External attackers typically sneak into an organization by exploiting an unpatched system, or via malware or phishing attacks. Once they break your perimeter, these attackers essentially take the form of insiders, allowing them to cover their tracks as they seek out privileged accounts and credentials to move laterally and escalate access.