BNMC Blog

What Can Be Learned from Coca-Cola’s Security Oversight?

What Can Be Learned from Coca-Cola’s Security Oversight?

Data is one of—if not the—most essential resources a business has, which means it is essential that you take the steps to protect it in every way possible from every potential threat. This includes those that could originate from within your own organization. Let’s consider the case of Xiaorong You, who was recently convicted of conspiracy to commit trade secret theft by a federal jury.

You were found guilty after being accused of stealing nearly $120 million in BPA-free technologies from assorted companies, including Coca-Cola and the Eastman Chemical Company. Each of these companies had threat detection systems intended to prevent such activities, but the approach that each took proved to have different effects. Let’s consider the situation, and what we can learn from the threat detection practices that each company seems to have had in place.

Introducing Xiaorong “Shannon” You

You is a naturalized US citizen who holds a Ph.D. in Polymer Science and Engineering, a degree that enabled her to work for several companies since the early 1990s. Starting in December of 2012, You served as a principal engineer for global research for Coca-Cola until August of 2017. After that, she transitioned to the Eastman Chemical Company to take a position as packaging application development manager, where she worked from September of 2017 until her employment was terminated in June of 2018 upon the discovery of her activities.

While she held these positions, You had access to various trade secrets—many of which were only shared amongst a small group of employees. Despite her written affirmation that she had not retained any of these secrets, You had in fact done so and shared them with the People’s Republic of China in an application to The Thousand Talents program. This program has been used in the past to bring advanced technologies to the country and has been linked to other such cases that have been prosecuted by the Department of Justice.

You stole this data by simply uploading it to her personal Google Drive storage, occasionally photographing particularly sensitive information with her personal smartphone. Once she had this data, You collaborated with a Chinese national named Xiangchen Liu to create their own company in China to monetize these secrets. Co-opting an Italian manufacturer, the stolen BPA-free technology was then incorporated into their own products.

Several companies were ultimately impacted by these activities: naturally, Coca-Cola and Eastman Chemical, as well as AkzoNobel, Dow Chemical, PPG, TSI, Sherwin Williams, and ToyoChem.

What Could Have Prevented These Threats?

To be clear, Coca-Cola and The Eastman Chemical Company were notably different in how able they were to handle these kinds of insider threats. While You had left Coca-Cola by August of 2017, she was not indicted for these crimes until 2019—after she had already been exposed by Eastman Chemical.

This suggests that, until her activities were brought to light, Coca-Cola had no idea such things had happened under their roof. In turn, this suggests that:

  • Coca-Cola wasn’t using the tools that could have detected these activities in real-time, and as a result did not have the means to keep their sensitive data from leaving the corporate infrastructure and environment.
  • Coca-Cola also had no policies in place to keep non-authorized devices away from sensitive data. As You demonstrated, the relatively low-tech method of photographing data can still be highly effective.

Now, comparing You’s departure from Coca-Cola to her dismissal from the Eastman Chemical Company, it seems clear that the latter organization did in fact have the means to detect her activities in place. Otherwise, that sum of $120 million could have been substantially more.

Even if a business is serious about its security, it could all be for naught if the small details go unnoticed. There is no denying the size and influence that Coca-Cola possesses, but that did little to stop You in her efforts.

BNMC can help your business protect its data the way it needs to be protected, against threats from all angles. To learn more about the solutions and services we offer, give us a call at 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, May 10 2021

