Recently, Tesla CEO Elon Musk was forced to admit that his company was the victim of sabotage by one of its own employees. That employee, frustrated over recently being passed up for promotion, applied damaging code to the company’s manufacturing system and shared large amounts of sensitive data with third parties.
Given the company’s desperate need to make progress following a string of negative announcements, the timing couldn’t have been worse.
Tesla’s situation, though perhaps one of the highest profile cases, is not new or unheard of. Companies quietly monitor their workflows and processes for any signs of IP theft or sabotage by disgruntled or even misinformed employees. Very often, it’s simply a case of those employees taking the work product that they created, believing that they have ownership. In other cases, an employee may copy large contact lists hoping to maintain and divert relationships to a new employer.
Whatever the theft, and whatever the motivation behind it, this particular crime is common and can cause a company not only financial loss, but the potential for serious reputation damage and even litigation.
Roughly 50 percent of employees will take work product when they leave a company, and close to 40 percent will attempt to leverage that work product on behalf of their new employer.
But what can we do about it?
Most companies leverage commonplace strategies, such as blocking employees from using online storage sites such as Dropbox, or disabling USB ports so that files cannot be moved to USB storage devices. The fact is that these methods are only a minor stumbling block for an employee intent on taking work product.
In the past, to determine whether information was stolen, companies needed to do forensics work, costing a lot of money, time, and resources. It is hard to measure an ROI for a process like this because you cannot assess the value of an event that may have been prevented, and you cannot assume the result before you commit the resources. Many companies struggle to see the value in building processes that protect their IP in the face of committing resources to R&D, service line launches, shareholder rewards, or employee benefits.
Understanding this challenge and leveraging its forensics expertise, RVM created a tool – Tracer – to analyze computers and identify activities that might be affiliated with potential IP theft. It is designed to look for user behaviors (online and offline) that may indicate an employee’s ill intentions. The tool can sweep through the user’s actions looking for files and actions and can draw attention to troubling patterns to guide an employer’s decisions.
But, technology alone may not be enough to overcome the problem. Leveraging experts that can properly assess the problem and collaborate with a company to right-size the solution is a powerful next step. The best way for companies to protect their IP is to ask the hard questions regarding its value and be prepared to take action.
Tesla is a strong company with a stable revenue stream, and will likely weather this storm. Other companies may not be so fortunate.Tags: cybersecurity , IP Theft , RVM Tracer , Tracer