By "casing" can also be called enumeration, where the hacker reviews what type of systems that you have on the Internet.
It is the first step in attempting a breach into your infrastructure.
Here is where a scan would find out what type of programs you are running.
Then the (unethical of course) hacker attempts to break your defenses. Hopefully you have the latest patches, the passwords are tough to crack and so on.
Once the hacker has a beachhead the attacks are now different in nature, as now they are in the network and attacks are coming from the inside. One of the first things they do is to increase their capabilities by attaining more permissions and more systems.
Second, the hacker will create their own accounts, so they can come and go as they please.
Third, the hacker will take what they were looking for or use your computers to create more attacks. It depends on who the hacker is and their goals.