ZoneFox: Elon Musk emails employees about 'extensive and damaging sabotage' by employee
- Jamie Graves, CEO at ZoneFox
- 19.06.2018 12:45 pm undisclosed
Tampering with Tesla code could have truly lethal consequences for its customers on the road, so the severity of this sabotage cannot be understated. This, combined with the exporting of highly sensitive data to unknown third-parties, is a shocking example of the damage that can be caused by insider threats -- in this case, clearly malicious rather than accidental. As Musk says himself, the full extent of the saboteur's actions are not yet clear, but we do know that the prime motivation behind this crime was vengeance after being denied a promotion.
The ramifications of this insider attack could lead to Tesla IP getting in the hands of automotive competitors or the types of industries mentioned by Musk that might not want, for example, low-carbon ventures to succeed. Protecting IP is paramount for a company like Tesla, whose product is inextricably linked with human lives. Now, following on from this IP theft, Musk is scrambling to find out whether his disgruntled employee was acting alone or with others at Tesla -- and, crucially, if he was working with any external organisations.
No doubt Musk is under fire from the media, with internal reports of ambitious production schedules, but -- from a cyber security perspective -- both the technology and culture within his company need to be addressed. Machine-learning capabilities can flag suspicious behaviour within a company after building a picture of 'normal' behaviour. This, combined with a robust company-wide education programme that encourages an open culture of security, is vital for keeping data secure. Undoubtedly, the blame culture of IT security needs to change, so that insider threats can be spotted and managed before they cause extensive damage.
