What are the implications of data exfiltration?
Falling victim to a data exfiltration incident can have numerous consequences, both financially and reputationally.
Where is the majority of exfiltrated data going?
Hackers are constantly becoming more organized, with criminal gangs increasingly recognizing the value of stolen data, both as a resource they can use directly for activities such as ransomware extortion and to sell on for easy profit.
BlackFog’s own research indicates that almost a fifth of exfiltrated data (19 percent) ends up in Russia. The dark web is another popular destination for stolen data, where it can be freely shared and traded. In 2022, for example, confidential data on unreleased iMac products were briefly published online by hacking group REvil after Apple refused to pay a $50 million ransomware demand.
Can exfiltrated data hurt your business?
Stolen data can be harmful to a business in a number of ways. Primarily, it can lead to unhappy customers and lost business, as well as the attention of regulators. With tough legislation threatening heavy fines for businesses that fail to protect sensitive data – up to $20 million or four percent of global revenue under GDPR, for example – the financial cost can be high.
Firms that hold extremely sensitive
proprietary data or trade secrets could also lose any competitive advantage they have in the market by giving away designs or future development plans to rivals.
All this is before you take into account the reputational damage that a data privacy failure can lead to. With consumers more sensitive than ever to misuse of personal information, they will rarely be quick to forgive a company that has proven unable to take care of their data. For instance, McKinsey notes that 87 percent of people will not deal with a firm if they have concerns about its security practices, while 71 percent said they would stop doing business with a company that gave away sensitive data.
What are the long-term costs of data exfiltration?
In the longer term, companies that have fallen victim to data exfiltration can find themselves facing a range of costs. In addition to regulatory penalties, the threat of class-action lawsuits from affected customers can be high.
As well as direct compensation, preventative measures such as credit monitoring services for any users who had financial details stolen can be a major expense. Elsewhere, the reputational damage such incidents can inflict is also huge and is something smaller companies in particular may never recover from. Indeed, it’s claimed that as many as 60 percent of small businesses close within six months of a data breach.
Prevent data exfiltration
The best defence against data theft is to block it before it happens. Once data has