What is a bad actor in cybersecurity?

Q: What is a bad actor in cybersecurity?

A: An entity that’s attempting to circumvent or breach computer security. They’re the adversary that’s trying to shut down your system or steal your data. They’re the people you’re defending yourself against when you put into place strong security protocols and practices.

Also known as…

Bad actors may also be referred to as threat actors, cyber threat actors (CTA), and malicious actors. Sometimes, they’re also labelled by the specific activity they conduct. For instance, cybercriminals, hacktivists, etcetera.

Bad actor or hacker?

The terms ‘bad actor’ and ‘hacker’ are often used interchangeably. But is a hacker a bad actor? It all depends on how they use their skills.

A hacker is a person who uses their technical skills to achieve goals and overcome challenges or problems.

Whether a hacker counts as a bad actor or not depends on the type of hacker they are. That is, whether they’re a black hat hacker, or a white hat hacker.

              Black hat: Hackers that intentionally and maliciously violate cybersecurity.

              White hat: Ethical computer security experts. White hat hackers work with organisations by looking for security weaknesses that need to be fixed. (Not to take advantage of those weaknesses.)

              Grey hat: Lie somewhere between black hat and white hat hackers. Grey hat hackers don’t work with organisations to breach their cybersecurity. But they do alert companies to found vulnerabilities. In other words, their methods are ‘bad’, but their motives are largely benevolent.

Types of bad actor in cybersecurity

Bad actors can come from both external sources and internal ones. (Though it’s more common for a bad actor to be based externally.) There are various types of bad actor, each with their own goals and motivations.  

  • Cybercriminals

Goal: Financial/personal gain

Usually, when the term ‘bad actor’ in cybersecurity appears, it’s relating to cybercriminals — the black hat hackers that do what they do for financial gain. They may use malware, ransomware, or intercept communications. But whatever they do, they do it to line their pockets and benefit themselves.

  • Hacktivists

Goal: Exposing secrets and disrupting organisations they view as immoral

Hacktivists are bad actors that attack systems as part of their activism. They’ll seek unauthorised access to systems to find incriminating information, disrupt systems, and spread social, political, or ideological messages.

  • Insiders

Goal: Financial gain, revenge

An insider bad actor comes from within your business. They could be current or previous employees, contractors, business partners, etcetera. They aim to get around cybersecurity defences by attacking from the inside. From there, they may steal and sell data, or sabotage systems.

  • Government/state-sponsored

Goal: Espionage, whether it’s political, economic or military

Some bad actors are actually spies. They’re funded by nations to discover sensitive information for political gain.

  • Cyberterrorists

Goal: Cause harm and/or damage to critical services

Cyber terrorists are those that attack critical systems with the goal of causing harm to further their cause. Think things like contaminating water supplies, messing with national electricity, and so on.

What is a bad actor in cybersecurity?

Whether they’re motivated by money, politics, or revenge, a bad actor is someone that maliciously attacks and infiltrates your systems.

TL;DR: ‘Bad actor’ is an umbrella term for various digital deviants – the villains of the cybersecurity world.

Useful links

Red and blue teams in cybersecurity: what’s the difference?

ELI5: what is penetration testing?

What is a man in the middle attack?