Enforce a Data Classification Policy

A subject may exfiltrate data via a physical medium, such as a removable drive.

A subject uses an external device, such as a mobile phone or camera, to record audio, photos, or video to capture media.

A subject exfiltrates files through a network. A network can be an Internet Protocol (IP) network or other technology enabling the communication of data between two or more digital devices.

A subject has the ability to print documents and other files.

A subject is unaware that they are prohibited from accessing and exfiltrating or destroying sensitive data or otherwise contravening internal policies.

A subject interacts with a public Artificial Intelligence (AI) chatbot (such as ChatGPT and xAI Grok), leading to the intentional or unintentional sharing of sensitive information.

A subject may use an existing, legitimate external Web service to exfiltrate data

A subject uses a cloud storage service, such as Dropbox, OneDrive, or Google Drive to exfiltrate data. They will then access that service again on another device to retrieve the data.

A subject uses a code repository service, such as GitHub, to exfiltrate data. They will then access that service again on another device to retrieve the data.

A subject uses a text storage service, such as Pastebin, to exfiltrate data. They will then access that service again on another device to retrieve the data.

A subject exfiltrates data using a USB-connected mass storage device, such as a USB flash drive or USB external hard-drive.

A subject exfiltrates data by retrieving the physical drive used by a system.

A subject exfiltrates data by connecting an additional drive to a system using the Serial Advanced Technology Attachment (SATA) interface on a motherboard, and copying files to the new storage device.

A subject exfiltrates data using a floppy disk drive.

A subject uses a device, such as a mobile phone or camera, to take photos containing sensitive information.

A subject uses an external device, such as a mobile phone or camera, to take video recordings containing sensitive information.

A subject uses an external device, such as a mobile phone or camera, to take record audio containing sensitive information, such as conversations.

A subject exfiltrates files using BlueTooth as the transportation medium.

A subject exfiltrates files using AirDrop as the transportation medium.

A subject exfiltrates information using a messaging application that is already installed on the system. They will access the conversation at a later date to retrieve information on a different system.

A subject exfiltrates information using a web-based messaging application that is accessed through a web browser. They will access the conversation at a later date to retrieve information on a different system.

A subject tansports physical documents outside of the control of the organization.

A subject has the ability to print documents and other files with a printer outside of the organisation’s control.

A subject exfiltrates data using an organization-owned device (such as a laptop) by copying the data from the device to a personal Network Attached Storage (NAS) device, which is attached to a network outside of the control of the organization, such as a home network. Later, using a personal device, the subject accesses the NAS to retrieve the exfiltrated data.

A USB to USB data transfer cable is a device designed to connect two computers directly together for the purpose of transferring files between them. These cables are equipped with a small electronic circuit to facilitate data transfer without the need for an intermediate storage device. Typically a USB to USB data transfer cable will require specific software to be installed to facilitate the data transfer. In the context of an insider threat, a USB to USB data transfer cable can be a tool for exfiltrating sensitive data from an organization's environment.

A subject uploads confidential organization data to a note-taking web service, such as Evernote. The subject can then access the confidential data outside of the organization from another device.

A subject exfiltrates data outside of the organization's control using the built-in file transfer capabilities of software such as Teamviewer.

A subject intentionally submits sensitive information when interacting with a public Artificial Intelligence (AI) chatbot (such as ChatGPT and xAI Grok). They will access the conversation at a later date to retrieve information on a different system.

A subject recklessly interacts with a public Artificial Intelligence (AI) chatbot (such as ChatGPT and xAI Grok), leading to the inadvertent sharing of sensitive information. The submission of sensitive information to public AI platforms risks exposure due to potential inadequate data handling or security practices. Although some platforms are designed not to retain specific personal data, the reckless disclosure could expose the information to unauthorized access and potential misuse, violating data privacy regulations and leading to a loss of competitive advantage through the exposure of proprietary information.

A subject connects their personal device, under a Bring Your Own Device (BYOD) policy, to organization resources, such as on-premises systems or cloud-based platforms. By leveraging this access, the subject exfiltrates sensitive or confidential data. This unauthorized data transfer can occur through various means, including copying files to the personal device, sending data via email, or using cloud storage services.