Data exfiltration is no laughing matter these days. The fallout for an organization can be substantial: Target's CEO resigned in the wake of the retailer's late 2013 data breach, while eBay must now battle a class action lawsuit over an early 2014 data breach. Your customers may be worried about whether their data assets might be targeted, too. Here are three types of data most vulnerable to data exfiltration.
1. Customer financial information
It should come as no surprise that for hackers and malicious insiders, the vast amounts of customer financial information held by banks, payment processors, and retailers can prove irresistibly tempting. Identity theft is big business that can bring in big profits for data thieves, who sell customer financial data such as credit and debit card and bank account numbers in large quantities, often for high prices. This information is then used to transfer money out of victims' bank accounts or to rack up charges on victims' credit cards. Identity theft can be anything from a minor inconvenience to a major setback for an individual consumer. For the organizations from whom the data is stolen, however, this type of data exfiltration is almost always a catastrophe, thanks to mandatory public breach notifications and heavy fines for non-compliant security policies and infrastructure.
2. Internal employee documentation
Like customer financial information, internal employee documentation such as that stored by HR and employee benefits departments can become a treasure trove for data thieves. HR and benefits departments often retain employees' bank account information in order to process paycheck deposits. They also hold on to a wealth of other confidential personal information, such as full names, current addresses, and employment history, with which identity thieves and other scammers can impersonate victims. Like the theft of consumer financial information, data exfiltration involving employee documentation can be disastrous for the company attacked.
3. Proprietary or confidential corporate data
Most—if not all—organizations need a high level of data privacy in order to maintain a competitive advantage. Any company that designs its own products must protect its research and development goals, processes, data, and results until the time is right to release the information. Premature leaks can lead to competitors getting the upper hand. Unauthorized leaks of confidential corporate data, such as profits, losses, earnings and spending, can also cause damage to a company's brand, strategy, and bottom line. This type of data exfiltration is particularly insidious because it often originates in malicious intent towards the organization itself: a desire to steal its intellectual property or to harm its reputation or business. Corporate espionage isn't just the stuff of movies, but a real threat to real businesses.
Now more than ever, businesses need to protect their information from data exfiltration. Here's where their VARs can come in. With your knowledge of the technologies that alleviate security and privacy concerns, including context-aware security paradigms, and your partnerships with leading security product vendors, you can help your customers keep their data safe. If your expertise isn't quite where it should be, speak to an Ingram Micro information security specialist today to learn how to get up to speed.
What types of data do you think are most vulnerable to data exfiltration? Tell us your thoughts in the comments.