May 14, 2021

Insider Threats “Turncloaks”

So much is said about external threats to organizations such as phishing emails, ransomware or coordinated cyber-attacks. While these external threats may make up a large portion of breaches, insider threats still pose a huge risk to organizations.

Insider Threats Turncloaks

As it sounds, insider threats are risks to an organization and its data that are enabled from the inside. The enabling can be either accidentally initiated by an individual sometimes referred to as a “pawn”, or could be willingly performed with malicious intention, by someone known as a “turncloak”.
Turncloaks are often trusted employees or contractors who have gained their access permissions to a facility or company data. Using their access and knowledge of the company and its potential vulnerabilities, they may use their privileges to steal sensitive information, company secrets, or sabotage projects. Turncloaks are often coerced into their activities by another party whom they may feed the stolen data back to for profit. Or it could be just the actions of a lone wolf. Real examples of this activity happen every day and many activities aren’t caught until much later, as it may not be easy to detect malicious activity when it is performed by an authorized employee.

Don’t get any ideas!

This type of intentional malicious theft of data is an instant violation of your organization’s policies and procedures and is most likely a serious crime! Instead, let’s focus on how to spot this type of malicious behaviour in our office.

If you see something or hear something, speak up!

If you see any suspicious behavior from a co-worker or contractor in your office, talk to your supervisor and avoid confronting the co-worker yourself. If you are included in a conversation where a co-worker hints towards this activity, it is your obligation to report this to your supervisor. You don’t want to be an accomplice or get roped into their crime. Many times, this turncloak behavior is positioned by employee as a harmless activity, where no one is getting hurt. However, this is not true, as stolen data could be a from customers, putting them as risk of identity theft, or stolen company data could put your organization and many jobs at risk.

Managers and IT should work together to develop plans to monitor employee activities on the network and restrict access where necessary. Additionally, termination procedures should be implemented and followed promptly to mitigate the risk of malicious activities after an employee is terminated.

Related posts:
6 Steps Businesses Can Take to Get Their Cybersecurity in Order
Read more chevron_right
Who Handles Cybercrime in Canada?
Read more chevron_right
Cyber Espionage Explained
Read more chevron_right See all blogs chevron_right