At SchoolTod Johnston
There are several types of bad actors in cybersecurity. Knowing them can keep you and your kids safe online.

Cybersecurity can be a difficult subject to wrap your head around, especially considering all the different terms and concepts associated with it. Illegal hackers, ethical hackers, cybercriminals, insiders: are these all the same thing? What do these terms mean and why is it important we know about them?

Cyber crimes are an increasing threat worldwide. According to a comprehensive article on, cybercriminals, or those who engage in illegal activity using computers and the internet, can currently enter 93% of company networks. This includes the networks of financial organizations, educational institutions, government bodies, IT companies, and fuel and energy companies.

In addition, in 2021, partially due to the huge shift to remote work brought on by the pandemic, businesses reported becoming victims to 50% more weekly cyberattacks compared with previous years. Knowing the proper terms for bad actors in cybersecurity is the first step in understanding the threat cybercrime presents and how we might tackle it. 

A hooded person working on computer screen reading "system hacked".

What’s a bad actor called in cybersecurity?

Generally speaking, bad actors in cybersecurity attack and infiltrate digital systems and are motivated by money, politics, or some other malicious intent. They may be referred to as cyber threat actors (CTA), threat actors, and malicious actors. 

Every computer has some type of security to keep strangers out. Even a smartphone requires a password to get inside. Computer passwords are used like a lock on a door. If you have the right key, you can enter. Those who don’t have access to the key (or password) have to ask for permission to get in. You have to ask someone in authority for the right password to unlock the system. 

Computers have passwords guarding the information kept in them because this information is important and personal. If someone accesses your bank account online, for example, they can potentially steal your money by transferring it to their own account. This is like stealing your wallet or breaking into your home and taking expensive things. 



When cybercriminals get access to your personal information like your full name, address, phone number, and your photos, they can potentially pretend to be you and steal your identity. Furthermore, when cybercriminals access the information in the databases of large companies, they can do what’s called “holding it for ransom.” Criminals can block the company from accessing their own data and demand the company pay large sums of money in order to regain control of their own systems. 

There are many types of bad actors in cybersecurity. We’ve outlined the different types of bad actors and their various names and labels below. 

Types of Threat Actors in Cybersecurity

1. Cybercriminals

“Cybercriminals” is the umbrella term for people who commit crimes over the internet or who breach cybersecurity. Cybercriminals hack into systems for their own financial or personal gain. 

2. Unethical Hackers

An unethical hacker, commonly known as a black hat, is someone who hacks into an organization’s data system without permission. They violate cybersecurity on purpose with malicious intentions. This person aims to steal information for their own benefit, or hold it for ransom.  

Kevin Mitnick is a famous black hat hacker who hacked into various high profile systems including those of IBM, Motorola, and the US National Defense Warning System. He served multiple years in prison for his attacks. 

3. Neutral Hackers

As the term suggests, a neutral hacker, or commonly referred to as a gray hat hacker, is someone who sits somewhere in between the good and the bad. These hackers do not work with organizations in an official capacity. They do, however, try to breach the cybersecurity of large corporations and government entities. When they succeed, neutral hackers notify the organizations of the digital vulnerabilities they have found. In this way, neutral hackers act illegally but with good intentions.  

4. Insiders

It’s most common for a malicious hacker to come from outside an organization. Sometimes, however, the danger sits right inside the office. An insider is a hacker from within an organization or business. This person may be a current or previous employee, a business partner, or a contractor with access to data. This type of cybercriminal attacks from the inside to steal data or sabotage systems. Sometimes these criminals sell the data they have access to. 

An example of an insider is the former director of research and development at Garrett Popcorn Shops. This woman stole around 3GB of data that included popcorn recipes and trade secrets. She emailed the information to herself and copied it onto a USB key and took it home. 

5. Hacktivists

Hacktivists are a unique breed of cybercriminals. Hacktivists attack the systems of organizations they consider to be immoral. This type of cybercriminal is known to gain unauthorized access to the data of organizations and cause disruption from within. They may spread political messages, and find incriminating information. 

Examples of famous hacktivists are Anonymous and Wikileaks. Wikileaks’ most notable act was releasing hundreds of thousands of U.S military documents as well as video footage from the Iraq and Afghan wars. 

6. Cyberterrorists

Cyberterrorists are hackers who attack critical computer systems in order to cause damage. For example, a cyberterrorist may hack into computers used in maintaining a city’s water supply. They might adjust information therein, such as how much chlorine has been added to the public’s water, causing the water to become contaminated and dangerous to drink. Cyberterrorism is considered to be a national threat for many countries globally.  

7. Government/State-sponsored Hackers

Sometimes, hackers are hired by their own government as spies. They engage in espionage by hacking into the data systems of other governments in order to obtain sensitive and restricted political or military information from other countries.  

What are Ethical Hackers? Understanding White Hat Hackers

Hacking isn’t always a crime, and some hackers aren’t cybercriminals. Every digital security system has its weak points. An ethical hacker, also commonly referred to as a white hat hacker, is someone who is paid to work with organizations to find cracks and weaknesses in their computer security in order to fix them. An ethical hacker tries to hack into an organization’s computer system. If they succeed, they reveal to the organization how they did it and what must be changed in order to make the system stronger to prevent cyber criminals from entering. 

Banks and other large organizations work with ethical hackers to strengthen their data security. Famous examples of white hat hackers include Apple founder Steve Wozniak and the inventor of the World Wide Web, Tim Berners-Lee. Berners-Lee was banned from using his university’s computers when he hacked into them with a friend and gained access to restricted information. 

How to Defend Against Threat Actors 

The US government has made cybersecurity a major part of the Department of Homeland Security’s overall goal and mission. This can help protect people at a national level. 

On a personal front, you can reduce your risk of becoming a victim of a cybercrime by limiting the personal information you share online. Keep your online social media profiles private, or for your friends only. Don’t share your exact location. Keep your operating systems up-to-date, and use strong passwords that include upper and lower case letters, special characters, and numbers. 

Companies and organizations use a number of sophisticated tactics to prevent cyberattacks at a detailed level that involve well-developed digital protocols and tools. 



Learn About Threat Actors and Other Cybersecurity Topics

Cybersecurity is a fascinating topic everyone who uses a computer needs to know about. To learn more about cybersecurity and teaching kids safe practices, you can access Sphero’s free cybersecurity lessons. Students are our future and through engagement with accessible tools that ignite exploration, like programmable robots, they will lead the way for new developments in exciting times.
At school