In January 2020, 250 million Microsoft records were exposed on the web. Not long after, over 300 million Facebook IDs and phone numbers were leaked online. Every news cycle seems to feature a massive data breach. That’s not surprising. In the time it takes you to read this article, malicious hackers will carry out 250 successful attacks.

What is data exfiltration?

Data exfiltration is an unauthorized transfer of information—typically sensitive data—from one system to another. It’s one of the most common cybercrimes and is bad news for your company and your clients.

According to the 2020 Internet Crime Report by the FBI, a successful cyberattack happens every 1.12 seconds. Cybercrime is big business—costing companies billions of dollars annually. Small businesses are particularly vulnerable—accounting for over 50% of data breaches in the US in 2020. From phishing to malware, shady websites to network breaches—understanding how to mitigate the risk and cost if and when it happens is key to recovery. 
 

Common attacks

What are the most common data exfiltration techniques?

Email
Some email breaches are unintentional—caused by employees emailing sensitive information to the wrong party or an intended recipient forwarding it to an unauthorized recipient—but most email data exfiltration is malicious. Phishing emails purport to be from a reputable institution to lure recipients into divulging sensitive information. While standard phishing emails tend to be generic, spear phishing emails are specific, seeming like they’re from a trusted sender. Clicking on links in those emails can launch malware or ransomware that could infect an entire corporate network, leading to massive data leaks.

Unsecure devices
Ever copied information onto a thumb drive or personal laptop? Logged into public Wi-Fi? Any time you use a device that isn’t secure, it invites hackers to steal information. A careless employee can make it even easier by misplacing or losing their phone, USB, or laptop.

Unauthorized software or websites
Installing unauthorized software onto a company computer is a common way that malware or ransomware is introduced into a network, potentially transferring sensitive data to malicious outsiders. The same goes for shady websites accessed through company computers.

The biggest takeaway? Data exfiltration takes more than a malicious outsider trying to steal sensitive information. It also requires internal vulnerability.
 

Data Exfiltration

Risk management and compliance

Despite the most effective prevention efforts, you can never be 100% safe from data exfiltration. When cyberattacks happen—and they will—ensuring you’ve done your due diligence to reduce the impact and risks can save your company time, money, reputation, and data.

The purpose of data exfiltration is to access as much data as possible, as quickly as possible—without anyone noticing. Key to mitigating severe consequences is understanding and categorizing the risks.

Risk management starts with, not surprisingly, identifying your risk factors and your risk tolerance. The shift to the cloud and move to remote work has increased data vulnerability exponentially. Your teams are working more flexibly and collaboratively than ever before. With that comes an increased amount of data put at risk of exfiltration. Risk management starts with, not surprisingly, identifying your risk factors and your risk tolerance.

Where (and when) are your greatest vulnerabilities when it comes to potential data exfiltration and which of those vulnerabilities are acceptable? After all, vulnerable and valuable are two completely different concepts. Consider who has access to which data and where that data is being stored. Once you’ve determined the unacceptable vulnerabilities, the next step is the creation of smart data governance policies that address those unacceptable data vulnerabilities.  Just as important as the creation of data governance policies is the communication and training of those policies to your staff. Involve your HR, legal, communications, and other non-IT departments in the messaging and trainings to increase buy-in and create a highly risk-aware workforce. Last, but definitely not least, is how to respond and remediate threats.

Cybercrime is rising and the implications of data exfiltration are devastating. While prevention is the first line of defense from malicious hackers, it’s just as important to plan for detection and recovery for when the unthinkable happens—because it will happen. Effective risk management and data governance policies address three integral questions: What data is most vulnerable? Which vulnerabilities matter the most? How can we best address those vulnerabilities? Rubrik can help you avoid the legal, financial, and reputational risks of data exfiltration with solutions that quickly identify what data was encrypted, and where it resides, and what the level of sensitivity was—all of which can be used to make decisions that ensure a quick recovery.

Sources:
FBI Internet Crime Report 2020
Comparitech Cybercrime Statistics 2021
Verizon 2021 Data Breach Investigations Report