Data exfiltration, or the theft or unauthorized transfer of data from any device, is a common form of cyber crime, and specialist insurer Beazley found in a recent report that the criminals are becoming much more sophisticated.

The company released its inaugural Beazley Cyber Services Snapshot, which examines the growing issue of data exfiltration, how it’s evolving, and the ways organizations should respond to the risks. The report features data gathered between 2020 and the first quarter of 2022.

The report found that as data exfiltration tactics are evolving to include several bad actors within a single attack and many different risk exposures, it’s becoming increasingly important for companies to ensure a multi-faceted approach to cybersecurity.

“With risk looming on all fronts, just securing the perimeter is no longer enough,” the report said. “Organizations need a comprehensive approach that addresses all stages of the ransomware kill chain in order to be resilient and minimize damage from attacks,”

This comes as extortion incidents no longer involve only encrypted files, the report said. Threat actors are also threatening to expose the fact that data was stolen if payment isn’t made, and even threatening organizations with things like double or triple extortion.

Double extortion occurs when a threat actor both encrypts and exfiltrates data from a victim’s network, demanding a ransom for a key to decrypt the data and to delete the stolen data. However, that doesn’t necessarily mean the data will be gone, the report said.

“The data may then find its way into the dark web for others to leverage,” according to the report. “Even if the original threat actor has been paid for data destruction, it is almost impossible to ensure that the information is not accidentally or intentionally shared with other threat actors.”

Double extortion now occurs in the majority of extortion incidents, the report said, including two out of every three incidents Beazley’s Cyber Services team saw in the first quarter of 2022.

Beyond double extortion, triple extortion happens when a threat actor encrypts and threatens to publish exfiltrated data online, as well as engages in further pressuring of a victim. This could include threatening denial of service attacks against a victim’s remaining infrastructure or threats to contact individuals whose personal details have been stolen if the organization doesn’t pay the ransom.

One big challenge is that it’s becoming easier to deploy ransomware and malware, according to the report, which gives threat actors more access than ever before.

This is because many of the tools used to employ ransomware tactics are becoming cheaper to rent and can be made publicly available for anyone with minimal coding skills to use. As organizations shift their approach to business to improve efficiency and stay on top of the latest technology, they risk exposing themselves to more threats as well.

“Organizations are moving business operations into the cloud to scale operations more efficiently than they could using their own infrastructure and are increasingly taking advantage of machine learning and artificial intelligence functionality,” the report said. “All of these decisions present potential threat vectors.”

Beazley’s report stated that one of the most essential tactics for defending against threats to an organization’s data is multi-factor authentication, or MFA.

“There are more and less secure forms of MFA, and attackers are increasingly using techniques like social engineering to get around protections,” the report said. “This is not a place to skimp.”

More secure forms of MFA include push notifications, time-based, one-time passwords, authenticator apps, and biometrics, among other methods.

One of the most important things to remember if an attack occurs, the report said, is never to act out of fear. Negotiation can buy critical time to prepare to respond by making sure networks are secure and backups are operational, determining what data the threat actors have, and preparing communications.

“We are seeing data exfiltration now prevalent in a significant majority of incidents reported to our cyber services team. Multiple threat actors are involved, and they are encrypting systems, stealing and selling data they’ve accessed, and also threatening to expose the fact that an organization’s data was stolen unless payment is provided,” said Raf Sanchez, Beazley’s global head of cyber services, in a company press release. “This is an increasingly complex landscape and it’s essential that organizations understand the threats and resulting vulnerabilities of these new threat vectors.”

The report also found that fraud, both with and without system infiltration, is experiencing a notable rise, and vendor incidents are becoming more prevalent. Business email compromise also remains an issue, according to the report, with a particularly notable rise in professional services firms becoming victim to this attack – this industry class rose to 33% in the first quarter of this year.

Beazley plc is the parent company of specialist insurance businesses with operations in Europe, North America, Latin America, and Asia. It manages seven Lloyd’s syndicates, and its underwriters in the U.S. focus on writing a range of specialist insurance products. The company’s chosen lines include professional indemnity, cyber liability, property, marine, reinsurance, accident and life, and political risks and contingency business.