Understanding the Different Types of Adversaries

As a CISO, expanding and evolving your thinking around what — and who — constitutes an adversary is essential for effective cybersecurity management. In this second part of our series on adversary alignment, we will take a closer look at the different types of adversaries that CISOs should consider when building their organization’s cybersecurity strategies.

External adversaries

External adversaries are the conventional types of attackers, such as criminals, nation-states, and other threat actors, that exist outside of an organization. These adversaries employ various techniques from the MITRE ATT&CK^® matrix to execute their tactics, which include compromising credentials, hijacking browser sessions, or extracting data from local systems or shared drives.

Internal adversaries

The term “internal adversaries” covers more than just malicious insiders. It also includes any user within an organization whose actions knowingly or unknowingly compromise security, or who has been compromised without their knowledge. This category of adversaries can involve employees who are unaware of or indifferent to the security operation team’s security protocols and create vulnerabilities that external adversaries can exploit.

Endemic adversaries

Endemic adversaries are decision-makers within an organization who have embedded processes, policies, and priorities that do not support the detection and response to threats. Examples of endemic issues include:

• Reluctance to invest in cybersecurity infrastructure
• Accumulation of tech debt and legacy systems
• Poor management of third-party partners, contractors, or vendors
• Ineffective consolidation after mergers and acquisitions
• A pervasive culture of conflict and politics

Five steps for addressing endemic adversaries

To tackle endemic adversaries, organizations must implement strategies and processes that proactively mitigate their negative impact. Here are five steps to consider:

1. Assess your organization’s culture — Evaluate the existing culture within your organization and identify any potential sources of friction or conflict that may be affecting cybersecurity decision-making.
2. Invest in cybersecurity — Allocate sufficient resources to support robust cybersecurity, including investing in tools, technologies, and infrastructure.
3. Address tech debt and legacy systems — Prioritize updating and replacing outdated systems that are difficult or impossible to protect.
4. Improve third-party management — Enhance coordination and integration in the management of third-party partners, contractors, or vendors to reduce potential security risks.
5. Foster a culture of collaboration: Encourage open communication and collaboration among senior leadership and across teams, to create an environment where cybersecurity is a shared responsibility.

Conclusion

Understanding the different types of adversaries is essential for building a comprehensive cybersecurity strategy. By considering external, internal, and endemic adversaries, CISOs can better align their organizations with the evolving threat landscape and effectively mitigate potential risks.

In the next blog post, we will explore three lenses through which a CISO can evaluate the success of an adversary-aligned security operations team and the value it delivers to the organization.