Data exfiltration transfers stolen data from victim to attacker — via web (HTTPS uploads), DNS tunneling, email, cloud storage, or physical media. The final stage of most attacks.
Exfiltration detection: DLP (pattern matching on sensitive data), egress monitoring (unusual outbound volumes), DNS monitoring (DNS tunneling), CASB (unauthorized cloud uploads), UEBA (unusual data access patterns). Preventing initial access is better than detecting exfiltration.