When I first started in cybersecurity this word seemed fairly opaque. To me, at least; everybody around me used this word frequently. But, not coming from this world--like many people who make decisions--this word needs explanation.
I first read this word as the opposite to infiltration. Infiltration is getting in, so exfiltration would logically be getting out, right?
Yes. But getting what out?
Data. Everything is data and your data is precious. Exfiltration is moving data from inside your organisation to outside your organisation.
Not everyone who removes data is malicious. An employee putting documents onto a USB stick to work on at home is exfiltrating data non-maliciously. However, an employee putting documents onto a USB stick to take to their next job is exfiltrating data maliciously with deliberate intent to steal intellectual property (IP).
There are lots of ways to move data from your internal systems to uncontrolled locations, and while there may be use cases that justify these routes, it is worthwhile recognising that every way that data can be exfiltrated from your company can be abused.
