1. Support
  2. Glossary

Data Exfiltration

What is data exfiltration?

Data exfiltration is the unauthorized transfer of data from a computer or other device. It can be conducted manually via physical access to a computer or as an automated process using malicious programming on the internet or a network.

Data exfiltration is also known as: data extrusion, data exportation, data leaks, data leakage, data loss, and data theft.

How data exfiltration works

While data exfiltration attacks can be carried out by malicious actors, it can also happen due to unintentional human error. There are three common ways data exfiltration can occur:

  • External attack: The most common source of data loss is email, and phishing is the most common technique used. These attacks are typically targeted, with the objective of gaining access to a network or machine to locate and copy specific data.
  • Accidental loss: Employees and business partners may accidentally be responsible for data exfiltration due to negligence or oversight. For example, an employee may send out sensitive company data to an incorrect email address or copy a confidential document to a personal device, which is against company security policies.
  • Disgruntled insider: In some rare cases, company insiders may intentionally copy or email sensitive data to cause harm. This can be done by an unhappy or former employee who still has access to company systems.

Why data exfiltration is important

According to an annual IBM report, the average total cost of a data breach was $3.92 million in 2019. For some industries, such as healthcare, this number can almost double. Data breaches in the United States were the most expensive, with an average cost of $8.19 million. The average size of the data breach was 25,575 records.

Data loss can lead to financial losses and have a long-lasting impact on an organization’s reputation.

How to protect against data exfiltration

Here are a number of strategies that organizations can put in place to prevent data exfiltration:

  • Deploy data loss prevention (DLP). DLP is a set of technology and business policies to make sure end users do not send sensitive or confidential data outside the organization. A DLP system scans all outbound email to look for pre-determined patterns that might indicate sensitive data, including credit card numbers, Social Security numbers, and HIPPA medical terms. Messages containing this type of sensitive data are automatically encrypted or blocked from being sent out, depending on the policy.
  • Set up encryption policies. Establish policies to encrypt sensitive data while it’s in transit. Encrypted messages cannot be intercepted or tampered with by hackers.
  • Prevent phishing attacks. Phishing attacks are commonly used by malicious actors in data exfiltration attacks. Investing in good anti-phishing technologies that will detect and block phishing attacks is a must to prevent data loss.
  • Revoke data access for former employees and contractors. Organizations must stay on top of who has access to their sensitive data and revoke access to employees or partners as soon as a business relationship is over. Leaving access open for even an extra day may cause a serious security breach.
  • Educate your employees. Invest in educating your users on how to recognize phishing attacks that may lead to data exfiltration and how to follow internal policies on data security. The number one cause of data loss is human error, so make sure your employees understand how to keep company data secure.
  • Back up your data. Unfortunately, some organizations may face a security breach that will lead to data loss. It’s important for organizations to be prepared and back up all of their data so they can quickly restore any lost data without a negative impact on their business operations and productivity.

Learn more about data exfiltration

Related terms

Further reading

How Barracuda can help

Barracuda Email Protection scans your email traffic to block malicious attachments and URLs, including those in phishing and spear-phishing emails. It also uses advanced analysis to spot typo-squatting, domain impersonation, and other signs of phishing.

Barracuda data loss protection and email encryption keep sensitive data — such as credit card numbers, Social Security numbers, HIPAA data, and more — from leaving your organization. Content policies can automatically encrypt, quarantine, or even block certain outbound emails based on their content, sender, or recipient.

Barracuda Email Protection also includes Impersonation Protection which uses powerful artificial intelligence engine that learns organizations’ unique communications patterns to identify and block real-time spear-phishing attempts. By finding anomalous signals in incoming messages, Impersonation Protection can prevent phishing and social-engineering attacks before they strike.

It’s important to train users to spot potential phishing emails and delete them. Users should err on the side of caution and confirm the authenticity of any unexpected email by contacting the apparent sender. Barracuda Security Awareness Training uses advanced training and simulation to measure your vulnerability to phishing emails and teach users how to avoid becoming victims of data theft, malware, and ransomware.

Barracuda Backup operates as the first line of defense against data loss during catastrophic system failure. By seamlessly integrating all your data — whether physical, virtual, or in the cloud — Barracuda Backup is the optimal solution for data protection in the modern age.

Have questions or want more information about data exfiltration? Get in touch right now!