The inaugural Beazley Cyber Services Snapshot has taken a deep dive into the increasingly complex issue of data exfiltration. Gathering data from 2020 to Q1 2022, the report shows how extortion is evolving, why companies must take a multi-pronged approach to cybersecurity, and how they should respond to the risks.
“Extortion incidents no longer just involves file encryption,” said Raf Sanchez, Beazley’s global head of cyber services. We are seeing data exfiltration now prevalent in a significant majority of incidents reported to our cyber services team. Multiple threat actors are involved, and they are encrypting systems, stealing and selling data they’ve accessed, and also threatening to expose the fact that an organization’s data was stolen unless payment is provided.
“This is an increasingly complex landscape and it’s essential that organizations understand the threats and resulting vulnerabilities of these new threat vectors.”
The Q1 2022 snapshot shows a particularly notable rise in professional services firms falling victim to business email compromise – a figure that rose to 33%. There is risk in organizations’ own behavior as well. As more companies move their operations into the cloud, they make the common mistake of expecting that their cloud providers will provide security on their behalf.
“Often the [security] tools may be there, but they are not enabled by default,” said Beazley cyber services Manager for Paris, Jad Nehme. “In other words, you can’t just ‘cloud and go’ and expect a secure experience.”
Looking ahead, multi-factor authentication (MFA) is still essential, Beazley said. Without it, a threat actor who uses the correct credentials to connect to an organization’s system can remain undetectable. Forms of MFA that can be considered more secure include push notifications, time-based one-time passwords (TOTP), authenticator apps, and biometrics.
The Cyber Services Snapshot will be published with a different topical focus every quarter, updating key data points such as cause of loss by industry and business email compromise using incidents reported to Beazley, threat intelligence, and open-source data.