Insider Threat Led To Data Breach At Ubiquiti

Think protecting yourself from external threats is all you need to do to maintain strong cybersecurity? Think again.

FBI and DoJ investigators claim an employee from Ubiquiti stole data from the company, then acted as a whistleblower to divert attention away from himself. According to a recently unsealed grand jury indictment, Nicolas Sharp attempted to take around $2 million via data theft and extortion. It appears he was listed in LinkedIn as having worked for the company from August 2018 to March of 2021 under the role of “cloud lead”.

Sharp’s case isn’t unique, and having threats from the inside is something all organizations need to take into consideration. Unsurprisingly, employees are most likely to violate company asset protection during the time leading up to their departure. If someone is fired or puts in their two weeks notice, it’s those next few days that businesses might need to worry about.

On the same evening Sharp sent a job application to a different technology company, he ran searches on Ubiquiti’s infrastructure and data stores. He then “attacked” and exfiltrated company data.

The FBI alleges, according to a redacted indictment of Sharp, that he plotted to extort Ubiquiti and told media of the attack after Ubiquiti didn’t meet his ransom demands. During this process, he broke multiple federal laws and lied to FBI agents when confronted about the situation.

The above incident just goes to show that even trusted members of your team could pose a security risk when it comes to trade secrets and intellectual property. Businesses and executives need to have both company training on how to handle this type of situation, as well as policies and procedures in place to mitigate such a risk.