Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - News & Analysis - Tesla Hit By ‘Damaging Sabotage’ By Employee
News & Analysis

Tesla Hit By ‘Damaging Sabotage’ By Employee

ISBuzz TeamBy ISBuzz TeamJune 20, 2018Updated:December 4, 20245 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

On Sunday night, Tesla CEO Elon Musk sent an email to all employees alleging there was a saboteur within the company’s ranks. Musk said this person had conducted “quite extensive and damaging sabotage” to the company’s operations, including by changing code to an internal product and exporting data to outsiders. IT security experts commented below.

Chris Morales, Head of Security Analytics at Vectra:

“Users on corporate networks are usually part of a “trusted” group. For example, while on a corporate network, employees typically don’t need to perform the same extra authentication steps necessary to connect to services and applications that they do when they are connected from home. As a result, they can move around fairly freely. Cyberattackers typically steal employee credentials in order to enjoy the same freedom of movement while they spy, spread and steal. In this case, an employee became an insider threat. In either the case of a cyberattacker or a rogue employee who is an insider threat, enterprises benefit from internal monitoring that can detect suspicious behaviour in order to prevent damage. We see an increasing number of organisations using AI and advanced analytics to address these use cases.

Trusted users always pose the highest risk as they have the means and only lack the motivation. In this instance, the motivation sounds personal, and that is quite often the case in corporate sabotage. It is not clear how this event was detected, but it sounds like it was discovered after the damage already occurred and there is still work to uncover the extent of that damage.

I see this as a problem between approved and unapproved behaviour as it was a trusted user who obfuscated their actions with fakes accounts that clearly should not have existed or should have been used to make changes to production code or to transfer large volumes of data to untrusted third party entities. The challenge is in understanding the difference in approved and unapproved behaviours as they occur and to prioritise the riskiest behaviours so that an immediate response can be formulated, before the damage is done.”

Joseph Carson, Chief Security Scientist at Thycotic: 

“This is a major reminder to why Privileged Access Management is a must have for organisations that deal with sensitive information or personal information and why least privileged is a practice being adopted by many organisations.  Most organisations, while they attempt to secure and protect privileged access, they continue to do it on what they know which in most incidents is not accurate.  Organisations continue to fail at the most important aspect on restricting privileged access which is proactively discovering privileged accounts in the environment and it appears that Telsa have failed to do that most important step in least privilege which is discovering and detecting unapproved privileged access.

This will likely be a major lesson for Telsa and hopefully this is not related to the recent accidents with their vehicles which I am sure the regulators will be looking into if they are related, it shows why privileged access was moved to the top #1 project for organisations in 2018 according to Gartner so such incidents are less likely to happen in the future.”

Bill Evans, Director at One Identity: 

“What do the numbers 17.95 and 4.84 have in common?  I’ll tell you.  Tesla stock has dropped $17.95 today which equates to 4.84% of the company’s value (and it’s only 10:30 AM ET).  This is on the heels of Elon Musk’s email extolling the damage being done by an insider with perhaps too much access.

If ever there has been proof of the need for better cybersecurity, this is it.  It appears that even Tesla has not completely solved this challenge.  To be clear, the challenge as laid out here likely lives in two areas – first, access governance.  Access governance is ensuring the right people have access to only the right stuff at the right time.  By ensuring those that create code can’t also insert this code into production environments, organizations can limit their risk and exposure.  Second is privileged access management (PAM).  PAM is making sure that an organization can control, audit and secure those individuals with elevated or admin access.

While it’s impossible to determine exactly what happened at Tesla, smart organizations have already deployed access governance and privileged access management to help mitigate cyber risk.”

Thomas Richards, Associate Principal Consultant at Synopsys:

“Internal threats can produce a great deal of damage as they are already inside your company and authorised to access sensitive company data and assets. To counter any internal threats, organisations should fully test all code and track employee changes based on a bug tracking system or changelog. This provides answers to questions such as ‘did the person carry out what was required to resolve the issue at hand?’

“Although companies need to inherently trust their employees, all work should still be monitored and verified before code can enter production. Any unnecessary or unusual access to code and resources should be investigated.  All login attempts both successful and not successful should be monitored and reviewed for inconsistencies. Sensitive data including code or other organisational assets should also be protected and segmented from general access inside the environment.  Additionally, workstation controls should be put in place to prevent employees from moving data onto removable media. Account creation and authorisation should be handled by a centralised group who will vet and verify requests for account creation and access.”

Thomas Nuth, Director at Nozomi Networks:

“The recent allegations of internal sabotage from an employee of Teslahighlights the need for real time visibility and cybersecurity at all areas of critical operations. In the case of Tesla, reports allege that internal sabotage led to multiple fires within the painting of the Model 3, production inefficiencies leading to ramp up failures and possible IP leakage to external organisations. At Nozomi Networks we believe operational and cyber vigilance is as important for managing internal threats as it is against external threats.”

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

The Real Cost of Inconsistent Third-Party Access

December 18, 20255 Mins Read

What Happens When Devices Cross Borders? The Role of Geofencing in Global IT

August 7, 20256 Mins Read

The Evolving Importance of Identity Governance in FinTech

July 10, 20258 Mins Read
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}