Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
An individual or group that intends to harm an organization's systems or data. Includes nation-states, cybercriminals, hacktivists, and insiders.
Adversary Definition: An individual or group that intends to harm an organization's systems or data. Includes nation-states, cybercriminals, hacktivists, and insiders.
An adversary is any individual, group, or entity that intends to cause harm by compromising, damaging, or exploiting an organization's systems, data, or operations. In threat modeling, the term spans nation-state actors, organized cybercriminals, hacktivists, competitors, and malicious insiders, each with distinct motives, resources, and capabilities.
Adversaries operate by selecting targets, gathering intelligence, and executing tactics across the attack lifecycle. Frameworks like MITRE ATT&CK catalog the techniques they use, from reconnaissance and initial access through privilege escalation, lateral movement, and exfiltration. Common methods include phishing and other social engineering, malware deployment, credential theft, exploitation of unpatched vulnerabilities, and abuse of misconfigured systems. Their sophistication ranges from opportunistic script users to advanced persistent threats (APTs) that maintain long-term, stealthy access.
Understanding the adversary matters because defenses must be calibrated to who you are actually facing. A control adequate against a casual attacker may be useless against a well-funded nation-state. Threat-informed defense, adversary emulation, and red teaming all start by profiling likely adversaries, their objectives, and their preferred techniques. Without this perspective, security teams spend resources on generic controls while leaving the paths a real attacker would take unguarded, and they struggle to prioritize detection and response.
For example, a financial firm modeling its risks might identify two distinct adversaries: organized crime groups motivated by financial gain, who favor business email compromise and ransomware, and a competitor's insider seeking to steal proprietary trading algorithms. The defenses differ sharply. Against ransomware, the firm invests in offline backups, network segmentation, and email filtering. Against the insider, it relies on least-privilege access, data loss prevention, and user behavior analytics. By naming each adversary and mapping their likely techniques to ATT&CK, the security team builds targeted detections and tabletop exercises that reflect realistic attacks rather than abstract threats.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →