Tesla founder Elon Musk has accused one employee of conducting “extensive and damaging sabotage” to the electric car manufacturer in a company-wide email sent yesterday.

Musk’s email, reportedly seen by Reuters, revealed that the unnamed employee had made changes to the code behind Tesla’s manufacturing operating system. Likewise, the company also discovered that he had been sending sensitive data to third-parties without authorisation. According to the email, the employee admitted that his actions were a response to the company’s failure to give him a promotion that he felt he deserved.

The entire scale of the sabotage attempt — whether he was acting alone, as well as the resulting damage — is unclear.

Musk told his Tesla employees:

“The full extent of his actions are not yet clear, but what he has admitted to so far is pretty bad.

“His stated motivation is that he wanted a promotion that he did not receive.

“As you know, there is a long list of organisations that want Tesla to die.”

Tesla will seek to determine whether the rogue employee was acting alone or conspired with a third-party. Musk speculated that someone from Wall Street, within the oil and gas industry, or a rival car company might have been in some way involved in the attack.

An internal investigation into the Tesla sabotage will continue this week. But how do attacks like this happen and what can businesses do to stop it?

Abuse of trust

In the wake of large-scale data breaches and cyberattacks like WannaCry and Petya, businesses are starting to understand the importance of implementing decent cybersecurity defences. However, businesses generally allow employees to bypass these extra security steps.

Chris Morales, head of security analytics at artificial intelligence cybersecurity company Vectra, told Verdict:

“Users on corporate networks are usually part of a ‘trusted’ group. For example, while on a corporate network, employees typically don’t need to perform the same extra authentication steps necessary to connect to services and applications that they do when they are connected from home.

3 Things That Will Change the World Today

“As a result, they can move around fairly freely.”

Employees, Morales explains, pose a huge risk to their employers, even more so than cybercriminals. However, most employers do not have security systems in place to stop attacks from internal sources.

Morales told Verdict:

“Trusted users always pose the highest risk as they have the means and only lack the motivation.”

All it takes is for an employee to feel let down or deceived and that motivation quickly presents itself. This appears to be the case at Tesla, going by the few details that have emerged so far.

The cost of corporate sabotage

While the chances of it happening are slim, the damages caused can be costly.

In 1997, a disgruntled former employee targeted business publication Forbes. George Parente broke into the company’s computer systems and caused $100,000 (approximately $157,000 in 2018) worth of damage.

According to a document published by the US Federal Bureau of Investigation and Homeland Security Department in 2014, workers are increasingly using technology to disrupt business or steal secrets. Sabotage attempts include the theft of customer data, destroying company records and making unauthorised purchases on client accounts. Some cases involved employees attempting to extort their employers by restricting access to company files.

The report stated that US-based companies have suffered costs of up to $3m as a result of corporate sabotage. Costs include the value of stolen data, service disruption, implementation of security measures, legal fees and revenue losses.

Internal monitoring

The issue, Morales feels, isn’t that employees have access to company files, or the ability to alter them. The issue is that businesses are allowing their employees to do so largely unchallenged.

Morales told Verdict:

“I see this as a problem between approved and unapproved behaviour, as it was a trusted user who obfuscated their actions with fake accounts that clearly should not have existed or should not have been used to make changes to production code or to transfer large volumes of data to untrusted third-party entities.”

The Tesla employee had reportedly been using false usernames in order to try and hide his identity. This has raised questions about how he was able to create a new user account with the permissions to cause such damage – an issue that could have been avoided had the right security systems and procedures been in place.

Morales said:

“In either the case of a cyberattack or a rogue employee who is an insider threat, enterprises benefit from internal monitoring that can detect suspicious behaviour in order to prevent damage.

“The challenge is understanding the difference in approved and unapproved behaviours as they occur and to prioritise the riskiest behaviours so that an immediate response can be formulated, before the damage is done.”

Tech protecting tech

Tech companies are increasingly developing artificial intelligence solutions for our problems. Cybersecurity is one of many areas where AI is proving to be of use.

More and more companies are turning to AI solutions to detect and deal with threats before attackers are able to cause damage to computer systems.

According to ESG research, some 12% of enterprise organisations are already using AI security solutions. Given the increased importance of handling user data and cyberattacks continuously increasing in frequency and severity, a growing number of companies will turn to new technologies to improve their security this year.

Using machine learning, platforms such as Palo Alto Network’s Magnifier Behavioural Analytics and Vectra’s Cognito block incoming attacks. These platforms claim to work whether it is an external party or company insider behind the attack. These platforms analyse data and identify and block incoming threats, as well as expose those that are behind the attack.

Some products, such as data deception technologies, are able to set traps to catch data thieves. This works by creating and planting “bait” files. The software mixes these files in with existing files to attract attackers that have gained unauthorised access to a network. These files look like normal files. However, interacting with them will trigger an alert, informing the network administrators of an attacker’s presence.

According to research conducted by consultancy firm Willis Towers Watson, human error is the cause of 90% of all cyberattacks. If companies can’t trust humans to keep their data safe, or keep their hands off of it in Tesla’s case, what better to turn to than a highly intelligent machine?