Data exfiltration is the unauthorised copying or transferring of business data. Malicious third parties can steal data through social engineering scams, such as phishing or through a targeted attack on sensitive data. Risk also comes from inside the company, with disgruntled or terminated employees posing a threat.
It's also worth considering the impact of human error — through simple mistakes or improper training, employees can unwittingly exfiltrate data. For example, they might send an email to the wrong person or take a USB stick of files to work on at home.
No matter how it happens, data exfiltration puts your business at risk. You may be subject to regulatory fines, reputation damage, and legal ramifications. It's crucial to all companies, large and small, to protect personal information, financial data, and proprietary technology.
Two high-profile data exfiltration cases
1. Morrisons supermarket data breach
In 2015, investigators found a Morrisons employee guilty of exfiltrating the personal information of 100,000 workers — including salaries and bank details. Reports show Morrisons to have paid out over £2m in compensation to its workforce.
2. LinkedIn data breach
This social network has been a target several times, but the details of 700 million users appeared for sale on the dark web more recently. While this data didn't include login information or financial details, there was enough on each person to assist criminals in fraud or identity theft.
Best practices to protect against data exfiltration
It's essential to prevent data exfiltration, especially if your business has any sensitive information it needs to keep safe. Below are some tools and practices businesses can use to ensure that data remains as secure as possible.
System information and event management
System information and event management (SIEM) solutions are fundamental to many security strategies because they allow businesses to monitor data from a centralised dashboard. That's helpful to protect against exfiltration as you'll be able to analyse the information to detect trends. If a data breach occurs, it can be easier to connect several small events to establish a timeline.
These solutions, give you the ability to index, archive, and search email content. That means you can quickly analyse data flows and measure risk, which helps with compliance and keeping sensitive data safe.
Insecure passwords are a typical method used by hackers to gain access to a system. Employees should be encouraged to change their passwords regularly and follow a password policy to help keep their credentials secure. Both users and IT teams should also be aware of the dangers of default passwords on hardware, such as printers, GPS trackers, voice assistants, security cameras, smart TVs, and more.
It's also worth considering multi-factor authentication to increase security and make access more difficult for threat actors.
Businesses can encrypt data both at rest and while in transit. This strategy ensures that only those who are authorised to access it can. Check the relevant regulatory standards, as encryption is often part of the requirements for compliance. For data that's impossible to encrypt (such as paper documents), make sure additional security measures are in place.
Contextual machine learning
To prevent malicious exfiltration, the right software that understands the context of emails and the behavioural patterns of users is essential. Software such as Egress Prevent analyses user emails to understand the usual pattern of behaviour. If an event doesn't match these conditions, security teams receive the information needed to investigate.
This software can also let security teams know when an employee is ignoring security advice provided by the system. That means it's possible to detect trusted insiders if they access data they shouldn't or go outside their regular work.
Attackers like to leverage employee weaknesses and use social engineering attacks to trick them into downloading malware or sharing their credentials. To stop these attacks, employees must understand what to look out for and the proper actions to take. Training can help them recognise suspicious emails, links, websites, and phone calls.
More thorough training can also help employees understand why security measures are in place. That can stop them from circumventing procedures in the name of productivity.
It's essential to have policies in place outlining what happens when an employee leaves. At the very least, revoking access should occur immediately. However, when firing employees, further action needs to occur to prevent malicious activity. According to a paper produced by the Computer Emergency Response Team (CERT) at the Software Engineering Institute of Carnegie Mellon University in 2011, if an employee suspects they are about to be fired, they are more likely to engage in data exfiltration.
Companies can use analytics software to monitor the behaviour of these individuals closely. Businesses with significant amounts of sensitive data can set up this software to record user actions and alert the correct people if something looks suspicious.
Found this article helpful? There’s a full library of cybersecurity information in our email DLP hub – give it a bookmark for next time. Or if you’re interested in seeing how Egress Prevent stops data exfiltration, we’ll be more than happy to set you up with a no-strings-attached demo.
What kind of data exfiltration prevention tools are available to my enterprise?
A tool such as Egress Prevent uses contextual machine learning to protect against data exfiltration from within the company. This tool prevents emails from being sent to the wrong person and flags any suspicious activity to the right people in your business.
What's the difference between data exfiltration vs. data leakage?
Data exfiltration refers to the unauthorised removal of sensitive information. That could be due to human error, malicious intent, or theft by cybercriminals. Data leaks, however, are exposure of information through other means — for example, an employee leaving a smartphone containing sensitive files on a bus.
How should our enterprise respond to a data exfiltration incident?
Put simply, it's essential to plug the leak and fix any areas where hackers or insiders could exfiltrate data in the future.