Data Exfiltration: The Who, What, Why, Where, and How

By on Dec 07, 2015

This blog was written by David Bull, McAfee’s former Director, Enterprise Solution Marketing.

Call it what you will—data loss, data leakage, or data breach—theft of valuable corporate information assets has indisputably become a pervasive global problem. Many security professionals in every sector have had the misfortune of experiencing at least one data breach. According to a recent McAfee study, the security pros we interviewed encountered an average of six breaches over the course of their careers, with two-thirds of those breaches being so serious that public disclosure was required. Bartenders at designer brew pubs and baristas at cat cafés all over the world report that this is the number one conversation topic among their security technology clientele.

Most research focuses on the more obvious mechanisms of how bad actors slip by defenses, into the network, and eventually abscond with the treasured crown jewels (your customer data, financial data, HR data, strategy documents, intellectual property, and anything else that is sensitive or strictly confidential). Instead of focusing on how the bad guys get in, this seven-part blog series will explore the less visible act of data exfiltration and the who, what, where, why, and how. Based on the findings from our recent primary research, you’ll learn who the data thieves are, what data assets they are after, where the data resides, why the culprits are stealing your data, and how they did the dirty deed. We’re kicking off the blog series with an overview of data security challenges and key research findings. And we’ll conclude the series with an all-important discussion of what you can do to prevent data exfiltration incidents at your organization.

What Exactly Are the Issues?
When it comes to data exfiltration, what causes you to either toss and turn all night or suffer from nightmares about the ultimate zombie apocalypse data breach? If you’re like the 522 IT and security professionals we interviewed from companies all over the world, your biggest concern is maintaining the privacy and confidentiality of customer and employee data—and your biggest challenge is inadequate security practices, especially now that threats are both evolving rapidly and increasing in complexity.

Key Takeaways
Here are some of the main findings from our research, which will undoubtedly give you pause and, hopefully, compel you to take a good hard look at your own data exfiltration priorities, strategies, and defenses.

  • External actors were responsible for 57% of data loss, and internal actors were responsible for 43% of data loss, with a 50/50 split between intentional and accidental data loss.
  • The number one target was personal information from customers, followed by employee data, intellectual property, and credit card information.
  • 60% of data theft occurred through electronic means—40% of data exfiltration events resulted from theft of physical devices, like laptops, tablets, and USB drives
  • The most common format of exfiltrated data was Microsoft Office: Word, Excel, andPowerPoint—the programs we all use every day.
  • When data was stolen electronically, cyber thieves favored web protocols, file transfer and tunneling protocols, or email.
  • 64% of security professionals believed that data loss prevention (DLP) technologies could have prevented data exfiltration incidents.

In subsequent blogs, we’ll be delving deeper into these findings and others to help you gain abetter understanding of data exfiltration. After reading the series, you’ll wow your colleagues with the insights you’ve gleaned. They’ll be so enthralled with your wisdom, they may actually put down their iPhones, listen up, and remember your name the next time they see you.While we can’t guarantee that your insomnia will be cured or that you’ll have zombie-free dreams, we do hope these insights will help you evaluate the effectiveness of your own approach to data loss prevention—the tools and technologies you already have in place, areas where sufficient defenses may be lacking, your governance policies, and user training programs.

Stay tuned for the second blog in the series, and, in the meantime, take a look at these resources:

McAfee logos are trademarks,Inc. in the US and/or other countries. Other marks and brands may be claimed as the property of others. Copyright © 2015 McAfee, Inc.

About the Author


We're here to make life online safe and enjoyable for everyone.

Read more posts from McAfee

Subscribe to McAfee Securing Tomorrow Blogs