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.bnmc.net/

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Technology Productivity Business Computing User Tips Cloud Email Software Privacy Network Security Hackers Workplace Tips Efficiency Microsoft Business Google Data Computer Hardware Hosted Solutions Malware IT Services Communication Internet Mobile Device IT Support Mobile Devices Small Business Smartphone Phishing Android Users Innovation Cloud Computing Data Recovery Tech Term Ransomware Backup Managed IT Services Windows Smartphones Cybersecurity Information Saving Money VoIP Quick Tips Outsourced IT Passwords Upgrade Miscellaneous communications Network Disaster Recovery Facebook Microsoft Office Browser Business Management Windows 10 Social Media Data Backup Office 365 Server Business Continuity Collaboration Productivity Internet of Things COVID-19 Managed IT Services Managed Service Data Management Apps Gadgets Remote Work Windows 10 Vulnerability Remote Monitoring Analytics Artificial Intelligence Gmail Infrastructure Mobile Office App Word Save Money Information Technology Chrome Managed Service Provider Government Router Money Conferencing Spam WiFi Encryption Remote Workers Employer-Employee Relationship Networking Virtual Reality VPN Settings Access Control Data Security Paperless Office Applications Holiday BYOD Display IT Support Website Company Culture Tip of the week Google Drive Big Data Development Content Filtering Wireless Automation Bandwidth End of Support Apple HIPAA Education IT Management Storage BDR Business Technology Virtual Private Network Wi-Fi Computers Virtualization YouTube Hacker Unified Threat Management Data storage Compliance Risk Management Computing Maintenance Employee-Employer Relationship Operating System Firewall Office Tips Managed Services Avoiding Downtime Social Document Management Robot Antivirus Break Fix Data Breach Mouse Solid State Drive Windows 7 IT Identity Theft Cryptocurrency Search Social Network Going Green Training Free Resource Downtime Cybercrime Software as a Service Marketing Remote Computing Hard Disk Drive Printing Images 101 Mobile Security SaaS Server Management Vendor Touchscreen Password Managed IT Data loss How To Business Intelligence Tablet iOS Blockchain Telephone Systems Retail Alert Remote desktop Outlook Regulations Bring Your Own Device Two-factor Authentication MSP Managed IT Service Vendor Management LiFi Budget Augmented Reality Monitors Hosted Solution Customer Relationship Management Scam Chromebook Humor Laptop Managing Stress Administration OneNote Best Practice The Internet of Things Nanotechnology Websites Gamification Wearable Technology Network upgrade Time Management Printer Mobility Twitter Batteries Shopping Black Friday Alerts USB Co-Managed IT RMM Motherboard Cables IT solutions Corporate Profile Fraud Cost Management Emergency Onboarding GDPR Policy Google Docs Identity Continuity Servers Google Calendar Safety Managed Services Provider Screen Reader Charging Dark Web Slack Hard Disk Drives Automobile Smart Office Network Management Print Toner Myths Hacks G Suite Employees Cyber Monday Messaging Holidays Google Wallet Licensing Dongle Network Congestion Content Huawei Bitcoin Banking Dell Wires Distribution WannaCry Assessment Digital Signage Data Warehouse Business Growth Procedure Cabling Solar Legislation Entertainment Gig Economy Smart Tech Microsoft Excel Monitoring Solid State Drives Legal Google Maps Work SharePoint Writing Shortcuts Mobile Management Smart Technology Employee-Employer Relationships Unified Communications Payment Card Drones Cooperation Service Level Agreement Techology Streaming Processor Windows 8 Reviews Halloween Voice over Internet Protocol Hybrid Cloud Logistics 2FA Hotspot Internet Exlporer Lenovo Dark Data Troubleshooting Update Business Analysis PCI DSS Statistics Mobile Device Management FBI Connectivity Mail Merge Spying National Security Deep Learning IT Technicians Optimization Downloads Security Cameras Profiles Shortcut Distributed Denial of Service Analysis Students Politics Inventory Digital Payment Staff Leominster VoIP Unified Threat Management Human Error Memory Scary Stories Modem FinTech Scalability Work/Life Balance Asset Management Digital Language Value Firefox Superfish Customer Service Virus Alt Codes Meetings Battery Disaster Running Cable Bluetooth Comparison K-12 Education Buisness IoT Address Permissions Health Updates Private Cloud Peripheral Mirgation Recycling Office Samsung Utility Computing Sports Cookies Patch Management Mixed Reality Tech Support Shadow IT Virtual Desktop K-12 Schools User Error Device Reducing Cost user treats Migration Consulting Memes Spyware Computing Infrastructure Professional Services LED Threats Typing Files Uninterrupted Power Supply Social Networking Specifications Current Events Computer Care Instant Messaging IBM Star Wars PowerPoint File Sharing Management Chatbots eWaste Heating/Cooling Multi-Factor Security Social Engineering Laptops Physical Security Error Upgrades Gadget Emoji Financial Point of Sale Ben McDonald shares Travel Crowdsourcing Personal Information Botnet 3D Printing Supercomputer CrashOverride Cortana Staffing Motion Sickness Regulation Machine Learning Administrator Processors Taxes Unsupported Software IT Budget Web Server what was your? GPS IT Consultant Computer Repair Relocation Mobile Data Cameras How To Tracking Printers Recovery Mobile Computing Cleaning Black Market CCTV Law Enforcement Webcam Electronic Medical Records Notifications

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3