Data breach vs data exfiltration. Do you know what the former and the latter mean? Do you know if they are the same or entirely different? To know more, read on.
To begin, let us first define what a data breach is. It is the theft or loss of confidential data in electronic or physical form. It can be classified in four ways:
- Physical theft of computer hardware and media, such as a laptop or servers, in which data is copied and possibly modified.
- Theft of electronic data that has been stored on computer media such as a laptop or server. It is the entry into a facility where data is stored and it involves copying and perhaps modification of the data.
- Theft, loss, or alteration of electronic information during transmission over networks such as the internet.
- Loss by an employee who is not authorized to access data and who copies and/or modifies the data for personal use.
What is data exfiltration? Data exfiltration is the unauthorized transfer of data from one network to another network. This can happen in several ways:
- Using Remote Access Tools (RATs) to remotely connect to a system on an infected machine.
- Transferring data over networks using FTP, web servers, IM applications, uploading via email attachments, etc.
- Exploiting/developing an application for this purpose.
- Using removable media like pen drives to transfer information from one system to another.
Data exfiltrated often contains sensitive information that can lead to identity theft, financial loss, unauthorized access to critical systems leading to disruption in business activities, reputation loss, etc.
So, here are some of the examples of data exfiltration:
- An insider can use RATs to copy or modify confidential information for his/her use to sell it to third parties. For financial gain or any other purpose.
- An attacker can infiltrate internal systems using phishing or email attachments that contain malicious code. One that allows him/her to steal information that may be sold to third parties for financial gain or any other purpose.
Data Breach vs Data Exfiltration
First, let us define what their similarities are. Both terms mean the loss or theft of data.
Now, let us look at the differences:
1. Data breach is a security incident in which the attacker has physical or electronic access to systems where data is stored or transferred, and copies and/or modifies the data. It can also involve the theft of hardware and media (laptops, servers, etc.) in which data is stored. Data Exfiltration is the unauthorized transfer of data from one network to another network.
2. Data breach can occur in any network whether it is internal or external; Then, data exfiltration occurs only in internal networks.
3. Data breach can happen when an employee steals data for his/her personal use; Then, data exfiltration occurs when an attacker tries to steal information that can be used for financial gain or any other purpose.
So, these are the differences between the two terms. But if companies both experience this, they will experience the same consequences.