Which term describes employees who can pose a threat to data security due to their position or disposition?

Insider threat is the risk from people inside the organization who already have legitimate access to systems and data. Internal actors are employees or others within the organization whose position gives them access, and their disposition—whether malicious or careless—can make them a security risk. Because they’re inside the network and trusted, they can bypass some controls and exfiltrate information more easily than external attackers. External actors come from outside the organization, hacktivists are a specific type of external attacker driven by a political or social motive, and a hash is a cryptographic value, not a person. Recognizing internal actors highlights why controls like least privilege, ongoing access reviews, and user monitoring are essential.