This blog was written by David Bull, McAfee’s former Director, Enterprise Solution Marketing.
Welcome to the second episode of our data exfiltration blog series. We’ll be taking a close look at the innocent and not-so-innocent actors who compromise your valuable corporate assets (no, we’re not talking about the Hollywood variety!). We’ll take a look at both external actors and internal actors and show what roles they play in data exfiltration.
Nope, unfortunately, it’s not a throwback to a classic 80’s Coppola flick. It should come as no surprise that our primary research discovered 60% of data thieves are outsiders, attacking your organization externally. And they are far slicker than the not-so street-smart Pony Boy, the protagonist of “Outsiders.” Whether data thieves are in it to fatten their Swiss bank accounts or part of politically motivated cyberespionage or activism schemes, they are typically relentless, at times undetectable, and sometimes even downright dangerous.
The Inside Story
On the flip side, it might surprise you to discover that internal actors—that genial sales rep in the adjacent cubicle or the engineering contractor feasting on french fries in the cafeteria—play a major role in data exfiltration, sometimes accidentally and sometimes intentionally. Survey participants said that internal actors were responsible for 43% of breaches. As we go about our jobs, noses to the grindstone, we often don’t consider that our “trusted” colleagues—employees, contractors, and third-party suppliers—may have nefarious intentions. On the outside, they look like you or me. But on the inside, they are eager to get their mitts on your corporate data and IP to commit fraud or sell it for a tidy profit to cybercrime rings or even your dreaded competitors. It’s scary to consider that, of the 43% of internal actors involved in data breaches, 22% are internal bad actors who intentionally committed these dirty deeds (see chart).
Oops! It Was “Just” an Accident.
But before you get too paranoid about your peers, be aware that many hard-working, honest corporate workers invite data exfiltration by carelessly misplacing devices or not locking them down with proper security controls. These innocents inadvertently aid and abet data theft by opportunistic cybercriminals who scour taxicabs, airports, hotels, and dumpsters for unattended laptops, lost USB drives, and forgotten mobile phones. I wouldn’t doubt we have all heard stories like this—like the guy who, a few years ago, walked in through the front door of an office where I was working, grabbed the first three laptops he saw, and ran out the door. Crazy!
Who Are the Heroes?
Regardless of who is responsible for corporate data exfiltration, it behooves everyone to dust off their super-hero capes and get better at catching these thieves or detecting these incidents. Our research shows that only about half of security breaches are discovered by internal security teams: 55% in the UK, 48% in North America, and 39% in Asia-Pacific. The rest are caught by external teams like law enforcement or white hat hacker organizations, which are adept at getting to the bottom of attacks resulting from organized crime, activists, and national intelligence services. Internal security teams are better at catching hackers, detecting data leaks initiated by employees, and discovering data theft due to lost or stolen laptops or USB drives. When it comes to insider thefts, the numbers get better—two-thirds of insider thefts are discovered and dealt with by internal security teams. Now that you have profiles of the various actors involved in data breaches, you’re probably itching to know what information they’re targeting. In our next blog, we’ll take a look at exactly that: the types of data and data formats that are typically exfiltrated.
While you anxiously await the next episode, check out these informative resources:
- Review the infographic: “Is data leaking out on your watch?”
- Read the report: “Grand Theft Data”