Skip to main content

Top Exfiltration Vectors for Insider Threats


If you haven't heard already, welcome to the collaboration age. Collaboration tools are great and data has never been more portable. In an open, collaborative work environment, employees are not chained to their desk from 9:00 to 5:00, Monday through Friday. They have flexible work schedules and flexible work locations. Employees can upload files to the web, sync data to personal cloud accounts, email file attachments and even share files publicly from corporate cloud storage accounts. And therein lies the risk.


While great for productivity, collaboration tools decentralize the data that's traditionally created, secured and backed up in the data center. And the risks to that data is magnified because the very tools that workers use to collaborate are now some of the most popular exfiltration vectors for moving data out of an organization. On top of that, the influx of dual use personal and business products like Gmail, Slack, Google Drive and OneDrive only increase the complexity of this issue. And sure, you could try to block them all, but when security teams block one vector, users simply find another. And how do you distinguish between sanctioned and unsanctioned OneDrive behavior? How can you block personal Gmail if the corporate email product is Gmail?


Regardless of insiders are acting maliciously or putting data at risk accidentally, an insider threat program will need to take these vectors into account. And where traditional cyber security focused on prevention, that's no longer enough. Instead, a robust cyber security program needs to focus on detecting and responding to risk from everywhere, outside and inside.


Oh, in case you were wondering, the traditional exfiltration vectors – yeah, those are still there. However, exfiltration vectors aren't the only consideration for a modern insider threat program.


Check out our other videos to learn more about the whys and what's before we tackle the how's.


About the Author

Alex is a Senior Program Manager at Code42 with a focus on developing a robust and flexible on-demand curriculum. Alex brings more than 25 years of industry-leading technical training for both the classroom and online. Prior to Code42, Alex worked in training development and delivery for various high-tech companies including Imation, QLogic and IBM. When not in front of or behind the camera, Alex evaluates new technologies and methods for making training more meaningful, engaging and timely.

Profile Photo of Alex Matheson