CISO Case Files: The Getaway Drive

Smuggling for the Competition: 

People take home confidential documents for any number of reasons, reflex, maybe they are proud of their work, or they just need to catch up. Sometimes they take documents to be sold off.  Once these files have made their getaway hidden on USB drives, personal servers, or cloud drives, they are far beyond a cybersecurity team’s awareness or control. Documents living outside of a company’s control and not secured properly are leaks waiting to happen, in time they will become breaches once accessed by hackers or sold off in corporate espionage. In the early 2000’s Mike Yu (a.k.a. Xiang Dong Yu) smuggled out 4,000 design documents on a hard drive from Ford Automotive before selling them to Beijing Automotive Group. Ford estimated their losses amounted to nearly $100 million in lost IP and labor. [1] Air Taxi company Wisk had 3,400 documents downloaded to USB drives by an engineer on Christmas Day.  Three months later Wisk found four patent infringements by a competitor related to designs for better stability and control, thermal management of rotor control assemblies, and fast-charging batteries. [2] Time and time again, data that is moved outside of cybersecurity control is found in the hands of competitors. It’s not paranoia if someone is out to get you.   

Details from the crime scene: 

Our client a major automotive brand was assisting on a key Research & Development (R&D) project with an automotive supplier. The company had publicly announced its new product, innovative emissions technology but had kept most of the specifics top secret. If these trade secrets were exposed, the company would lose its first-mover advantage rendering the R&D program obsolete and wasting tens of millions of dollars. To prevent leaks only a small product team including third-party contractors were trusted with the knowledge of technical specifics and launch plans. (See how to Get Ahead of Digital Third-Party Risk Management here.)  One of these contractors loaded the project files onto a USB drive, took them home, and worked on them over the weekend. (Need recommendations on how to secure remote work?)  What followed was the beginning of a cybersecurity nightmare. The contractor plugged their USB drive into a home router and uploaded the design files to a cloud storage container with no password.  The result? Anyone and everyone could access the container and its contents. (See more cloud threats here.)   

CybelAngel Investigates: 

CybelAngel protects our customers by continuously scanning billions of IP addresses across the internet for leaked documents. It was during such a scan that we discovered the unprotected design files of the new product and details about its launch. Our solution immediately detected the leaked documents, which were processed through our Machine Learning algorithms applying a first sensitivity screening and predicting a critical incident.   This prediction triggered an alert, which our Analyst Team investigated. In a matter of hours, they were able to precisely identify who was responsible for the leak.  

Arresting the leak: 

This process enabled the CybelAngel Analyst Team to confirm the severity of the leak, the top-secret nature of the documents, and to issue an incident report to our clients within minutes of detection. The incident report provided context and details about what was exposed, which helped our client to assess the company’s risk and immediately take action. The contractor was contacted and instructed to unplug his USB drive and shut down the cloud storage. CybelAngel continued to monitor for traces of these documents across the Internet — ensuring that no one accessed and leaked the content.  With the leak arrested, our client could continue on confident they wouldn’t lose their Intellectual Property to corporate espionage.   

Detective’s Notes: 

Just because you’re paranoid doesn’t mean they aren’t out to get you. But in the world of cybersecurity paranoia pays huge dividends. By keeping a vigilant eye on data leaks you can stop a breach that will cost your company an average of $3.6 million dollars. [3] You can take the first step by trying CybelAngel’s free Data Exposure Dashboard. This case hit multiple themes you will see in other case files, third-party risk management, remote work cybersecurity, cloud leaks, and the importance of having monitoring, early detection, and remediation built into your solution. We’ve spent years thinking about how to get ahead of third-party risks and have compiled the best advice in the webinar Get Ahead of Digital Third-Party Risk Management in 2021 You can learn more about managing remote workforce security in my conversation with Florent Chabaud, VP of Business Security at Technicolor here Our own Julia Osseland, Product Marketing Manager shares her remediation strategy in the webinar Winning Data Leak Remediation: 4 Best Practices to Secure your Digital Assets     

REFS:       [1] https://www.bloomberg.com/news/articles/2021-04-06/moelis-flying-taxi-spac-accused-of-stealing-aircraft-technology 

[2] https://www.autonews.com/article/20120930/OEM01/120929845/automakers-grapple-with-rising-tide-of-industrial-espionage [3]https://www.ibm.com/security/data-breach