How to Prevent Data Exfiltration

What is Data Exfiltration?

Data exfiltration is a form of a security breach that occurs when data is copied, transferred, or retrieved from a server without authorization. The data can be sensitive information about customers and employees, financial or strategic information, product designs or intellectual property, or any data that could undermine an organization’s market competitiveness. When this data is purposefully leaked from the organization without permission, it is known as data exfiltration and when it is lost, the organization suffers a data breach.

Why does Data Exfiltration Occur?

The primary objective of stealing data from organizations is usually monetary gain. Cyber-criminals or malicious insiders exfiltrate data so that they can either ransom it back to the organization, sell it for profit on the dark web. New evolutions of ransomware are designed to not only encrypt data but to exfiltrate it and make it publicly available if organizations fail to pay.

Data Exfiltration over Email

With over 300 billion emails sent and received each day, email is an obvious vector for data exfiltration. With so much traffic, it can be difficult for organizations to distinguish between what is a legitimate communication and what is a data exfiltration threat.

Threats can come from the inside, where an employee with access to systems and databases can send out sensitive or valuable data at the click of a button, or from an external source, via a spear-phishing or malware attack. Spear-phishing emails are cleverly targeted, crafted to look like they come from someone known to the recipient, this could be a fellow employee, customer, or supplier. They encourage the recipient to share sensitive data or to open an attachment that releases malware into the network.

Data Exfiltration via Removable Media

If access is not controlled, organizations risk data being uploaded to removable media devices such as USBs, external drives, or mobile phones. A data exfiltration study by McAfee revealed that 40% of data exfiltration activities involved physical media, such as stealing laptops or downloading to a USB drive. These statistics highlight the need for access controls and appropriate read/write permissions on endpoint devices.

Data Loss in the Cloud

The popularity of file-sharing tools such as Google Drive and DropBox offer both convenience and flexibility when it comes to moving data. However, they also bring risk. Without controlling what information can be saved or downloaded from the cloud, organizations increase the risk of a data breach or a cyber-attack. Without controls in place, a person with access is free to download, save, and print any of the data stored in the cloud.

Solutions to Prevent Data Exfiltration

To mitigate the threat of data exfiltration, organizations can deploy data loss prevention software tools at key egress points – email, web (cloud), and the endpoint. The security software provides visibility of the data being shared (who is sending what to whom) and allows controls to be put in place that prevents sensitive data from leaving the organization and malware from getting in.

Adaptive DLP technology can also scan contents of files for sensitive or hidden data and potential cyber-threats, and automatically removes, deletes, or sanitizes the files before they are opened or shared. This automated process occurs in real-time, significantly reducing the risk of data exfiltration attempts succeeding.

For more information on how to protect your organization from data exfiltration threats, please contact [email protected]