Understanding the Different Types of Adversaries - Exabeam

Understanding the Different Types of Adversaries

April 13, 2023


Reading time
3 mins

As a CISO, expanding and evolving your thinking around what — and who — constitutes an adversary is essential for effective cybersecurity management. In this second part of our series on adversary alignment, we will take a closer look at the different types of adversaries that CISOs should consider when building their organization’s cybersecurity strategies.

In this article:

External adversaries

External adversaries are the conventional types of attackers, such as criminals, nation-states, and other threat actors, that exist outside of an organization. These adversaries employ various techniques from the MITRE ATT&CK® matrix to execute their tactics, which include compromising credentials, hijacking browser sessions, or extracting data from local systems or shared drives.

Internal adversaries

The term “internal adversaries” covers more than just malicious insiders. It also includes any user within an organization whose actions knowingly or unknowingly compromise security, or who has been compromised without their knowledge. This category of adversaries can involve employees who are unaware of or indifferent to the security operation team’s security protocols and create vulnerabilities that external adversaries can exploit.

Endemic adversaries

Endemic adversaries are decision-makers within an organization who have embedded processes, policies, and priorities that do not support the detection and response to threats. Examples of endemic issues include:

  • Reluctance to invest in cybersecurity infrastructure
  • Accumulation of tech debt and legacy systems
  • Poor management of third-party partners, contractors, or vendors
  • Ineffective consolidation after mergers and acquisitions
  • A pervasive culture of conflict and politics

Five steps for addressing endemic adversaries

To tackle endemic adversaries, organizations must implement strategies and processes that proactively mitigate their negative impact. Here are five steps to consider:

  1. Assess your organization’s culture — Evaluate the existing culture within your organization and identify any potential sources of friction or conflict that may be affecting cybersecurity decision-making.
  2. Invest in cybersecurity — Allocate sufficient resources to support robust cybersecurity, including investing in tools, technologies, and infrastructure.
  3. Address tech debt and legacy systems — Prioritize updating and replacing outdated systems that are difficult or impossible to protect.
  4. Improve third-party management — Enhance coordination and integration in the management of third-party partners, contractors, or vendors to reduce potential security risks.
  5. Foster a culture of collaboration: Encourage open communication and collaboration among senior leadership and across teams, to create an environment where cybersecurity is a shared responsibility.


Understanding the different types of adversaries is essential for building a comprehensive cybersecurity strategy. By considering external, internal, and endemic adversaries, CISOs can better align their organizations with the evolving threat landscape and effectively mitigate potential risks.

In the next blog post, we will explore three lenses through which a CISO can evaluate the success of an adversary-aligned security operations team and the value it delivers to the organization.

To learn more, read the complete CISO’s Guide to Adversary Alignment

Adversary alignment is the ability to understand your organization’s visibility and capability gaps to detect threats across the entire cyberattack lifecycle. The adversary-aligned CISO has the power to profoundly shift their organization to create a culture of risk awareness, empowerment, and communication, where security leaders and teams can speak candidly about the security capabilities the organization has — and the capabilities that it lacks — and confidently hold senior decision-makers to account.

Download this white paper to learn how your people, processes and tools can be adversary-aligned, and the benefits of doing so.

A CISO’s Guide to Adversary Alignment

Similar Posts

The Importance of Data Science in Cybersecurity: Insights from Steve Magowan

Safeguarding Banks With Security Updates, Patching, and Pen Testing

The Path to Defender Alignment: Key Strategies and Implementation

Recent Posts

The Importance of Data Science in Cybersecurity: Insights from Steve Magowan

Safeguarding Banks With Security Updates, Patching, and Pen Testing

8 Critical Considerations For Defending Against Insider Threats

See How New-Scale SIEM™ Works

New-Scale SIEM lets you:
 • Ingest and monitor data at cloud-scale
 • Baseline normal behavior
 • Automatically score and profile user activity
 • View pre-built incident timelines
 • Use playbooks to make the next right decision

Request a demo of the industry’s most powerful platform for threat detection, investigation, and response (TDIR).

Get a demo today!