Data Loss or Data Exfiltration
Data loss or data exfiltration is when data is intentionally or unintentionally lost, stolen, or leaked to the outside world. The data loss can result in:
- Brand damage and loss of reputation
- Loss of competitive advantage
- Loss of customers
- Loss of revenue
- Litigation/legal action resulting in fines and civil penalties
- Significant cost and effort to notify affected parties and recover from the breach
Network security professionals must protect the organization’s data. Various Data Loss Prevention (DLP) controls must be implemented which combine strategic, operational and tactical measures.
Data Loss Vectors
| Data Loss Vectors | Description |
|---|---|
| Email/Social Networking | Intercepted email or IM messages could be captured and reveal confidential information. |
| Unencrypted Devices | If the data is not stored using an encryption algorithm, then the thief can retrieve valuable confidential data. |
| Cloud Storage Devices | Sensitive data can be lost if access to the cloud is compromised due to weak security settings. |
| Removable Media | One risk is that an employee could perform an unauthorized transfer of data to a USB drive. Another risk is that a USB drive containing valuable corporate data could be lost. |
| Hard Copy | Confidential data should be shredded when no longer required. |
| Improper Access Control | Passwords or weak passwords which have been compromised can provide a threat actor with easy access to corporate data. |
