When it comes to futuristic inventions, Elon Musk is one of the biggest names that take the stage. Everybody loves Elon for his charisma, passion, and innovation that has redefined the way we look at the future of technology. In recent cybersecurity news, One of Elon’s Multi-Billion Dollar businesses was reportedly hacked by a former employee. This is certainly not the first time Tesla was hacked but it's the first time their very own has turned against them.
Reports state that Tesla filed a lawsuit accusing a disgruntled former employee of hacking into the electric car-maker's systems and passing confidential information to third parties.
Elon expressed his emotions in an email that he wrote to all his employees stating ‘’I was dismayed to learn this weekend about a Tesla employee who had conducted quite extensive and damaging sabotage to our operations. This included making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties.”
Tesla claimed that it has suffered "significant and continuing damages" as a result of the misconduct.
Martin Tripp, the man accused of this breach claimed he was a whistleblower rather than a sabotager. Both parties exchanged accusations fiercely with Tesla claiming that Martin was denied a promotion which is why he decided to conduct this activity. Whereas Martin returned fire saying that this was always a generic excuse.
While all this seems like something out of a SOAP Opera on television, this is a serious incident and should be treated as a warning sign or a sense of urgency amongst other businesses. We're aware that the title says this may be a good thing but we're in no way encouraging horrible acts such as this. The point we're trying to get across is that thanks to the Tesla incident, our ignorance to the fact that there are multiple channels of hacking has now been validated.
We understand that this may have come out as a loose statement in the multiple posts we've written about unknown channels of exploitation. Even we, as a cybersecurity business have failed to talk about how you could be hacked via a simple inside job. This incident is an important reminder that the enemy hits us where we least expect.
If you think you are secured, think again!
Elon's Tesla taught us that it could be an employee act of revenge, similarly, other businesses have taught us that it could be employee carelessness and others just ignorance.
We've said it before and we'll say it again. Network security, web security, mobile app security etc have multiple components that differ in nature. You're not going to get secure with the mentality that one solution fits all. It is essential to get experts in each field to ensure every component of your business's infrastructure is hack proof.
We're not saying that there is a definite solution to employee mishaps. What we do want to emphasize in this post is that it has taught us, there is more than what we foresee as threats to our organization data.
Now that we can add one more element to our business security checklist, it's time businesses approach security holistically by breaking down different elements and creating a solid security strategy to eliminate loopholes that could cost the business massively through the smallest of vulnerabilities.
Many people would argue that this has nothing to do with cybersecurity but at the end of the day, your data has still been lost. That's what we are most concerned about.
Ninety-nine employees out of a hundred move from one organization to the next with no intention of betraying the trust of the organizations they are leaving. It's always that 1 out of a 100 that you need to watch out for.
Former members of staff may try to take confidential information with them to their new employers or deliberately tamper with data on the system out of spite. Fortunately, there are a number of things organizations can do to protect their data from such risks, as Michael Fimin of Netwrix explains.
Here are 5 things that Michael Fimin explains that you can do at a basic level to help prevent disgruntled employees from turning against you:
#1. Set up permissions properly
Because we don’t know who will turn out to be a rogue employee, it’s essential to establish and enforce the principle of least privilege: Grant each user access to only the systems and data they need to do their jobs, and nothing more. In particular, follow these best practices for configuring access lists on your file servers.
#2. Monitor changes to permissions
Once permissions are set up, we need to track and document all changes made to them. By making sure that all changes are authorized, we can reduce the risk of anyone getting access rights they don’t need, either accidentally or maliciously.
#3. Monitor the activity of privileged when they are accessing critical files
The most efficient effective way to do this is with privileged user monitoring software, change auditing software or data leak protection (DLP) software. You can also use native tools, but they are not nearly as easy to configure and use.
#4. Take control over data leakage methods
Ensure that you monitor the most common ways your employee's transfer data outside of your network like email, Web Traffic, VPN, USB and CD/DVD. Ensure that you are in total control of any of these actions whatever the situation may be.
#5. Encrypt data at the file system level
Encrypting the critical data on your file servers protects it because even if a departing employee steals the data, they cannot read it except from your workplace. File system level encryption is offered by third-party vendors but it is usually not cheap, so the data you encrypt should be worth it.
There you have it. Why the Tesla hack was a good thing for businesses world over and a few simple yet effective security measures to help secure your business from an inside hack. Get in touch with us at Appknox, we're happy to help you set up a security strategy that will help you ensure total security.