An insider threat is a malicious hacker who can be an employee or officer of a business, institution, or agency. An insider threat is also known as a cracker or black hat. It can also refer to an outside person who poses as an employee or officer by obtaining false credentials. The cracker obtains access to the computer systems or networks and then conducts activities intended to cause harm to the enterprise.
Insider threats usually occur in four steps or phases. First, the cracker gains entry to the system or network. Secondly, the cracker investigates the nature of the system or network for learning the vulnerable points and areas where the most damage can be caused with the least effort. Thirdly, the cracker sets up a workstation to conduct the malicious activity. Finally, the actual destructive activity takes place.