Malicious Insiders

Known as a Turncloak, malicious insiders are people who acts maliciously and intentionally abuse legitimate credentials, typically to steal information for financial or personal incentives.

Frequently Asked Questions

  • Malicious Insiders
  • How does the insider threat attack happen?
    Malicious insiders have a distinct advantage in that they already have authorized access to your company's network, information, and assets. They may have accounts that give them access to critical systems or data, making it easy for them to locate it, circumvent security controls and send it outside of the organization.
  • What are insider threats?
    Insider threats are users with legitimate access to company assets who use that access, whether maliciously or unintentionally, to cause harm to the business. Insider threats aren’t necessarily current employees, they can also be former employees, contractors, or partners who have access to an organization’s systems or data.  
  • What do insider threats target?
    • Company unclassified networks (internal and extranets), partner and community portals, and commonly accessed websites.
    • Proprietary information (business strategy, financial, human resource, email, and product data).
    • Export-controlled technology.
    • Administrative and user credentials (usernames, passwords, tokens, etc.).
    • Foreign intelligence entities seek the aggregate of unclassified or proprietary documents which could paint a classified picture.
  • Where do the inside attackers come from?
    Inside attackers come from within your organization - they can be insiders in your company with bad intentions, or cyberspies impersonating contractors, third parties, or remote workers. They can work both autonomously or as part of nation-states, crime rings, or competing organizations. While they might also be remote third-party suppliers or contractors located all over the world, they have some level of legitimate access to your systems and data.
  • Why are insider threats so dangerous?
    Detecting insider threats is no easy task for security teams. The insider already has legitimate access to the organization’s information and assets and distinguishing between a user’s normal activity and potentially malicious activity is a challenge. Insiders typically know where the sensitive data lives within the organization and often have elevated levels of access, they don’t act maliciously most of the time; that’s why it’s harder to detect their harmful activities than it is to detect external attacks. As a result, a data breach caused by an insider is significantly more costly for organizations than one caused by an external attacker.
  • Why are you a target for insider threats?
    • Publicly available information helps foreign intelligence entities identify people with placement and access.
    • Contract information (bid, proposal, award, or strategies).
    • Company website with technical and program information.
    • Connections (partnerships, key suppliers, joint ventures, etc.) with other cleared or non-cleared companies.
    • Employee association with companies or technologies made public through scientific journals, academia, public speaking engagements, social networking sites, etc.

    Sandworm: A New Era of Cyberwar

    In 2014, the world witnessed the start of a mysterious series of cyberattacks. Targeting American utility companies, NATO, and electric grids in Eastern Europe, the strikes grew ever more brazen. They culminated in the summer of 2017, when the malware known as NotPetya was unleashed, penetrating, disrupting, and paralyzing some...

    Read more




    A logic bomb is a type of malicious software that is appended to an application and is triggered by a specific occurrence, such as a logical condition or a specific date and time.

    Read more


    The Nonprofit Executive’s Guide to Cyber Risk Management

    Download Paper ts governance™ was designed to help executive directors, board members, and senior staff manage cyber risk within nonprofit organizations. The introduction helps nonprofit leaders understand the risk landscape and their role in managing cyber risk, part one explains how to lead the organization toward an improved cybersecurity posture, and...

    Read more




    Welcome Back!

    Login to your account below

    Retrieve your password

    Please enter your username or email address to reset your password.

    Add New Playlist