A business’ employees are perhaps its greatest weakness in terms of its cybersecurity, although they also have the potential to be one of its greatest advantages if trained properly. To demonstrate this, let’s consider a few examples that exemplify either case.
In late August, a Russian national was arrested and charged with conspiracy to intentionally cause damage to a protected computer for attempting to recruit an employee of Tesla to install malware on the network of the Nevada company’s Gigafactory, as confirmed by owner Elon Musk via Twitter.
According to court documents, it was in mid-July that this hacker—27-year-old Egor Igorevich Kriuchkov—established contact with a Tesla employee whom he had briefly met in 2016. Using the popular messaging application WhatsApp, Kriuchkov set up an in-person meeting with the unnamed employee. By August 3, Kriuchkov tried to recruit this employee to assist him in stealing data from Tesla and extorting money in exchange for keeping this data private.
The attack would work like this: by simulating a Distributed Denial of Service (DDoS) attack, the group that Kriuchkov was working with could then steal Tesla’s data unnoticed. Then, the group would reach out and demand that Tesla pay them money to keep this data private.
After a few days, Kriuchkov requested another meeting with the employee to iron out the details. However, the employee had already made contact with the FBI to inform them, and as the FBI surveilled the meeting, the employee was able to get Kriuchkov to repeat his plan, listing other companies who the group had worked against and assuring the employee that their past conspirators were still employed by their companies. The employee was even told that another coworker could be made to look responsible if there were someone that this employee had a grudge against.
Ultimately, enough evidence was collected to arrest Kriuchkov, and he could now face up to five years in prison.
So, it was because of the employee’s efforts that Tesla was able to dodge a significant bullet here.
While Tesla was able to sidestep this threat due to the diligence and honesty of their employee, many companies have not been nearly so lucky. According to the Ponemon Institute, insider threats (such as the one that Kriuchkov and his co-conspirators were encouraging) have risen in frequency by 47 percent over the past two years, with the average incident increasing in cost by 31 percent.
Therefore, the importance of minimizing these incidents in your own business is clear. To do so, you need to ensure that your employees are on your side and are prepared to protect your business.
The name of the game is going to be education. Not only will you need to make sure your employees are motivated to protect your business, they will need to know how to do so. For starters, we recommend that you do a few things:
Whether you need assistance in securing your infrastructure with the proper protective solutions, training your team in more secure behaviors, or both, you can turn to Marin Technologies for assistance. To learn more about how we can make it more likely that you’ll have an outcome closer to Tesla’s than to so many others’, give us a call at (208) 329-6792.