Data Exfiltration, Part 4: How Does the Data Leave Your Four Walls?

By on Jan 29, 2016

This blog was written by David Bull, McAfee’s former Director, Enterprise Solution Marketing.

We hope that you’re stoked about expanding your knowledge about data exfiltration. In blog 4, we’re serving up another meaty topic—we’ll be looking at how exactly data walks out the door. Cybercriminals are exploiting the rapidly growing cloud computing trend. Thieves will go where the valuables are, so the cloud is their new frontier, but the more traditional methods are equally in play. Our primary research shows that a hefty 40% of corporate data is stolen the old-fashioned way—through physical media—while 60% is stolen using electronic means.

Forecast: Cloudy with Chance of Breach
Cloud deployments are pretty widespread—60% of respondents in our survey are using cloud-based applications. And most enterprises seem to feel that the benefits outweigh the security risks. Our research shows that one-third of all break-ins involve the cloud, with two-thirds occurring on corporate networks. But significantly, organizations that experienced breaches on their corporate networks tend to have fewer breaches overall, which tells us that they are better equipped to take action and address vulnerabilities on their own network than on their cloud deployments. Cloud breaches, on the other hand, are more likely to result in actual data exfiltration.

Right Under Your Nose
With such a healthy portion of data being taken through use of physical media, it’s apparent that we may be so caught up in our digital world, that we overlook the obvious. Many external and internal bad actors hide in plain sight. They may distract you and steal your unattended laptop while you’re enjoying lunch the office cafeteria. Or they may use social engineering to talk their way into your building and then help themselves to corporate devices.

Regardless of technique, both external and internal thieves use laptops, tablets, and USB drives to exfiltrate data, as our report, Grand Theft Data, indicates. Other methods of physical data exfiltration include mobile phones, DVDs, microphones and webcams— and, yes, even that antiquated medium known as paper—in the form of faxes and hard copies.

As if IT teams don’t already have enough on their plates, now they need to start thinking about additional security measures and best practices to prevent physical data exfiltration. These should include encryption, device lockdown and/or wiping, disabling write access to removable drives, and basic physical security. A Doberman trained to sniff out removable media may very well be the next welcome addition to your security team.

Sneaky Electronic Tricks and Techniques
Let’s move from the physical methods to the electronic methods used by data thieves. For the 60% of data stolen by electronic means, fraudsters seem to favor using web protocols, file transfer and tunneling protocols, or email for their nefarious purposes. Between 5% and 10% of the time, data is siphoned through other techniques, such as peer-to-peer, secure shell, routing control packets, Windows Management Instrumentation, instant messaging, and VoIP. The some of the more creative thieves like to bury their stolen treasure in images or videos.

You now have an awareness of the many ways that data can escape from your organization. In blog five, we’ll examine the sophisticated techniques data thieves carry in their bag of tricks.

McAfee and McAfee logos are trademarks of McAfee, Inc. in the US and/or other countries. Other marks and brands may be claimed as the property of others. Copyright © 2015 McAfee, Inc.

About the Author


We're here to make life online safe and enjoyable for everyone.

Read more posts from McAfee

  1. I see nothing in here about data exfiltration through unauthorized medium usage. SIP trunks and VoIP medium to be exact. Why no mention of telestenography?

Subscribe to McAfee Securing Tomorrow Blogs