Getting To The Bottom Of Data Egress

Understanding what cyber criminals are looking for when it comes to data egress can help security professionals narrow down how to make data sharing more secure.

Cyber threats are lurking behind every corner and with hackers getting smarter and more resourceful, the security industry must get out ahead of it. A common and often over looked vulnerability impacting professionals in the manufacturing industry is data egress, and the best way to combat it is to better understand what it is and how it impacts organizations.

Data egress refers to data leaving a network in transit to an external location, the opposite of that being data ingress. Egress traffic is a term used to describe the volume and substance of traffic transferred from a host network to an outside network. This can happen via simple everyday actions like sending outbound email messages, cloud uploads, transferring files to external storage, web uploads and removable hard drives. These actions are a regular part of network activity and often essential to everyday business. Yet, when that same data is shared with unauthorized recipients the negative impact on an organization can be huge.

Understanding what cyber criminals are looking for when it comes to data egress can help security professionals narrow down how to make data sharing more secure.

Threats Involving Data Egress

We know most cyber criminals are targeting sensitive, proprietary, or easily monetizable information, but it is important to remember that this information is also coveted by competitors, nation states, and malicious insiders. These criminals use various data exfiltration techniques, such as backdoor Trojans or leveraging built-in Windows tools like Windows Management Instrumentation (WMI), to steal or expose sensitive data. While data loss is always a serious issue, imagine the amount of data traveling across a supply chain from just one manufacturer to several different wholesalers or customers. Infiltrating the data egress of one manufacturer can have a devastating impact on hundreds of companies.

While some threat actors try to steal sensitive data through the same methods many employees use every day, others may incorporate stealthier methods for sensitive data egress, such as encrypting or modifying the data prior to exfiltration, or using services to mask location and traffic.

To help cut down on the amount of data breached by data egress, organizations should ensure that their cyber security solution has a level of egress filtering, which involves monitoring egress traffic to detect signs of malicious activity. Once the malicious activity is suspected or detected, organizations can take the necessary steps to prevent sensitive data loss. Egress filtering can also limit egress traffic and block attempts at high volume data egress.

There are several other ways to provide successful data discovery or network monitoring for better security of the data egress points in your systems.

Best Practices for Data Egress Management and Preventing Sensitive Data Loss

All organizations should have policies in place that define what type of data is allowed and not allowed to be shared within and outside of the organization. When defining those policies, include stakeholders to get a better understanding of the specific data requiring protection and the possible outcomes of what could happen if that data is leaked. It should be a thorough policy that protects your company's resources, including a list of approved Internet-accessible services and guidelines for accessing and handling sensitive data. Make sure those data egress traffic policies are well enforced and employees understand the repercussions

Implement firewall rules that regulate what programs, system services, computers, or users can send traffic to or receive traffic from your organization. A network firewall is one of several lines of defense against threats. This is a starting point where you can ensure that data egress does not occur without explicit permission.

Implement data discovery and classification solutions that help organizations to identify, classify, and apply protective measures to sensitive data. These solutions help to assign classification tags dictating the level of protection required. Data loss prevention solutions apply policy-based protections to sensitive data, such as encryption or blocking unauthorized actions, based on data classification and contextual factors including file type, user, intended recipient/destination, applications, and more. The combination of data discovery, classification, and DLP enable organizations to know what sensitive data they hold and where it lives on the network, while ensuring that data is protected against unauthorized loss or exposure.

At any minute of the day, petabytes of data are being shared from organization to organization. That same data is vulnerable to cyber criminals. The process of sharing sensitive data must be made more secure, and while cybercrime isn’t going away any time soon (or ever for that matter), the security industry is improving the way they protect against it. Better security starts with organizations prioritizing data protection by taking the necessary steps to establish regulations, and implement policies and solutions geared towards protecting their data.

Tim Bandos is senior director of cybersecurity for Digital Guardian.

More in Cybersecurity