Check out all of our upcoming events


Latest cybersecurity news, insights and commentary by Telesoft engineers and specialists

Detecting and Preventing Data Exfiltration

Written by Sarah Chandley on Thursday, 02 May 2019. Posted in Cyber

Data exfiltration is a form of security breach that occurs when an organisations data is copied, transferred or retrieved from a computer or server without authorisation. Data exfiltration can be difficult to detect, as it is often the last stage of a cyber security attack, once compromised the malware orchestrating the attack can lay dormant until the point of data exfiltration or it can take data little by little over time. It can do this because it involves the transfer or moving of data within and outside a network, which closely resembles or mimics typical network traffic, allowing substantial data loss incidents to fly under the radar.

A recent report by Mcafee ‘Grand Theft Data II: The Drivers and Shifting State of Data Breaches’ revealed that a majority of IT professionals have experienced at least one data breach during their careers—61% at their current company and 48% at a previous company. On average, they have dealt with six breaches over the course of their professional lives. These statistics indicate that this type of attack is getting more serious and with the introduction of tougher policies and laws around data protection such as GDPR, those who are in charge of defending network security are under greater scrutiny. Nearly three-quarters of all breaches have required public disclosure or have affected financial results, up five points from 2015.

The report highlighted that the top three vectors for exfiltrating data are database leaks and network traffic, cloud applications and removable USB drives. When it comes to who is taking the data, the internal threat is still as significant as ever with employee driven breaches accounting for almost 60% of incidents, with a big slice of those numbers being accidental.

The external threat should not however be minimised as external actors including hackers, malware authors, organized crime, nation states, and activists consistently and aggressively target specific companies or organisations. They look to gain access to the most valuable data such as trade secrets, intellectual property, financial information and/or sensitive customer data.

The report also noted that over the past three years ‘malware-driven’ theft has risen significantly, showing that this facet of the cyber threat landscape is continually evolving and adjusting at a high rate, that is difficult to keep pace with. Active threat hunting has shown to have a significant impact on the speed of threat discovery and an organisations resilience against this type of attack. More than half (52%) of organisations have people and resources allocated to threat hunting, while 30% are planning to implement this type of preventive strategy.

In order for threat hunters within security operation (SOC) teams to be able to perform this function they need fit for purpose tools, technologies, policies and education. These will enable them minimise potential exposure from internal and external threats and give them a granular view of the activity/traffic traversing the network, allowing defenders to pinpoint and immediately block activity that looks suspicious. These tools and techniques should include:

  • Encryption
  • Intelligent contextual intrusion detection systems (IDS),
  • Data loss prevention (DLP)
  • Event data recorder (EDR)
  • Cloud access security broker (CASB)
  • Data analysis tools that combine filtering and traffic profiling

Telesoft offers a number of cyber security products for flow monitoring and cyber threat visibility, talk to us to about detecting data exfiltration in your network…This email address is being protected from spambots. You need JavaScript enabled to view it.

About the Author

Sarah Chandley

Sarah Chandley

Sarah is an experienced B2B technology marketing professional, creating content for the Cyber Security, Telco and Government Infrastructure sectors. 

Information cookies

Cookies are short reports that are sent and stored on the hard drive of the user's computer through your browser when it connects to a web. Cookies can be used to collect and store user data while connected to provide you the requested services and sometimes tend not to keep. Cookies can be themselves or others.

There are several types of cookies:

  • Technical cookies that facilitate user navigation and use of the various options or services offered by the web as identify the session, allow access to certain areas, facilitate orders, purchases, filling out forms, registration, security, facilitating functionalities (videos, social networks, etc..).
  • Customization cookies that allow users to access services according to their preferences (language, browser, configuration, etc..).
  • Analytical cookies which allow anonymous analysis of the behavior of web users and allow to measure user activity and develop navigation profiles in order to improve the websites.

So when you access our website, in compliance with Article 22 of Law 34/2002 of the Information Society Services, in the analytical cookies treatment, we have requested your consent to their use. All of this is to improve our services. We use Google Analytics to collect anonymous statistical information such as the number of visitors to our site. Cookies added by Google Analytics are governed by the privacy policies of Google Analytics. If you want you can disable cookies from Google Analytics.

However, please note that you can enable or disable cookies by following the instructions of your browser.