Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way.
Data is valuable currency. Don’t believe us? Data brokering is a $200 billion industry…and this doesn’t even include the data that’s sold on the dark web.
This data could include anything from email addresses to financial projections, and the consequences of this data being leaked can be far-reaching. Data can be leaked in a number of ways, but when it’s stolen, we call it data exfiltration. You may also hear it referred to as data theft, data exportation, data extrusion, and data exfil.
Data exfiltration is the act of deliberately moving sensitive data from inside an organization to outside an organization’s perimeter without permission. This can be done through hacking, malware, or a social engineering attack.
This article will explore what data exfiltration is, how it works, and how you can avoid the fines, losses, and reputational damage that can result from it.
Data exfiltration can involve the theft of many types of information, including:
To understand how data exfiltration works, let’s consider a few different ways it can be exfiltrated.
According to IT leaders, email is the number one threat vector. It makes sense.
Over 124 billion business emails are sent and received every day and employees spend 40% of their time on email, sharing memos, spreadsheets, invoices, and other sensitive information and unstructured data with people both in and outside of their organization.
Needless to say, it’s a treasure trove of information, which is why it’s so often used in data exfiltration attempts. But how?
⚡ To learn more about insider threats, check out this article: 11 Real Examples of Insider Threats
⚡ For more information about phishing, click here: What is Spear Phishing? Targeted Phishing Attacks Explained
Gaining remote access to a server, device, or cloud storage platform is another data exfiltration technique.
An attacker can gain remote access to a company’s data assets via several methods, including:
According to 2020 Verizon data, over 80% of “hacking” data exfiltration incidents involve brute force techniques or compromised user credentials. That’s why keeping passwords strong and safe is essential.
Remote data exfiltration might occur without a company ever noticing. Consider the now infamous 2020 SolarWinds hack: the attackers installed malware on thousands of organizations’ devices, which silently exfiltrated data for months before being detected.
As well as using remote-access techniques, such as phishing and malware, attackers can simply upload sensitive data onto a laptop, USB drive, or another portable storage device, and walk it out of a company’s premises..
Physically stealing data from a business requires physical access to a server or device. That’s why this method of exfiltration is commonly associated with current or former employees.
And it happens more frequently than you might think. One report shows that:
Here’s an example: in 2020, a Russian national tried to persuade a Tesla employee to use a USB drive to exfiltrate insider data from the company’s Nevada premises.
⚡ We’ve rounded up a dozen examples of data exfiltration here: 12 Examples of Data Exfiltration.
So how significant a problem is data exfiltration, and why should your company take steps to prevent it?
It’s hard to say how often data is successful exfiltrated from a company’s equipment or network. But we know that the cybercrime methods used to carry out data exfiltration are certainly on the increase.
For example, phishing was the leading cause of complaints to the FBI’s Internet Crime Complaint Centre (IC3) in 2020. The FBI’s data suggests that phishing incidents more than doubled compared to the previous year.
The FBI also reported that the number of recorded personal data breaches increased from around 38,000 to over 45,000 in 2020.
Verizon’s 2020 data suggests that companies with more than 1000 employees were more likely to experience data exfiltration attempts—but that attacks against smaller companies were much more likely to succeed.
Verizon also noted that “the time required to exfiltrate data has been getting smaller,” but “the time required for an organization to notice that they have been breached is not keeping pace.” In other words, cybercriminals are getting quicker and harder to detect.
We’ve seen how data exfiltration, and cybercrime more generally, is becoming more common.
But even if a company experiences one data exfiltration attack, the consequences can be devastating. There’s a lot at stake when it comes to the data in your company’s control.
Here are some stats from IBM about the cost of a data breach:
What are the causes of these phenomenal costs? Here are three factors:
Understanding the form, causes, and consequences of data exfiltration is important. But what’s the best way to prevent data exfiltration?
Business leaders know the importance of helping their employees understand information security.
Staff training can help your staff spot some of the less sophisticated phishing attacks and learn the protocol for reporting a data breach.
However, while staff training is important, it’s not sufficient to prevent data exfiltration. Remember these words from the U.K.’s National Cyber Security Centre (NCSC):
“No training package (of any type) can teach users to spot every phish. Spotting phishing emails is hard.”
To prevent data exfiltration attempts, some organizations block or blacklist certain domains or activities. This approach involves blocking certain email providers (like Gmail), domains, or software (like DropBox) that are associated with cyberattacks.
However, this blunt approach impedes employee productivity. Blacklisting fails to account for the dynamic nature of modern work, where employees need to work with many different stakeholders via a broad variety of mediums.
Another data loss prevention (DLP) strategy is to label and tag sensitive data. When DLP software notices tagged data moving outside of your company’s network, this activity can be flagged or prevented.
However, this approach relies entirely on employees tagging data correctly. Given how much data organizations handle, the manual process of tagging isn’t viable—employees may label incorrectly or not label sensitive at all.
Email is a crucial communication method for almost every business. But, as we’ve seen, it’s also a key way for fraudsters and criminals to gain access to your company’s valuable data.
According to Tessian platform data, employees send nearly 400 emails a month. In an organization with 1,000 employees, that’s 400,000 possible data breaches each month.
That’s why security-focused organizations seek to lock down this critical vulnerability by investing in email-specific DLP software.
⚡ Want to learn more about email DLP? We cover everything you need to know here: What is Email DLP? Complete Overview of DLP on Email.
Tessian uses stateful machine learning to prevent data exfiltration on email by turning an organization’s own data into its best defense against inbound and outbound email security threats.
Our Human Layer Security platform understands human behavior and relationships, enabling it to automatically detect and prevent anomalous and dangerous activity like data exfiltration attempts and targeted phishing attacks.