BSides Boston 2016 has ended
Back To Schedule
Saturday, May 21 • 4:00pm - 4:45pm
Simple Data Exfiltration in a Secure Industry Environment
Since Edward Snowden’s extensive data exfiltration from a high-security NSA environment, there has been heightened focus on data exfiltration - not only from government and defense environments but also from security-conscious industries such as finance, health-care, insurance, etc. While much of Edward Snowden’s exfiltration is thought to have required elevated privileges such as access as a system administrator, today’s industry leaders are also concerned about regular employees and are asking the question ‘how easy would it be for an employee or vendor with only ‘user-level’ privileges and minimal IT training to exfiltrate data?’

In the author’s experience as an IT auditor at dozens of security-conscious environments, the answer to that question is that data can easily be exfiltrated by employees with little or no IT training. Further, and importantly, most organizations have little or no effective detective controls that would alert or detect such data loss.

This presentaion explores the top 10 data exfiltration methods that can be accomplished with only ‘user-level’ privileges and that are routinely overlooked in security-conscious industries.


Phil Cronin

Phil Cronin started DataSec LLC to provide risk management and data security services for security-conscious industries. Phil has partnered with senior management and audit committees in improving management oversight and control and ensuring IT regulatory compliance. He has over... Read More →

Saturday May 21, 2016 4:00pm - 4:45pm EDT
NERD 1 Memorial Dr
  Break It
  • Room Commons