Data exfiltration is the unauthorized removal of data from an organizational environment. This includes malicious copying, transferral, and retrieval of data. Data exfiltration can occur physically or remotely and can be manual or automated. It is considered a breach of security. This can occur when hackers target an organization for its data, such as passwords, personally identifiable information (PII), protected health information (PHI), trade secrets, or intellectual property.
Exfiltration is a primary attack method for advanced persistent threats (APTs), which target organizational data.
Data exfiltration can be monitored and prevented by implementing controls such as:
- ingress/egress traffic inspection
- strict policies/IT controls for physical and digital security
- data leak prevention (DLP) software
- data loss prevention
- data obfuscation
- context sensitive devices and data
- role-based access control (RBAC)
- password hardening