Data exfiltration refers to the unauthorized copying, transfer, or retrieval of data from a company computer or server. It can be performed by a variety of actors: by outsiders through malware or phishing attacks that can lead to data breaches, by malicious insiders looking to inflict harm on an organization for their own or other entities’ gain, or by careless insiders who leak data by accident. Most often, data exfiltration is a deliberate attempt to appropriative sensitive and valuable data.
Types of Data Exfiltration
There are several ways in which data is exfiltrated on-site by malicious insiders. The most common method, is outbound emails. Legitimate users attach files containing sensitive data to emails and send them to their personal email accounts. They can also copy-paste sensitive information directly into the body of emails or forward confidential internal communications to their own or competitors’ email addresses.
The second most popular data exfiltration method is uploading sensitive data to cloud storage websites. Information can be exfiltrated from cloud storage when data is uploaded to insecure or misconfigured services. Misconfiguration in particular is a common cause for data leakage when uploaded files are accidentally left exposed to the public. Malicious insiders may also intentionally misconfigure services to give access to unauthorized third parties or make files accessible to themselves from a personal device. Uploading sensitive information to personal cloud drives from company computers is also a frequently used data exfiltration technique.
Another common data exfiltration method is the use of unauthorized removable devices to copy confidential files. Insiders can download sensitive data from the corporate network and store it locally on their work device. Those files can then easily be copied onto USBs or other removable devices connected to the computer. This technique allows employees to steal data without requiring internet or network connection. In fact, by taking their devices offline, insiders can sometimes bypass security policies in place against this type of data theft.
Preventing Data Exfiltration
Sensitive data classification is essential for effective data exfiltration threat detection. While most organizations will flag categories of data such as personally identifiable information (PII) safeguarded under data protection legislation, as sensitive, they often disregard other categories of data that could be deemed sensitive in the context of their industry.
It is therefore important that companies evaluate the data they produce and identify which categories are critical to their business operations and which need to be protected to vouchsafe their competitive advantage. Once these types of data are discovered, organizations can put security controls in place to protect them.
Data Loss Prevention (DLP) solutions, that allow sensitive data to be defined based on a company’s needs, can be used as part of cybersecurity strategies to ensure data security. DLP tools come with predefined profiles for common types of protected information such as PII and intellectual property but also allow for customizable policies to suit a particular organization’s requirements. Once sensitive data is defined, DLP solutions monitor and control its transfer and use.
By monitoring sensitive data and logging any attempts to violate policies, DLP tools allow security teams to spot suspicious user activity and identify employees acting with malicious intent. DLP technology is particularly useful against the two most popular data exfiltration techniques: it can block files containing sensitive information from being transferred to personal email addresses or cloud storage services and even prevents confidential information from being copy-pasted into the body of an email.
When applied on the endpoint, DLP solutions such as Endpoint Protector can also ensure that its policies remain active on a work computer whether it is in the office, used remotely, and regardless of whether it is connected to the internet or not.
Insider data exfiltration is a real threat to company data security and organizations wishing to protect their most valuable data must look for ways to mitigate it. While this can prove a daunting task because it involves insiders with privileged access to confidential information, tools such as DLP solutions can help companies avoid data theft through exfiltration.
The above article is authored by Filip Cotfas, Channel Manager, CoSoSys