No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

The Prevention of Exfiltration: A Digital-Era Priority

Guarding Against a Dynamic Threat Matrix

by Cath Goulding
May 17, 2019
in Data Privacy, Featured
young hacker, data security concept

Data security is as crucial now as ever, as the threats are growing increasingly sophisticated. Nominet’s Cath Goulding discusses the risk of data exfiltration, along with steps you can take to protect your organization and your digital supply chain.

Data exfiltration: It sounds like one of those needlessly complex, technically convoluted geek-only phrases that make non-IT folks groan. It’s very much like data exportation and data extrusion, except that those terms sound even worse. So let’s call it what it is: theft.

Whatever term we use, the practice describes cyber criminals maliciously accessing servers and other computers in different ways specifically to steal data to which they have no right. It seldom happens randomly: This is usually a planned operation in pursuit of a pre-selected target. The thieves know what data they want, where that data resides and how to extract it. In any case, it’s theft. It’s a crime. It’s bad.

Actually, it’s worse. Thanks to a host of compliance mandates, the victims of data exfiltration (and its sibling, threat infiltration) may be held liable for the theft — even when they don’t know the problem occurred. And that makes this issue even more sensitive and more unpleasant.

To develop effective responses, first consider the context. Most importantly, remember that cybersecurity is not a static discipline. Risks can outpace legitimate innovation, which means even the best strategies must be constantly refined and sometimes replaced. More specifically, data exfiltration doesn’t follow a single channel or route — indeed, hackers use increasingly sophisticated measures to identify weak spots.

For those on the right side of the law, there’s sometimes a delicate balancing act. For example, in our field, blocking a suspicious domain is bad for business. However, a site launched with criminal intent can cause real harm with blinding speed. Distinguishing between the two is not always an easy call.

Some domains are clearly designed to deceive consumers by featuring misspelled versions of familiar brands or highlighting terms like “safenet.” However, a domain resembling a phishing operation may actually have a legitimate backer using the site to train employees or trap like-minded criminals. Some video game offerings send out scary signals and messages — but it’s just a game.

As for data theft, one area that’s ripe for attack is the digital supply chain. Most modern businesses build on sprawling networks of third parties, and at least some of these entities may lack top-tier security. This isn’t someone else’s problem; the companies they supply to are directly in the firing line. Everyone up to and including board-level executives need to be hyper-aware of these dangerous frontiers.

So what’s the best defense here? Sadly, there’s no panacea — a single strategy that combats all of these disparate dangers is ideal, but unrealistic. What’s needed instead is a series of sensible measures that are adapted with speed and guided by intelligence to guard against a dynamic threat matrix.

Consider the supply chain; if your company is working with a broad network of third parties, then it’s not only fair, but vital to insist that every one of them has the same security polices and processes as your own. That simple dictum covers all aspects of the operation, from technology to training, and it needs to be ingrained (with regular testing) rather than obligatory. Working with each supplier individually from onboarding to termination to ensure that top-quality protection is truly baked in drastically reduces exposure.

If this sounds onerous (and it might be), consider the big-name brands that have been the targets of attacks: British Airways and Ticketmaster U.K. recently, and Equifax and Target previously. All of them suffered from data exfiltration achieved through vulnerabilities in the third-party supply chain. That’s not a good list to be on.

On the flip side, corporations with thousands of employees entering the infrastructure through millions of new touchpoints is a security nightmare — and many enterprises are largely unprepared for this new and massive influx.

In sum, just as data exfiltration is not merely a problem, but a true business threat, security is not so much a process as a true business asset. Organizations that allocate time and resources accordingly will always come out ahead.


Tags: Cybercrime
Previous Post

Hanzo Launches New Legal Hold Solution for Slack: Offering Precise Control and a Lean Approach to Slack Data Management

Next Post

Dun & Bradstreet Partners with encompass to Enable Due Diligence in Uncertain Times

Cath Goulding

Cath Goulding

Cath Goulding, CISSP, is Chief Information Security Officer at Nominet, which manages a critical component of all digital infrastructure operations in the country, enabling the DNS and associated cybersecurity services. With more than two decades of industry experience in both the private and public sectors, she began her career with the government in 1997 and for over 15 years held senior positions in a variety of functions spanning research, intelligence operations and information security. Among other departments, she spent time at Government Communications Headquarters (GCHQ), the critical intelligence and security organization responsible for providing signals intelligence (SIGINT) and information assurance to the U.K. government and armed forces. At Nominet, Cath is responsible for implementation and maintenance of ISO27001 certification. Throughout her career, she has emphasized education and collaboration. She has long championed awareness as the first and best line of defense, and her staff training program at Nominet, focused on addressing areas such as social engineering, phishing and related security issues, has been cited as the model for other enterprises. She frequently speaks at IT security conferences and has been formally recognized as Security Champion of the Year in the U.K. She has a B.S. in Mathematics and an M.S. in Human Computer Interaction.

Related Posts

castle pixel art

Building a Defense-in-Depth Culture to Combat Phishing

by Perry Carpenter
March 22, 2023

Phishing attempts are only growing more sophisticated by the day, and effective cybersecurity means defending all the vectors of attack,...

cisa website

What Can Your Organization Learn From the New CISA Strategic Plan?

by FTI Consulting
January 11, 2023

Cyber threats against organizations of all sizes are only rising as scammers and fraudsters become more and more sophisticated. Kyung...

QA logo_bailey leslie

Q&A: For Effective Financial Crime Prevention, Build a Better Mix of Machines and Humans

by Bill Millar
May 3, 2022

To police financial crime, more businesses are incorporating artificial intelligence — machine learning, in particular — into monitoring, prevention and...

overhead b and w shot of a person's hands typing on a laptop.

How Criminal Actors Learned the Art of Cyber Warfare from Nation State Hackers

by Jon DiMaggio
March 8, 2022

In 2016, hackers associated with the North Korean government almost made off with $1 billion from the Bank of Bangladesh....

Next Post
due diligence written on chalkboard next to businessman

Dun & Bradstreet Partners with encompass to Enable Due Diligence in Uncertain Times

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT