Accusations made yesterday by Tesla Inc. Chief Executive Officer Elon Musk that the company had been targeted by an employee who, among other things, sabotaged internal systems reveal important lessons in cybersecurity, according to a number of security experts.

“What do the numbers 18.28 and 4.93 have in common? I’ll tell you: Tesla stock has dropped $18.28 today, which equates to 4.93 percent of the company’s value,” Jackson Shaw, vice president of product management at One Identity LLC, told SiliconANGLE. And it’s all because an insider was given perhaps too much access to internal systems.

“If ever there has been proof of the need for better cybersecurity, this is it,” he said. “It appears that even Tesla has not completely solved this challenge.”

In particular, he explained, the challenge likely lives in two areas – first, access governance. “Access governance is ensuring the right people have access to only the right stuff at the right time,” he said. “By ensuring those that create code can’t also insert this code into production environments, organizations can limit their risk and exposure.”

The second is privileged access management, making sure that an organization can control, audit and secure those individuals with elevated or administrative access.

Ken Spinner, vice president of global engineering at Varonis Systems Inc. concurred, saying that the “incident suggests stronger technology and controls should have been in place. It’s one thing to have an insider try to snoop around systems and files, but it’s another issue altogether if they’re successful.”

Spinner said the Tesla case points to “two frightening scenarios: the exfiltration of valuable IP, and the alteration of critical information, in this case, code for their manufacturing operations. Tesla is in the spotlight as a tech innovator, and they must guard their intellectual property like it’s a gold mine.”

Gurucul Inc. Chief Executive Officer Saryu Nayyar warned that “disgruntled employees and industrial espionage, especially in technology-based organizations like Tesla, will always be a concern.

“Even progressive companies that can afford the best cybersecurity protection can be taken down by one malicious insider,” Nayyar said. “We like to say that you can steal an identity but you can’t steal behavior. Monitoring behaviors to detect anomalies is the most effective way to detect insider threats before it’s too late and prevent intellectual property theft.”

Image: Wikimedia Commons