Case Study – GE employee

General Electric employees stole trade secrets to gain a business advantage

What happened?

Two employees of General Electric (GE) stole data on advanced computer models for calibrating turbines the company manufactured. They also stole marketing and pricing information for promoting this service.

With the stolen intellectual property in hand, one of the employees started a new company and competed with GE in tenders for calibrating the turbines.

What were the consequences?

GE lost several tenders for turbine calibration to the new competitor. When they discovered that this competitor had been founded by their employee, they reported the incident to the FBI. In 2020, after several years of investigation, the insiders were convicted and sentenced to prison time and $1.4 million in restitution to General Electric.

Why did it happen?

GE employees downloaded thousands of files with trade secrets from company servers and sent them to private email addresses or uploaded them to the cloud. One employee also convinced a system administrator to grant him access to data he wasn’t supposed to have access to.

None of these malicious actions triggered a response from the GE cybersecurity system. Deploying access management and user activity monitoring solutions could have helped GE detect intellectual property theft in time and speed up the investigation by gathering necessary evidence.

How to Detect and Prevent Industrial Espionage



Case Study – Cisco employee

Former Cisco employee purposely damaged cloud infrastructure

What happened?

A former Cisco employee gained unauthorized access to the company’s cloud infrastructure and deployed malicious code that deleted 456 virtual machines used for Cisco’s WebEx Teams application. As a result, approximately 16,000 users of WebEx couldn’t access their accounts for two weeks.

What were the consequences?

Cisco had to spend approximately $1.4 million in employee time to audit their infrastructure and fix the damage. The company also had to pay a total of $1 million in restitution to affected users.

The incident happened in September 2018, but the case has yet to be resolved in court as of December 2020. The attacker may face up to five years in prison and a fine of $250,000.

Why did it happen?

The former Cisco employee used his knowledge of Cisco’s security mechanisms and abused their weaknesses to gain access to cloud infrastructure and deploy his code. Apparently, access to sensitive resources wasn’t protected with two-factor authentication or other access management tools.