02 Sep 2021 How to prevent Data Exfiltration
Today, data is a valuable commodity. It has value to the organisations who own it and to those looking to exploit it through illegal activity. Data can be sensitive information about customers and employees, financial or strategic information, product designs or intellectual property, or any data that could undermine an organisation’s market competitiveness. When this data is purposefully leaked from the organisation without permission, it is known as data exfiltration and when it is lost, the organisation suffers a data breach.
by Daan Jacobs
Why does Data Exfiltration happen?
The primary objective for stealing data from organisations is usually monetary gain. Cyber-criminals or malicious insiders exfiltrate data so that they can either ransom it back to the organisation or sell it for profit on the dark web. The average cost of a ransomware attack has increased steadily over the years suggesting that ransomware is a growing business. It is also getting more sophisticated. New evolutions of ransomware are designed to not only exfiltrate data but to also make it publicly available if organisations fail to pay.
Data Exfiltration over Email
With over 300 billion emails sent and received each day, email is an obvious vector for data exfiltration. With so much traffic, it can be difficult for organisations to distinguish between what is legitimate communication and what is a data exfiltration threat.
Threats can come from the inside, where an employee with access to systems and databases can send out sensitive or valuable data at the click of a button, or from an external source, via phishing or malware attack. While employee training is key in recognising these incoming threats, it’s ultimately technology that can prevent them from succeeding.
Data Exfiltration via Removable Media
If access is not controlled, organisations risk data being uploaded to removable media devices such as USBs, external drives, or mobile phones. A data exfiltration study by McAfee revealed that 40% of data exfiltration activities involved physical media, such as stealing laptops or downloading to a USB drive. These statistics highlight the need for access controls and appropriate read/write permissions on endpoint devices.
Data Loss in the Cloud
The popularity of file sharing tools such as Google Drive and DropBox offer both convenience and flexibility when it comes to moving data. However, they also bring risk. Without controlling what information can be saved or downloaded from the cloud, organisations increase the risk of a data breach or a cyber-attack. Without controls in place, a person with access is free to download, save, and print any of the data stored in the cloud.
Data Hidden within Images
Those looking to exfiltrate data can exploit techniques such as steganography and hide the data within plain sight. Digital steganography is the practice of encoding or embedding sensitive data inside image files (JPEG’s, BMP’s, GIF’s, etc) such that, to the naked eye, there is no visible difference. Without technology in place to detect this, a standard image hiding several thousand customer contact details can easily be emailed out of the organisations or uploaded to a website.
Solutions to Prevent Data Exfiltration
To mitigate the threat of data exfiltration, organisations deploy data loss prevention software tools at key points – email, web (cloud), and the endpoint. The security software provides visibility of the data being shared (who is sending what to whom) and allows controls to be put in place that prevent sensitive data from leaving the organisation and malware from getting in.
Adaptive DLP technology scans content for sensitive or hidden data and potential cyber-threats, and automatically removes, deletes, or sanitises the files before they are opened or shared. This automated process occurs in real time, significantly reducing the risk of data exfiltration attempts succeeding.
As well as the automated removal of sensitive data from messages and everyday files such as Word documents or Excel files, the solution also removes sensitive data from image-based files using Optical Character Recognition technology. An anti-steganography feature also ensures that images are wiped clean of any hidden data they may contain.
If you would like to learn more about how BlueFinch can help your organisation protect its sensitive data and about our Data Security Suite? Please contact firstname.lastname@example.org and take a look at our solutions.