What is Data Exfiltration? Tips for Preventing Data Exfiltration

Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.

Data is valuable currency. Don’t believe us? Data brokering is a $200 billion industry…and this doesn’t even include the data that’s sold on the dark web.

This data could include anything from email addresses to financial projections, and the consequences of this data being leaked can be far-reaching. Data can be leaked in a number of ways, but when it’s stolen, we call it data exfiltration. You may also hear it referred to as data theft, data exportation, data extrusion, and data exfil.

This article will explore what data exfiltration is, how it works, and how you can avoid the fines, losses, and reputational damage that can result from it.

Types of data exfiltration

Data exfiltration can involve the theft of many types of information, including:

• Usernames, passwords, and other credentials
• Confidential company data, such as intellectual property or business strategy documents
• Personal data about your customers, clients, or employees b
• Keys used to decrypt encrypted information
• Financial data, such as credit card numbers or bank account details
• Software or proprietary algorithms

To understand how data exfiltration works, let’s consider a few different ways it can be exfiltrated. 

Email 

According to IT leaders, email is the number one threat vector. It makes sense. 

Over 124 billion business emails are sent and received every day and employees spend 40% of their time on email, sharing memos, spreadsheets, invoices, and other sensitive information and unstructured data with people both in and outside of their organization. 

Needless to say, it’s a treasure trove of information, which is why it’s so often used in data exfiltration attempts. But how?

• Insider threats can email data to their own, personal accounts or third-parties
• External bad actors targeting employees with phishing, spear phishing, or ransomware attacks. Note:96% of phishing attacks start via email.

Remote access

Gaining remote access to a server, device, or cloud storage platform is another data exfiltration technique.

An attacker can gain remote access to a company’s data assets via several methods, including:

• Hacking to exploit access vulnerabilities
• Using a “brute force” attack to determine the password
• Installing malware, whether via phishing or another method
• Using stolen credentials, whether obtained via a phishing attack or purchased on the dark web

According to 2020 Verizon data, over 80% of “hacking” data exfiltration incidents involve brute force techniques or compromised user credentials. That’s why keeping passwords strong and safe is essential.

Remote data exfiltration might occur without a company ever noticing. Consider the now infamous 2020 SolarWinds hack: the attackers installed malware on thousands of organizations’ devices, which silently exfiltrated data for months before being detected.

Physical access 

As well as using remote-access techniques, such as phishing and malware, attackers can simply upload sensitive data onto a laptop, USB drive, or another portable storage device, and walk it out of a company’s premises..

Physically stealing data from a business requires physical access to a server or device. That’s why this method of exfiltration is commonly associated with current or former employees.

And it happens more frequently than you might think. One report shows that:

• 15% of all insiders exfiltrate data via USBs and 8% of external bad actors do the same
• 11% of all insiders exfiltrate data via laptops/tablets and 13% of external bad actors do the same

Here’s an example: in 2020, a Russian national tried to persuade a Tesla employee to use a USB drive to exfiltrate insider data from the company’s Nevada premises.

How common is data exfiltration?

So how significant a problem is data exfiltration, and why should your company take steps to prevent it? It’s hard to say how often data is successful exfiltrated from a company’s equipment or network. But we know that the cybercrime methods used to carry out data exfiltration are certainly on the increase.

For example, phishing was the leading cause of complaints to the FBI’s Internet Crime Complaint Centre (IC3) in 2020. The FBI’s data suggests that phishing incidents more than doubled compared to the previous year. The FBI also reported that the number of recorded personal data breaches increased from around 38,000 to over 45,000 in 2020.

Verizon’s 2020 data suggests that companies with more than 1000 employees were more likely to experience data exfiltration attempts—but that attacks against smaller companies were much more likely to succeed.

Verizon also noted that “the time required to exfiltrate data has been getting smaller,” but “the time required for an organization to notice that they have been breached is not keeping pace.” In other words, cybercriminals are getting quicker and harder to detect.

Consequences of data exfiltration

We’ve seen how data exfiltration, and cybercrime more generally, is becoming more common. But even if a company experiences one data exfiltration attack, the consequences can be devastating. There’s a lot at stake when it comes to the data in your company’s control.

Here are some stats from IBM about the cost of a data breach:

• The average data breach costs $3.6 million
• The cost is highest for U.S. companies, at $8.6 million
• Healthcare is the hardest-hit sector, with companies facing an average loss of $7.1 million

What are the causes of these phenomenal costs? Here are three factors:

• Containment: Hiring cybersecurity and identity fraud companies to contain a data breach is an expensive business—not to mention the thousands of hours that can be lost trying to determine the cause of a breach.
• Lawsuits: Many companies face enormous lawsuits for losing customer data. Trends suggest a continuing increase in data-breach class action cases through 2021.
• Penalties: Laws such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) enable regulators to impose significant fines for personal data breaches.

How to prevent data exfiltration

Understanding the form, causes, and consequences of data exfiltration is important. But what’s the best way to prevent data exfiltration?

🎓 Staff training

Business leaders know the importance of helping their employees understand information security. 

Staff training can help your staff spot some of the less sophisticated phishing attacks and learn the protocol for reporting a data breach.

However, while staff training is important, it’s not sufficient to prevent data exfiltration. Remember these words from the U.K.’s National Cyber Security Centre (NCSC):

“No training package (of any type) can teach users to spot every phish. Spotting phishing emails is hard.”

🚫 Blocking or denylisting

To prevent data exfiltration attempts, some organizations block or denylist certain domains or activities. This approach involves blocking certain email providers (like Gmail), domains, or software (like DropBox) that are associated with cyberattacks.

However, this blunt approach impedes employee productivity. Denylisting fails to account for the dynamic nature of modern work, where employees need to work with many different stakeholders via a broad variety of mediums.

💬 Labeling and tagging sensitive data

Another data loss prevention (DLP) strategy is to label and tag sensitive data. When DLP software notices tagged data moving outside of your company’s network, this activity can be flagged or prevented.

However, this approach relies entirely on employees tagging data correctly. Given how much data organizations handle, the manual process of tagging isn’t viable—employees may label incorrectly or not label sensitive at all.

🔒 Email data loss prevention (DLP)

Email is a crucial communication method for almost every business. But, as we’ve seen, it’s also a key way for fraudsters and criminals to gain access to your company’s valuable data.

According to Tessian platform data, employees send nearly 400 emails a month. In an organization with 1,000 employees, that’s 400,000 possible data breaches each month.

That’s why security-focused organizations seek to lock down this critical vulnerability by investing in email-specific DLP software.

⚡ Want to learn more about email DLP? We cover everything you need to know here: What is Email DLP? Complete Overview of DLP on Email.

How does Tessian prevent data exfiltration?

Tessian uses stateful machine learning to prevent data exfiltration on email by turning an organization’s own data into its best defense against inbound and outbound email security threats.  

Our Human Layer Security platform understands human behavior and relationships, enabling it to automatically detect and prevent anomalous and dangerous activity like data exfiltration attempts and targeted phishing attacks. 

To learn more about how Tessian detects and prevents data exfiltration attempts, check out our customer stories or talk to one of our experts today.