Sadly, this is pretty routine for us (not Boeing). Every goddamn day we have somebody plugging in a USB stick and copying 1-20 GB of data to it. We see similar volumes "accidentally" uploaded to iCloud whenever someone syncs their work laptop to their personal iCloud account.
We watch it happen. We have the tools to stop it. But we're not empowered to use them, for the exact same reasons that led to Equifax's fuckup-- we're not allowed to do anything that might impact production/pursuit of new revenue.
Lately, I'm not convinced this is even the "wrong" approach. Espionage was not invented alongside the Internet. If we build a Thing and it's the only Thing we sell, data concerning it will inevitably be stolen by someone in some way. But if we iterate on it fast enough, the value of older versions leaked diminishes. We're in the market of building and selling a moving target.
It also creates an inflated volume of data. You can't just break in, grab "the_flag.zip" and run like hell-- you have to exfiltrate a fuckton of data, make sense of it, and carve something usable from it. Like, checking binaries into a git repo makes the size bloom, but it doesn't add a proportionate amount of "value" to stealing that repo. It's padded with drafts and garbage.
We watch it happen. We have the tools to stop it. But we're not empowered to use them, for the exact same reasons that led to Equifax's fuckup-- we're not allowed to do anything that might impact production/pursuit of new revenue.
Lately, I'm not convinced this is even the "wrong" approach. Espionage was not invented alongside the Internet. If we build a Thing and it's the only Thing we sell, data concerning it will inevitably be stolen by someone in some way. But if we iterate on it fast enough, the value of older versions leaked diminishes. We're in the market of building and selling a moving target.
It also creates an inflated volume of data. You can't just break in, grab "the_flag.zip" and run like hell-- you have to exfiltrate a fuckton of data, make sense of it, and carve something usable from it. Like, checking binaries into a git repo makes the size bloom, but it doesn't add a proportionate amount of "value" to stealing that repo. It's padded with drafts and garbage.