Insider Privilege and Misuse

- Overview

An insider threat is a security risk that originates within the targeted organization. This doesn’t mean that the actor must be a current employee or officer in the organization. They could be a consultant, former employee, business partner, or board member.

The two main types of insider threats are turncloaks and pawns, which are malicious insiders and unwilling participants, respectively.

• Turncloaks: A turncloak is an insider who is maliciously stealing data. In most cases, it’s an employee or contractor – someone who is supposed to be on the network and has legitimate credentials but is abusing their access for fun or profit. We’ve seen all sorts of motives that drive this type of behavior: some as sinister as selling secrets to foreign governments, others as simple as taking a few documents to a competitor upon resignation.
• Pawns: A pawn is just a normal employee – a do-gooder who makes a mistake that is exploited by a bad actor or otherwise leads to data loss or compromise. Whether it’s a lost laptop, mistakenly emailing a sensitive document to the wrong person, or executing a malicious Word macro, the pawn is an unintentional participant in a security incident.

[More to come ...]