Insider Threat – the Levandowski Effect

Brittany Pescetto Blog

Insider Threat – The Levandowski Effect

The biggest cybersecurity threat in 2017 is in cubicle next to you

In a recent study by IBM, reserchers found that over half of?data breaches are a result of internal actors leaking sensitive data, and currently ex-engineer Anthony Levandowski is under fire for doing just that.

Levandowski, a former technology lead for Alphabet, Google’s parent company, and creators of the self-driving car Waymo, is currently in the technological legal battle of his life. The American engineer is accused of lifting approximately 14,000 internal files related to the self-driving technology before founding autonomous trucking company Otto.? He’s also suspected of downloading thousands of documents from Alphabet’s LiDAR design prior to his abrupt resignation, after Otto was acquired by Uber last year in a $680 million deal.? The kicker? Levandowski is alleged to have received $250 million in shares from Uber, the DAY AFTER he cut ties with Alphabet.

Uber maintains that no intellectual property obtained from Waymo or the LiDAR design ever penetrated their network. However a federal judge ordered the cease of any and all work by Levandowski on LIDAR (a key self-driving technology, that uses light in the form of a pulsed laser to measure variable distances to the Earth.)? Uber has since served Levandowski with an ultimatum: hand over the files or hit the road.

Who should I look out for?

Most of the time threats fall into 3 catagories

Unintentional -?Usually involves a “negligent Nancy” who triple clicks. If hackers are phishing, she’s biting, unwittingly of course, but nevertheless putting sensitive data and business value at risk. Often under-trained and unaware of potential threats.

Unknowing – for example a partner or supplier that unknowingly passes on sensitive information either through email, mail, or verbal communication.

Malicious – fully aware that their misuse or exploitation of data will result in harm to the business. Malicious motivating factors include profit, sabotage, fraud or to cause intentional harm to the business.

4 things to take away from the Levandowski Breach

  • Implement an Insider Threat Policy

    Implement a strong security policy or plan of action. Preventative actions should be taken to plan and prepare for any and all potential breaches. Set guidelines for best practice when dealing with sensitive information within the office.

  • Educate Employees

    You don’t know what you don’t know. Once a policy is in place, employees must be trained and retrained. Educating staff on malware, phishing scams and general data protection can combat many internal data breaches.

  • Cross-departmental Collaboration

    Develop a system of checks and balances. Gone are the days of the IT department having sole responsibility for cybersecurity. Cultivate strong cross-departmental communication. Often Human Resources may be the first to spot potential threatening behavior. Monitor “at-risk” employees to a greater degree.

  • Email Encryption

    With The Newberry Group?s email encryption platform, we can ensure that all the protected information you send finds only its intended target. Our solutions prevent accidental exposure of healthcare information, credit card information, social security numbers and other financial and personal data.

US-CERT Security Alerts


The Newberry Group Corp HQ | 10461 Mill Run Circle, Suite 200 | Owings Mills, MD 21117
Columbia | 6750 Alexander Bell Dr Suite 100 | Columbia, MD 21046
Georgia | 2300 Lakeview Parkway Suite 700 | Alpharetta Georgia 30009
Virginia | 11720 Sunrise Valley Drive Suite LL-01 | Reston, VA 20191
Phone: (866) 725-8674 | Fax: (636) 928-8899 | Email:
Copyright 2005-2017 The Newberry Group. All Rights Reserved.