Data Exfiltration, Part 3: What Do Data Thieves Want?

By on Jan 25, 2016

This blog was written by David Bull, McAfee’s former Director, Enterprise Solution Marketing.

Welcome to part 3 of our discussion on data exfiltration. Sit down and make yourself comfortable as we get inside the mind of data thieves and explore the types and formats of data that interest them most. Just in case there’s any doubt in your mind, our primary research findings, based on a survey of more than 500 security professionals, validate the notion that the objective of most advanced attacks on large organizations is acquisition of data, pure and simple. That’s true of 90% of security breaches in Asia-Pacific, 84% in North America, and 80% in the UK.

Who’s Taking What?

As you know, the majority of data thieves are not in it for kicks—they worship profit and spend their time and effort chasing filthy gains. And they are really shrewd business people, cut from the same cloth as any corrupt “Wolf of Wall Street.” These actors know exactly what they are after and what yields the highest return on investment. At the top of their list is customer information, followed by employee information, intellectual property, and credit card information. This probably comes as no surprise, as the first two categories of data are chock-full of personally identifiable information, which can fetch 10 times the price of credit card information in the hacker black market, AKA, the dark web. Raj Samani, CTO for McAfee EMEA, discusses the specific prices of this stolen data on the dark web here.

We’ve talked about outsiders, now what about insiders—those people you pass in the hall every day at the office? Our report, Grand Theft Data, points out that insiders tend to favor employee information—possibly because it’s easy pickings for them if they are clever enough to find their way around their company’s internal HR systems. Our research reveals that of the data stolen by internal actors, 33% consists of employee information and 27% is customer data. Outsiders, on the other hand, are some what more interested in sneaking off with customer information.

Keeping It Simple

Bear in mind that while data thieves may use complex techniques to get at your data,they also know that the best things come in the most basic formats—Microsoft Office documents, plain text/CSV, PDFs, images and videos, and XML. It’s the stuff our daily digital lives are made of. Internal actors more so than external actors are interested in taking Office documents than external actors, probably because PowerPoint presentations, Word documents, and Excel spreadsheets cross their desktops every single day, and it’s easier to snap these up if you’re a malicious insider—or lose them if you’re a hapless innocent. Images and videos that might include strategy announcements or product designs, on the other hand, are more highly valued by external actors. I personally have visited organizations where security guards jump on anyone taking pictures anywhere—inside or outside the buildings. And, in some cases, employees can lose their jobs if they are caught taking pictures of the buildings.

You just learned that about all of your valuable data in every possible format is fair game. In our fourth blog, we’ll tackle the topic of how data walks out of your organization. While you eagerly await the next post, take a look at the report: “Grand Theft Data”.

About the Author


We're here to make life online safe and enjoyable for everyone.

Read more posts from McAfee

Subscribe to McAfee Securing Tomorrow Blogs