TBH thats been the case for quite some time, its hardly a revelation from Sophos here.
Any serious intrusion has been using SSL traffic for C2 for a long old time.
The reasons are two fold:
1) its encrypted (like duh!)
2) Your network already chucks out so much SSL that they hide in the background noise
So you could always use something clever to decrypt and inspect at your edge - assuming that in 2021 you actually still have a physical edge now your workforce is working from home.
Assuming you have a physical edge, all you need to do is to deploy forward trust certs to all of your endpoints so the magic box can inspect the traffic.... at this point in any complex environment you then need to start building an exception list for decryption or everything breaks.... shortly after this you'll probably look for a low beam and a length of rope.
Your mileage may vary, but in a large complex environment....
You could always use ETDR solutions rather than network intercept, might be easier these days. Just make sure you buy the correct vendor one or you'll discover a large chunk of your platforms aren't supported either...