What is Data Exfiltration?
Today, data is a valuable commodity. It has value to the organizations who own it and to those looking to exploit it through illegal activity. Data can be sensitive information about customers and employees, financial or strategic information, product designs or intellectual property, or any data that could undermine an organization’s market competitiveness. When this data is purposefully leaked from the organization without permission, it is known as data exfiltration and when it is lost, the organization suffers a data breach.
Why does Data Exfiltration Occur?
The primary objective for stealing data from organizations is usually monetary gain. Cyber-criminals or malicious insiders exfiltrate data so that they can either ransom it back to the organization or sell it for profit on the dark web. The average cost of a ransomware attack has increased steadily over the years, but significantly so in the last quarter of 2019 where it rose to over $84K, suggesting that ransomware is a growing business. It is also getting more sophisticated. New evolutions of ransomware, such as DoppelPaymer, are designed to not only exfiltrate data but to also make it publicly available if organizations fail to pay.
Data Exfiltration over Email
With over 300 billion emails sent and received each day, email is an obvious vector for data exfiltration. With so much traffic, it can be difficult for organizations to distinguish between what is a legitimate communication and what is a data exfiltration threat.
Threats can come from the inside, where an employee with access to systems and databases can send out sensitive or valuable data at the click of a button, or from an external source, via a spear phishing or malware attack. Spear-phishing emails are cleverly targeted, crafted to look like they come from someone known to the recipient, this could be a fellow employee, customer, or supplier. They encourage the recipient to share sensitive data or to open an attachment that releases malware into the network. While employee training is key in recognising these incoming threats, it’s ultimately technology that can prevent them from succeeding.
Data Exfiltration via Removable Media
If access is not controlled, organizations risk data being uploaded to removable media devices such as USBs, external drives, or mobile phones. A data exfiltration study by McAfee revealed that 40% of data exfiltration activities involved physical media, such as stealing laptops or downloading to a USB drive. These statistics highlight the need for access controls and appropriate read/write permissions on endpoint devices.
Data Loss in the Cloud
The popularity of file sharing tools such as Google Drive and DropBox offer both convenience and flexibility when it comes to moving data. However, they also bring risk. Without controlling what information can be saved or downloaded from the cloud, organizations increase the risk of a data breach or a cyber-attack. Without controls in place, a person with access is free to download, save, and print any of the data stored in the cloud.
Data Hidden within Images
Those looking to exfiltrate data can exploit techniques such as steganography and hide the data within plain sight. Digital steganography is the practice of encoding or embedding sensitive data inside image files (JPEGs, BMPs, GIFs, etc) such that, to the naked eye, there is no visible difference. Without technology in place to detect this, a standard image hiding several thousand customer contact details can easily be emailed out of the organizations or uploaded to a website.
Solutions to Prevent Data Exfiltration
To mitigate the threat of data exfiltration, organizations deploy data loss prevention software tools at key egress points – email, web (cloud), and the endpoint. The security software provides visibility of the data being shared (who is sending what to whom) and allows controls to be put in place that prevent sensitive data from leaving the organization and malware from getting in.
Clearswift’s adaptive DLP technology scans content for sensitive or hidden data and potential cyber-threats, and automatically removes, deletes, or sanitizes the files before they are opened or shared. This automated process occurs in real time, significantly reducing the risk of data exfiltration attempts succeeding.
As well as the automated removal of sensitive data from messages and everyday files such as Word documents or Excel files, the Clearswift solution also removes sensitive data from image-based files using Optical Character Recognition technology. An anti-steganography feature also ensures that images are wiped clean of any hidden data they may contain.