Managing the Perils of Data Exfiltration

Data exfiltration used to be an exploit limited to spy thrillers, but lately, a day doesn’t go by without data exfiltration popping up in the news. In early 2024, during the most serious cyberattack ever on the U.S. healthcare industry, sensitive patient data was exfiltrated from a UnitedHealth subsidiary that processes prescriptions for over 100 million patients. An Allianz report found that large industry cyberattacks resulting in data exfiltration increased from 40% in 2019 to 77% in 2022, and 2023 has probably surpassed 2022’s total.

What Is Data Exfiltration? 

Data exfiltration is, simply put, data theft: the intentional, unauthorized removal of data. Once it’s stolen, data can be leveraged in a variety of ways: to extort its owners and be held for ransom, to launch additional attacks, or simply to be sold on the black market. In some cases, online criminals who exfiltrate data are motivated by politics, whistleblowing, or other forms of “hacktivism.”

Data exfiltration is often followed by ransom demands by hackers who use ransomware to get their hands on data. In 2023, ransomware payments exceeded $1.1 billion; victimized organizations also have to deal with disruption to their operations, fines, and damage to their reputations and customer relations.

The Nuts and Bolts of Data Exfiltration

Data exfiltration is usually the work of profit-seeking hackers. Exfiltration can also be an inside job when a corrupt or compromised employee uses privileged network access to exfiltrate data. Technical vulnerabilities, phishing campaigns, and social engineering are well-known methods of gaining access. A common technique is to hack into a worker’s email and use that access to impersonate that worker in sending an email to colleagues that’s loaded with malware links. When the links are clicked, the malware can move stealthily through the network and steal valuable data such as customer data or intellectual property. 

Mounting a Defense

Firewalls and other security solutions, along with instituting an organizational security mindset, are the main means of defense for defending against data exfiltration:

• Security culture: Knowledge and vigilance are the foundations for preventing phishing attacks that can lead to data exfiltration. Building a security culture includes thorough, ongoing security training and awareness programs. The ongoing part is essential because the threat landscape is constantly changing. Regular meetings that review hacking attempts and close calls are a good way to maintain urgency and keep security top of mind. 
• Identity management: Well-designed identity management systems will include multi-factor authentication (MFA), role-based and other internal access controls, contextual authentication that verifies additional identity factors, and zero-trust verification systems. AI will surely continue to play a role in these systems as models are trained to learn patterns of data use. Such systems may often include single sign-on to streamline the user experience.
• Threat detection and response: These systems monitor network traffic and user behavior and, increasingly, use AI to identify anomalies. They also typically use automation to administer security responses and logging, which, when performed manually, can quickly become unmanageable.
• Data loss protection (DLP): These systems are a way to put an additional wall up around an organization’s highest value target: its data. DLP systems learn an organization’s data states, data access, and data movement; monitor them to detect signs of unauthorized use; and then block them accordingly. 

How Pure Storage Secures Your Data from Data Exfiltration

Conventional data protection measures were designed to safeguard your data from natural or human-made disasters, data corruption, or accidental deletions. However, attacks launched from malware can stress existing data protection infrastructure more than expected. To respond to ever-evolving threats, data resiliency must be baked into the architecture from the ground up. 

Pure Storage® SafeMode™ Snapshots help secure critical data since these snapshots can’t be modified, deleted, or encrypted, even if admin credentials have been compromised. Think of these immutable snapshots like airbags—they won’t prevent a crash, but they’ll increase your odds of walking away from the crash unharmed.

Watch the video to learn more.