BSGTech Blog

BSGTech has been serving the Chicagoland area since 2009, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

What Can Be Learned from Coca-Cola’s Security Oversight?

What Can Be Learned from Coca-Cola’s Security Oversight?

Data is one of—if not the—most essential resources a business has, which means it is essential that you take the steps to protect it in every way possible from every potential threat. This includes those that could originate from within your own organization. Let’s consider the case of Xiaorong You, who was recently convicted of conspiracy to commit trade secret theft by a federal jury.

You were found guilty after being accused of stealing nearly $120 million in BPA-free technologies from assorted companies, including Coca-Cola and the Eastman Chemical Company. Each of these companies had threat detection systems intended to prevent such activities, but the approach that each took proved to have different effects. Let’s consider the situation, and what we can learn from the threat detection practices that each company seems to have had in place.

Introducing Xiaorong “Shannon” You

You is a naturalized US citizen who holds a Ph.D. in Polymer Science and Engineering, a degree that enabled her to work for several companies since the early 1990s. Starting in December of 2012, You served as a principal engineer for global research for Coca-Cola until August of 2017. After that, she transitioned to the Eastman Chemical Company to take a position as packaging application development manager, where she worked from September of 2017 until her employment was terminated in June of 2018 upon the discovery of her activities.

While she held these positions, You had access to various trade secrets—many of which were only shared amongst a small group of employees. Despite her written affirmation that she had not retained any of these secrets, You had in fact done so and shared them with the People’s Republic of China in an application to The Thousand Talents program. This program has been used in the past to bring advanced technologies to the country and has been linked to other such cases that have been prosecuted by the Department of Justice.

You stole this data by simply uploading it to her personal Google Drive storage, occasionally photographing particularly sensitive information with her personal smartphone. Once she had this data, You collaborated with a Chinese national named Xiangchen Liu to create their own company in China to monetize these secrets. Co-opting an Italian manufacturer, the stolen BPA-free technology was then incorporated into their own products.

Several companies were ultimately impacted by these activities: naturally, Coca-Cola and Eastman Chemical, as well as AkzoNobel, Dow Chemical, PPG, TSI, Sherwin Williams, and ToyoChem.

What Could Have Prevented These Threats?

To be clear, Coca-Cola and The Eastman Chemical Company were notably different in how able they were to handle these kinds of insider threats. While You had left Coca-Cola by August of 2017, she was not indicted for these crimes until 2019—after she had already been exposed by Eastman Chemical.

This suggests that, until her activities were brought to light, Coca-Cola had no idea such things had happened under their roof. In turn, this suggests that:

  • Coca-Cola wasn’t using the tools that could have detected these activities in real-time, and as a result did not have the means to keep their sensitive data from leaving the corporate infrastructure and environment.
  • Coca-Cola also had no policies in place to keep non-authorized devices away from sensitive data. As You demonstrated, the relatively low-tech method of photographing data can still be highly effective.

Now, comparing You’s departure from Coca-Cola to her dismissal from the Eastman Chemical Company, it seems clear that the latter organization did in fact have the means to detect her activities in place. Otherwise, that sum of $120 million could have been substantially more.

Even if a business is serious about its security, it could all be for naught if the small details go unnoticed. There is no denying the size and influence that Coca-Cola possesses, but that did little to stop You in her efforts.

BSGtech can help your business protect its data the way it needs to be protected, against threats from all angles. To learn more about the solutions and services we offer, give us a call at (866) 546-1004.

Tip of the Week: Making Sure Your 2FA is A-Okay
So You’ve Been Attacked. Now What?
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, 28 March 2024

Captcha Image

Mobile? Grab this Article

QR Code

Customer Login


News & Updates

BSGtech (formerly Business Solutions Group) is proud to announce the launch of our new website at www.bsgtech.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more infor...

Contact us

Learn more about what BSGtech can do for your business.

BSGtech
800 E. Business Center Dr.
Mt. Prospect, Illinois 60056

123 W Madison Street, Suite 1700
Chicago, Illinois 60602