Data Exfiltration

high

data-exfiltration

Unauthorized extraction of sensitive data from the organization

Information Disclosure

MITRE ATT&CK techniques

ID	Name	Tactic
T1041	Exfiltration Over C2 Channel	Exfiltration
T1567	Exfiltration Over Web Service	Exfiltration

Common Weakness Enumeration

CWE-200

Mitigating controls

ctrl-exfil-1: Implement data loss prevention (DLP) tools
ctrl-exfil-2: Encrypt sensitive data at rest and in transit
ctrl-exfil-3: Monitor and alert on unusual data transfers
ctrl-exfil-4: Implement egress filtering and monitoring
ctrl-exfil-5: Classify and label sensitive data

References

https://attack.mitre.org/tactics/TA0010/