Data Exfiltration

Threats ⚠️ • Security Operations 🛡️ • Governance (GRC) 📜 Difficulty: free

What is Data Exfiltration?

Data exfiltration is the unauthorized transfer of data from an organization to an external location. Attackers or insiders may steal sensitive information such as customer records, intellectual property, or credentials, often trying to avoid detection by blending into normal network and user activity.

Examples

  • An attacker compresses sensitive files and uploads them to a personal cloud storage account.
  • Malware sends small pieces of data out through DNS queries to avoid typical web filtering.

Discover 🔎

Many security incidents are not only about getting in. They are about getting data out. Data exfiltration is often the moment where a breach becomes a serious business problem, because once data leaves your control it can be copied, sold, leaked, or used for fraud.

Exfiltration can happen quickly, such as a bulk download of files, or slowly, such as small data transfers over days. Attackers often try to blend exfiltration into normal activity so it looks like ordinary browsing, syncing, or emailing.

Remember: Intrusion is access. Exfiltration is impact. Many attackers are measured by what they can take, not just where they can go.

Summary 📝

Data exfiltration is the unauthorized removal of sensitive information, often following an initial compromise or insider misuse. Attackers locate valuable data, collect it, prepare it, then transfer it using channels that blend into normal activity such as HTTPS, email, cloud storage, or DNS. Strong defenses combine access control, DLP where appropriate, outbound monitoring, and incident response processes that focus on identifying what data left and revoking access quickly.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.