Table of contents
What is data exfiltration?
Data exfiltration is the unauthorized transfer of data from a computer or other device. It can be conducted manually via physical access to a computer or as an automated process using malicious programming on the internet or a network.
Data exfiltration is also known as: data extrusion, data exportation, data leaks, data leakage, data loss, and data theft.
How data exfiltration works
While data exfiltration attacks can be carried out by malicious actors, it can also happen due to unintentional human error. There are three common ways data exfiltration can occur:
- External attack: The most common source of data loss is email, and phishing is the most common technique used. These attacks are typically targeted, with the objective of gaining access to a network or machine to locate and copy specific data.
- Accidental loss: Employees and business partners may accidentally be responsible for data exfiltration due to negligence or oversight. For example, an employee may send out sensitive company data to an incorrect email address or copy a confidential document to a personal device, which is against company security policies.
- Disgruntled insider: In some rare cases, company insiders may intentionally copy or email sensitive data to cause harm. This can be done by an unhappy or former employee who still has access to company systems.
Why data exfiltration is important
According to an annual IBM report, the average total cost of a data breach was $3.92 million in 2019. For some industries, such as healthcare, this number can almost double. Data breaches in the United States were the most expensive, with an average cost of $8.19 million. The average size of the data breach was 25,575 records.
Data loss can lead to financial losses and have a long-lasting impact on an organization’s reputation.
How to protect against data exfiltration
Here are a number of strategies that organizations can put in place to prevent data exfiltration:
- Deploy data loss prevention (DLP). DLP is a set of technology and business policies to make sure end users do not send sensitive or confidential data outside the organization. A DLP system scans all outbound email to look for pre-determined patterns that might indicate sensitive data, including credit card numbers, Social Security numbers, and HIPPA medical terms. Messages containing this type of sensitive data are automatically encrypted or blocked from being sent out, depending on the policy.
- Set up encryption policies. Establish policies to encrypt sensitive data while it’s in transit. Encrypted messages cannot be intercepted or tampered with by hackers.
- Prevent phishing attacks. Phishing attacks are commonly used by malicious actors in data exfiltration attacks. Investing in good anti-phishing technologies that will detect and block phishing attacks is a must to prevent data loss.
- Revoke data access for former employees and contractors. Organizations must stay on top of who has access to their sensitive data and revoke access to employees or partners as soon as a business relationship is over. Leaving access open for even an extra day may cause a serious security breach.
- Educate your employees. Invest in educating your users on how to recognize phishing attacks that may lead to data exfiltration and how to follow internal policies on data security. The number one cause of data loss is human error, so make sure your employees understand how to keep company data secure.
- Back up your data. Unfortunately, some organizations may face a security breach that will lead to data loss. It’s important for organizations to be prepared and back up all of their data so they can quickly restore any lost data without a negative impact on their business operations and productivity.