Apple and Tesla Story Needn’t Be Yours

Loss of data in any form is detrimental to an organization’s growth. But the loss of IP in the form of CAD files perhaps is tantamount to ringing the death knell.

Data breach at Apple and Tesla

An article published in Information [1] states how factory workers have pilfered and released yet-to-market iPhone designs into the Dark Web.  What makes the report interesting is Apple’s approach. It is currently reducing the number of ‘security staff’ and is, instead, focusing on addressing the leakage of CAD drawings and schematics. In as to why the design of such highly priced (and prized) phones is being leaked into the black market is anybody’s guess.

It is interesting to note that over two years ago, an Apple executive had revealed that more leaks happen from inside Apple headquarters in Cupertino, California, than from supply chain (vendors)!


Have you watched our video on CAD file security? Watch it here.


The well-known Tesla data theft story brings into fore a vital point – the real and present danger of malicious insiders. A Digital Guardian article published a little over a year ago states Tesla CEO Elon Musk as having addressed employees stating that the malicious insider had created fake usernames to modify proprietary Manufacturing Operating System’s (MOS) source code. Having done this successfully, he also exported Gigabyte sized files – highly sensitive photographs and videos – and shared them with unknown third parties.

We get to hear big bang stories occasionally, but the fact is that such events happen more frequently than we care to concede.

If it can happen to Apple and Tesla, why not you?

From malwares to insiders and from vendors to fake IDs and false impersonation, the ways to get to valuable IP are many. What should be considered by all is the question: If it can happen to Apple and Tesla, why not you? It most definitely can. But we strongly believe that if you are not careful, it will.

With such foundation, what should be done? While, understandably, it is almost impossible to detect intrusion, but using sophisticated monitoring, it is possible to track wherefrom and where to the data is going. In other words: Visibility is power.


Do you use Microsoft’s Azure Information Protection? Why invest in an expensive new security solution?


Do you know where your data flows?

Be wise. Know what data flows where at all times and in every scenario – including during ‘firefighting’ sessions.

Reduce risk and help your organization stay compliant by getting real-time alerts of sensitive data downloads. You must include all data downloads and extraction activities from SAP which should be aggregated into a fully customizable audit log for easy perusal. If required, extract such information to powerful tools such as SAP Business Intelligence and Analytics solutions for deep inference and understanding.

A dedicated CAD file protection solution leveraging your investments in Microsoft

There are many products that promise to secure CAD files shared in worldwide process chains using proprietary encryption. However, when you have invested in Microsoft Office 365, leverage Microsoft Information Protection for your CAD files using a simple cost-effective connector – HALOCAD®.

HALOCAD protects CAD files beyond the IT landscape for both SAP and non-SAP users and ensures sensitivity level outside the landscape. To know how SECUDE can protect your vital information, typically CAD files, visit our HALOCAD page.

Reference

[1] Apple reduces number of factory secrecy staff, cracking down on CAD schematics leaks

[2] New industrial espionage campaign leverages AutoCAD-based malware

[3] Tesla Data Theft Case Illustrates the Danger of the Insider Threat

Related Reading

[1] Protecting IP of a Manufacturing Company – A Case Study

[2] Why invest in a new CAD file security solution when you can leverage your investment in Microsoft AIP

[3] How to ascertain suspected data leak from the IT landscape?