Data Exfiltration: Employee Selling Corporate Secrets
- Attacker Objective: Profit from selling Intellectual Property
- Threat Type: Data Exfiltration
In early 2018, an employee at a large media and entertainment company was caught selling extremely sensitive intellectual property to a third-party. This type of activity would be especially hard to detect using traditional tools such as threshold-based solutions that look for large or anomalous uploads. In this case, the files were being sent infrequently, and when they were sent, the amount of data traversing the network was very small.
In addition, this was a case where the perpetrator was authorized to access the information he was sharing. The files in question were sent to this person’s corporate email account from others within the organization. And the person did not forward or send all of the attachments contained in an any given email. They were selective and only sent very specific files, making their actions unlikely to trigger alarms that typically look for large or continuous uploads.
While the amount of data being uploaded was small and usually only occurred a handful of times per week, Awake identified the activity as “persistent” and “unique,” therefore elevating its risk score to prompt a closer look.
Dig Deeper with These Resources
Real World Incidents Detected and Stopped by Awake
Organizations across industries use Awake every day to identify and stop modern threats from both internal and…
EMA Top 3 Report and Decision Guide for Security Analytics
This Enterprise Management Associates (EMA) report identifies the leading priorities organizations face with resolving challenges and meeting…