What is Data Exfiltration?

Data exfiltration, quite simply, is the risk of your data ending up somewhere it doesn’t belong. Though this definition might seem simple, understanding this risk is quite complicated — especially as companies migrate their data into the cloud. Companies that work remotely using cloud platforms like Google Drive, AWS, or Jira often struggle to maintain the visibility needed to ensure their data remains secure. This increases the risk of data exfiltration, which can often go undetected for weeks, if not longer.

Data exfiltration is a broad term, which is one of the reasons why this issue is so difficult to pinpoint and prevent. Here are some of the common perpetrators and causes of data exfiltration, as well as how IT and security teams can practice stronger data exfiltration prevention.

What is data exfiltration?

Technopedia’s data exfiltration definition is, “the unauthorized copying, transfer or retrieval of data from a computer or server.”

Data exfiltration takes place when a hacker or insider finds and copies specific data from a company’s device, usually using a remote application or installing malware on the device. These breaches take advantage of easily broken passwords (e.g., “12345”) or minimal security protocols (e.g., lack of 2FA).

There are different data exfiltration techniques that hackers often use to gain access to valuable information. Some of these techniques include:

• Social engineering: the practice of exploiting people to gain access to buildings, systems, or data (for instance, phishing or spoofing). 
• Outbound emails: someone uses an authorized business email or mobile device to send sensitive data from secure computer systems to untrusted third parties or insecure private systems. 
• Downloading information to insecure devices: someone transfers sensitive data to an insecure laptop, smartphone, external hard drive, or another device. 
• Insecure cloud behavior: an employee uses a cloud program in insecure ways, creating an opportunity for a hacker to requisition or modify virtual machines (VMs), deploy code, or otherwise infiltrate cloud storage.

Data exfiltration can result from insider threat and from external hackers. That’s one of the reasons why it’s often difficult to defend against data exfiltration: there are many attack vectors and opportunities for human error that IT teams must monitor and protect at all times.

Data exfiltration examples

A key part of preventing data exfiltration is understanding what to look for — and how to react accordingly. Research from McAfee can help guide your IT security team in prioritizing what, where and when to monitor your systems, platforms, and storage.

In the report, “Grand Theft Data II”, McAfee surveyed 700 IT and security professionals from both commercial-sized organizations (1,000 to 5,000 employees) and enterprise organizations (5,000+ employees).

Some key findings include: 

• Perpetrators: Internal actors were responsible for 39% of data loss, 45% of which is intentional. 
• The top three data exfiltration vectors included: Database leaks, cloud applications, and USB drives.
• Securing cloud infrastructure and applications were among the greatest area of concern for IT & security professionals. . 

These findings correlate with our own research. Last year in our report on mega-breaches (data breaches impacting 1 million or more records), we found that the largest breaches of the 21st century most commonly impacted cloud databases or other cloud infrastructure, with systems like AWS and Elasticsearch exposing billions of records.

How to detect data exfiltration

As both our research and Macafee’s report show, cloud systems can prove challenging to secure without the proper controls in place. . Data loss prevention is one such security control that can help identify where sensitive data lies in a system and whether or not it’s been accessed.

As more and more companies move to cloud-based programs, cloud DLP will become more necessary than other data exfiltration prevention tools.  A cloud DLP solution, like Nightfall, specifically discovers, classifies, and protects personally identifiable information (PII), protected health information (PHI), other unique identifiers, and credentials and secrets. 

Nightfall is unique in its use of machine learning-based detectors to identify tokens in a variety of contexts — such as within Slack messages, strings within your codebase, files, etc. Our built-in automation is fully capable of alerting security teams when sensitive content — including unstructured data found in MS Office — has been shared in an inappropriate setting or accessed, viewed, or modified by parties who are unauthorized to do so. With custom workflows, you can automatically redact, delete, or quarantine any tokens identified by Nightfall before any irreversible damage is done.

This data-centric approach to reducing exfiltration risk has the added benefit of cutting down on cloud data spray by illuminating where your most valuable data lives in the cloud. This allows IT teams to be proactive in their approach to monitoring insider threats. With automated alerts, IT teams can spend more time adding specific security protocols to patch vulnerabilities, training employees to help reduce the risk of social engineering, and other high value-add tasks.

To learn more about Nightfall, set up a demo using the calendar below.