backup compromise attempts were successful, impacting the recovery process for over half of all victims. 
• Ransomware recovery costs are eight times higher when backups are compromised, with overall recovery costs reaching $3M compared to $375K for those whose backups were not compromised. 

These statistics underscore the critical importance of protecting backups from ransomware attacks. 

 How Backup Compromise Impacts Ransomware Outcomes 

The research revealed several key insights into how backup compromise affects ransomware outcomes: 

Ransom demands and payments increase: Organizations whose backups were compromised received ransom demands that were, on average, more than double that of those whose backups weren’t impacted. Additionally, the median ransom payment for those whose backups were compromised was $2M, almost double the amount for those whose backups remained intact. 

Longer recovery times: Just 26% of victims whose backups were compromised fully recovered within a week, compared to 46% for those whose backups were not impacted. 

Greater likelihood of paying the ransom: Organizations with compromised backups were almost twice as likely to pay the ransom to recover encrypted data (67% vs. 36%). 

Recommendations to Protect Your Backups 

Given these alarming findings, it’s crucial to take proactive steps to secure your backups and reduce the risk of ransomware attacks. Here are some key recommendations: 

Take regular backups and store in multiple locations: This reduces the risk of losing all data if one backup is compromised. Implement multi-factor authentication (MFA) to secure cloud backup accounts. 

Practice recovering from backups: Regular practice ensures that your team is prepared to respond quickly and efficiently in the event of an attack. 

Secure your backups: Monitor for suspicious activity and respond quickly to potential threats to prevent backup compromise. 

How Cyfer Tech and Sophos Can Help 

Cyfer Tech, as a Sophos Gold Partner, offers cutting-edge cybersecurity solutions designed to protect your backups and strengthen your organization’s resilience against ransomware. Here’s how we can help: 

Sophos MDR (Managed Detection and Response): Sophos 24/7 expert-led MDR service provides continuous monitoring and rapid threat response. With over 500 cybersecurity experts, Sophos MDR detects and neutralizes advanced threats, including those targeting backups, with an average response time of just 38 minutes. 

Sophos XDR (Extended Detection and Response): For in-house IT teams, Sophos XDR offers visibility, insights, and tools to detect, investigate, and respond to attacks across multiple vectors. With Sophos XDR, you can leverage telemetry from your backup and recovery solution to quickly identify and respond to potential threats. 

By partnering with Cyfer Tech and Sophos, your organization can strengthen its defenses, reduce the risk of ransomware attacks, and ensure that your backups remain secure and uncompromised. To learn more about our cybersecurity solutions, contact us today and take the first step toward a safer digital future. 

Celebrating Sophos’ Leadership: Cyfer Tech’s Pride as a Gold Partner 

We are thrilled to announce that Sophos has been named a Leader in the IDC MarketScape for Worldwide Modern Endpoint Security for Small Businesses 2024! This recognition underscores Sophos’ commitment to providing top-tier endpoint security solutions, and we at Cyfer Tech are proud to be a Gold Partner with such an esteemed industry leader. 

Sophos: A Trusted Solution for Small Businesses 

Sophos’ achievement in the IDC MarketScape acknowledges its dedication to addressing the unique security needs of small businesses. The report emphasizes the challenges these organizations face in maintaining robust cybersecurity, often due to limited resources and a lack of in-house security expertise. As IDC’s research vice president, Michael Suby, points out, Sophos is an excellent choice for small businesses looking for comprehensive security without the need for extensive internal resources. 

Why Sophos Stands Out 

Sophos’ Managed Detection and Response (MDR) service is one of the standout offerings that contribute to this recognition. With over 20,000 customers already using Sophos MDR, small businesses can rely on 24/7 monitoring, incident response, and expert guidance to ensure they stay protected from evolving threats. This proactive approach helps reduce the risk of security incidents and data breaches that could be devastating for small businesses. 

Sophos’ innovative protection capabilities also play a key role in its leadership status. The IDC MarketScape highlights Sophos’ adaptive attack protection, critical attack warning, and data protection and recovery features. These advanced technologies ensure that even in the face of complex attacks, Sophos customers can maintain a strong security posture. 

Cyfer Tech: Partnering with Excellence 

As a Gold Partner with Sophos, Cyfer Tech is dedicated to bringing these cutting-edge security solutions to businesses of all sizes. We understand that cybersecurity can be overwhelming, especially for small businesses with limited resources. That’s why we are here to help. Our team is trained and certified to deploy and manage Sophos solutions, allowing your IT department to focus on core business activities without the burden of managing cybersecurity. 

Join the Sophos-Cyfer Tech Partnership 

If you’re looking to strengthen your business’s security and take the pressure off your IT department, contact Cyfer Tech today. We’re excited to share the benefits of our partnership with Sophos and demonstrate why it’s a trusted leader in the industry. From endpoint protection to advanced MDR services, we’ve got you covered. 

To learn more about Sophos’ leadership check out the 2024 IDC MarketScape for Worldwide Modern Endpoint Security for Small Businesses. And if you’re ready to explore how Sophos and Cyfer Tech can help protect your business, reach out to us for a personalized consultation. 

Let’s secure your business’s future together! 

Our Tips for Hardening Your Sophos Firewall

Here are some recommendations to harden the overall security of your Sophos Firewall. 

Keep Your Firmware Updated and Hotfixes Enabled – Every update to Sophos Firewall OS includes important security enhancements and, in some cases, important Hotfixes are released between updates. Ensure you keep your firmware up to date and have Hotfixes enabled under Backup & Firmware > Firmware. 

Limit Firewall Device Access – It’s critically important that you disable non-essential services on the WAN interface. In particular, HTTPS and SSH admin services. To manage your Firewall remotely, Sophos Central offers a much more secure solution than enabling WAN admin access. If the User Portal is not being used, we also recommend deactivating this service on the WAN as well. 

Check your local services access control under Administration > Device Access and ensure no items are checked for the WAN Zone unless absolutely necessary: 

Lock Down Remote Access to Other Network Systems – Do NOT expose any systems directly to the internet using NAT or Firewall Rules that allow inbound connections. This includes IoT devices. Review all your NAT and Firewall Rules and ensure there are no WAN to LAN rules. Use VPN or ZTNA only for remote administration and access for internal systems. For IoT devices, shut down any devices that require direct access via NAT and do not offer a cloud proxy service. 

Use Multi-Factor Authentication and Strong Passwords – Enable Multi-Factor Authentication or One Time Password (OTP) and enforce strong passwords which will protect your Firewall from unauthorized access either from stolen credentials or brute force hacking attempts. 

Use Role-Based Administration – Take advantage of Sophos Firewall’s granular role-based administration profiles to limit access for administrators of the firewall. Provide read-only access to administrators that don’t absolutely need control over various firewall functions. 

Enable TLS Inspection and Intrusion Prevention – IPS can help protect against intrusions and Denial of Service attacks, but only if encrypted traffic is inspected. Enable TLS inspection and IPS and ensure it’s configured to automatically update, and DoS protection is applied. 

Enable Firewall System Notifications – Sophos Firewall can be configured to alert administrators of system-generated events. Administrators should review the list of events and ensure that key events are monitored to ensure that issues and events can be acted upon promptly. Sophos recommends that you adopt a regular triage and investigation routine to make sure that no events are missed or left to linger too long. Notifications are sent via either email and/or to SNMP traps. To configure Notifications, navigate to Configure > System services and select the Notifications list tab.

Configure Country Blocking – As a security best practice you can further narrow your attack surface area by limiting exposure to regions you don’t do business with using country blocking