Four Lessons from Tesla’s Insider Breach

Tesla has filed a lawsuit against the employee CEO Elon Musk said “committed sabotage against the company,” Bloomberg first reported. The lawsuit was filed in Nevada on Tuesday, June 19, and alleges the former employee "unlawfully hacked the company's confidential and trade secret information and transferred that information to third parties." The former employee’s legal team says he is a “whistleblower” who was “trying to bring problems to light,” according to CNN. Musk said an employee had changed parts of Tesla's manufacturing operating system code and sent "highly sensitive" company data to outside parties, including the press, according to an internal email acquired by CNBC. This isn’t the first Tesla employee accused of sharing trade secrets with third parties. The company sued another former executive in January of 2017 for sharing trade secrets around its proprietary Autopilot technology.

While the facts in the case are still being determined, the latest headlines around Tesla’s lawsuit against a former employee offer several lessons to enterprises:

  1. Adversaries, even internal ones, are always finding new ways to steal data. According to the Tesla lawsuit, the employee in question “wrote software to aid in an elaborate theft of confidential photos and video of Tesla's manufacturing systems.” But for most companies, it’s far easier to access documents - all it takes is a thumb drive or hitting the “forward” button on an email.
  2. Current prevention-focused security solutions have too many gaps. Even with endpoint detection and response, firewalls, and data loss prevention security systems, it is still possible for an employee to steal sensitive company data and share it with any third party. There are gaps in these solutions that give insiders several work-around options. The time to deploy is long and complex.
  3. Third-party risk is pervasive. Once data has left the safety of the corporate perimeter, there are typically no protection mechanisms in place. Companies have had no way of knowing who has accessed this data, where, or when. They cannot confidently answer the question, “Do you know where your data is?”
  4. Time-to-detection is still a massive challenge. The employee at the heart of the Tesla lawsuit worked for the company since last October. The company only detected the alleged unsanctioned sharing of sensitive data when it was published in a Business Insider story in June of this year. If Tesla’s allegations are true, this is another example of an adversary having free run within a company’s systems, helping themselves to data for months without being discovered.

This incident is not likely the last for Tesla. Musk recently tweeted, “There is more, but the actions of a few bad apples will not stop Tesla from reaching its goals. With 40,000 people, the worst 1 in 1000 will have issues. That’s still ~40 people.”

Tesla is in a difficult, yet common, conundrum. Innovation is what drives the success of the company, and innovation is a result of successful collaboration between employees. Data will be made vulnerable; it’s inevitable. And this is a risk that businesses must take in order to lead in their industries. There is no definitive way to protect all confidential company data at all times without dramatically impacting business operations. However, there is an alternative to “flying blind.” Tracking data fills in the gaps in prevention-focused offerings and informs companies of where and how their data is being accessed.

Had Tesla opted to track its confidential data, its security team could have easily added Allure Beacons to all of its proprietary documents, and even planted deceptive documents to use as trip wires alongside authentic information. This combination creates an environment in which insiders are less likely to snoop, knowing they can easily trigger an alert. Security teams stay informed about all activity related to highly confidential documents even after they are shared with third parties. With real-time, detailed alerts, they can respond quickly to minimize the damage, plus narrow down the suspect list and identify the leaker, limiting financial and reputation damage. The best part is that the Allure Beacons can be deployed in minutes, easing the burden generally associated with large-scale data protection initiatives.

No organization can prevent all breaches. Tracking the data that matters most gives companies the best chance to limit risk, respond quickly and effectively, and hold perpetrators accountable.

Get Started Now

Posted by Jonathan Wolf on Jun 26, 2018 4:17:39 PM
Jonathan Wolf

Jonathan Wolf

As VP Products, Jonathan Wolf is responsible for product management and product marketing at Allure Security. A veteran of the Boston area software and security industries, he most recently served as Product Management Director at SecureWorks. He was VP Marketing and Product Management for SilverBack (acquired by Dell) and earlier founder and CEO of Gold Wire Technology (acquired by Intelliden and subsequently IBM). Jonathan earned bachelor's and Master's degrees in Computer Science from MIT.

Topics: intellectual property, breach detection, insider threat, data breach, data leak

Related posts