A former Tesla employee used his access to the company’s network to steal “gigabytes” of highly sensitive data and transferred it to unknown third parties.

Tesla CEO, Elon Musk, sent an email to all employees late last Sunday night alleging that he had discovered a saboteur in the company's ranks.

Musk said this person had conducted "quite extensive and damaging sabotage" to the company's operations, including changing code to an internal product and exporting data to outsiders.

abstract-action-auto-258083.jpg

On Wednesday, Tesla filed a $1 million lawsuit against the former process technician, Martin Tripp. In addition to the theft and transference of confidential and trade secret information, the lawsuit also claims the employee leaked false information to the media.

Tesla claims that Tripp was the source of a news report about punctured battery cells at Tesla’s factory. The lawsuit doesn’t specify which media outlet Tripp leaked to, but earlier this month, Business Insider ran a story about scrap metal waste and punctured battery cells at Tesla’s factory, citing documents and former employees as sources.

As with most insider data misuse, the employee was apparently disgruntled over his job situation. Tesla claims that Tripp, who was hired in October 2017 at the company’s massive battery factory near Reno, Nevada, committed these acts out of retaliation for being reassigned to a different job. 

"The full extent of his actions are not yet clear," Musk wrote. "But what he has admitted so far is pretty bad."

Tesla is investigating whether the employee acted alone or was working with outside organizations.

Addressing the Insider Threat

This incident is the latest reminder of the threats malicious insiders can pose to organizations that don't have the correct processes in place for mitigating such risks.

In a recent Raytheon-commissioned survey of IT security professionals, insider threats ranked low on the CISOs' priority lists, with only 36% saying they consider malicious or criminal insiders to be a high risk.

"Taking things at face value, this [act of sabotage] is basically a smorgasbord of cybercrime, and it could have affected any company anywhere. You have an insider threat. You have altered data affecting the factory operating system. You have leaked proprietary data. You have credential theft. And you have it all, apparently, at the hands of a disgruntled employee. It’s time to make insider threat a top priority," said Michael Daly, CTO, cybersecurity at Raytheon.

In recent years, there have been countless other big security incidents involving malicious insiders. Edward Snowden's 2012 theft and leaks of classified documents from the National Security Agency (NSA) remains one of the most high-profile examples of insider abuse.

However, insider threats can pose a significant risk to organizations of all sizes, across all industries. 

Approximately 50 percent of organizations have experienced at least one malicious insider incident per year, according to the 2017 U.S. State of Cybercrime Survey. The 2016 Cost of Cybercrime Study by Ponemon found that insiders were the most costly source of attacks. Incidents involving insiders cost an average of nearly $145,000 each and took 51 days to resolve, the longest of any type of attack.

“Disgruntled employees will always be a cause for concern,” says Brian Horton, CEO at Breadcrumb Cybersecurity. “Even larger organizations that can afford the best cybersecurity protection can be significantly impacted by one malicious insider.”

The most overlooked cybersecurity weakness is often the employee themselves. Here are 5 best practices for mitigating insider threats.

Know Your Critical Assets
Knowing your critical assets provides insight into the most important pieces in your infrastructure that need attention, and the data most likely to be targeted by malicious insiders.

Continually Assess Your Security Posture
Evaluating your organization’s security posture should be a critical and ongoing process. Monitor employee roles carefully as they change to ensure only those who require access to sensitive information have it.

Develop an Insider Threat Program
Implementing an insider threat program that involves all people, policies, and technology will help deter threats that employees can pose.

Document and Enforce Policies and Controls
Maintaining a consistent, clear message on all organizational policies and procedures will ensure employees are aware of how to handle the information they have access to.

Continuously Monitor User Behavior
Learn what normal employee behavior looks like in order to better recognize abnormal behavior. There are many available tools that help to establish baselines of normal user behavior, and detect irregular events.

One thing is certain, the insider threat is not going to get any better, nor is it going to go away. So, take steps to mitigate your risk and avoid opening your organization up to an attack like Tesla’s. 


Breadcrumb is a cybersecurity and executive advisory firm. Located in Central California, we partner with organizations throughout the US, protecting their critical assets from cyber breach. Contact us today for a no-obligation consultation.