The key to developing a successful security plan is understanding the dangers your organisation faces. This blog highlights the dangers of data exfiltration, describing the ways it could occur, as well as the possible consequences your organisation may face should a data leak happen.
When malware files or individuals transfer data from one source to another without authorisation, they are often acting maliciously. Data exfiltration, also known as a data breach, occurs when a malicious actor is able to breach an organisation’s security system and create a path for data transference to occur, resulting in a “leak” in the data’s security.
As cyberattackers adapt their data hacking strategies to the latest defence solutions, ensuring data security becomes an ongoing commitment for organisations. While implementing a security package offers some protection, it can be easy to fall into a false sense of safety. The reality is that these attackers will simply look for new ways to access data, luring information from customers or staff, to gain access to your internal server.
No organisation is immune from an attack.
A data breach can happen to anyone. Any type of data leak can be detrimental to your organisation, regardless of its size. From small businesses to large public organisations, a breach can result in costly government-issued fines, a loss in revenue, a tarnished reputation, and broken trust with your loyal customers.
Small and medium businesses
While small businesses may believe they are less vulnerable to cyberattacks, research indicates otherwise. Small and medium-sized businesses (SMBs) are among the sectors that are particularly vulnerable to cyberattacks. While not the only reason, the lack of security features used by SMBs contributes to this.
This is likely due to a lack of understanding about the consequences of a data breach on SMBs. According to research by AppRiver Software, many SMBs underestimate the cost of a data breach. Most owners estimated that a data breach would cost around $10,000 (£8,310), when the average cost of a data breach for SMBs in 2019 was $149,000 (£123,819).
Enterprise
With large volumes of customer data, enterprise-scale businesses are an attractive target for data exfiltration. In the UK specifically, the Department for Digital, Culture, Media and Sport found that 75% of enterprises suffered a data breach or attack between March 2019 and March 2020.
Public sector
Industries that fall within the public sector category often handle more sensitive and personal data, notably healthcare and higher education organisations, as well as local and regional governments. As such, they often fall victim to phishing and ransomware scams, due to the scale of customers and clients they have. For example, an entire university system can be compromised if only one student clicks on a phishing scam.
Common attack forms.
Here are the most frequent methods of data exfiltration and the key industries they have compromised.
Ransomware
Microsoft recently found that in their ransomware incident and recovery engagement, the industries most at risk of a ransomware attack include manufacturing at 28% and consumer retail at 16%. The healthcare sector accounted for 20% of all Microsoft ransomware incident and recovery engagements, making it the second-highest sector to have had a ransomware attack. Government and education also accounted for 8% of engagements each, showing the scope and magnitude of the attacks.
Microsoft was able to pinpoint the three main contributing factors to the attacks. These included using a data security strategy that was not matched to specific business needs, poor identity controls, and inadequate security operations. Additionally, they discovered that 88% of impacted organisations were not using Azure security best practises, once again leaving them open to attacks.
When you don’t have data loss protection mechanisms in place to save the compromised data, the danger of data ransom increases. If an attacker discovers that you lack this preventive measure, they can then use this information to escalate their threat or specifically target you for money. In fact, according to the Microsoft analysis, 92% of the businesses lacked an efficient data prevention control, which resulted in significant, often permanent, data loss.
Phishing
Phishing was originally an email-only scam, but it has since spread to other forms of communication, such as text messages and social media. It works by an attacker impersonating a trusted source and sending a message to their victims, usually including thousands of people per message. These messages typically entice the victim by implying that they must do something, which can range from claiming a prize to paying a bill. To complete their tasks, victims must either provide sensitive data such as passwords and bank account information or click on a malicious link.
According to the Office for National Statistics, the use of consumer and retail fraud phishing has increased by 57% since the beginning of COVID-19. They also discovered that 3% of those in their consensus who received a phishing message engaged with it, which equates to over 700,000 people in England and Wales. This demonstrates how easily attackers can obtain vital information that can be used to log into accounts and extract data.
If a person receives a phishing scam in their work email and clicks on a malicious link, the cyber attacker will have complete access to the internal network. Once a device has been compromised, the average time for an attacker to begin moving laterally within the corporate network is just over an hour and a half.
Hacking
The increased use of gateway devices as a result of the rise in remote working has provided threat actors with new avenues to target organisations. These gateways function as routers that can interact with computer networks while connecting to the internet. Many industries use routers to share their business with the world, and remote workers use them to share data with their organisation. However, many of these routers are vulnerable, according to Microsoft’s Digital Defence Report for 2022, which states that more than half of the known vulnerabilities discovered in 2021 do not have a patch. This means that businesses will struggle to keep these routers secure on corporate networks as the software is susceptible to threat actors.
While different types of routers have varying levels of security, they are generally easier to hack because they lack traditional security measures and have expandable infrastructures. Hacking is also becoming a more organised enterprise, meaning attacks are often targeted as a tactic to burden corporate competition or weaken a country’s internal infrastructure.
Internal employees
A data breach can also come from within, with some of the most devastating data leaks occurring as a result of disgruntled employees. Even a departing employee who wishes to transfer their current contacts from their previous company’s database to their new employer constitutes a data breach. Without a system that flags data transference, organisations may lack control over internal forms of data exfiltration.
What can you do?
To safeguard your information effectively, it’s crucial that you routinely evaluate and enhance your access controls and security measures. Ensure you have a prevention strategy by using a next gen antivirus solution to proactively detect data exfiltration by tracking down threats before they have an impact. Look for end-to-end security services that include 24/7 monitoring, enabling you to get an immediate response to a threat at any time of day, giving you control and insight over your digital environment.
At ANS, we know that maintaining security is a lifelong duty for organisations. Because of this, we continuously strive to provide optimal security solutions that are tailored to the architecture of each organisation we work with.
