Both are viable. It depends a bit on industry; pharma companies, say, are quite concerned about internal threats whereas financial and retail are more likely targets of external actors.
You do need to consider the type of honeypot used - asking the question "what is the goal the adversary has" is a good question to ask and optimizing you honeypots based on that is a smart thing. An internal threat is going to look for specific types of assets, and you need to build honeypots (or decoys, as the modern lingo calls them) that look like those assets.
You do need to consider the type of honeypot used - asking the question "what is the goal the adversary has" is a good question to ask and optimizing you honeypots based on that is a smart thing. An internal threat is going to look for specific types of assets, and you need to build honeypots (or decoys, as the modern lingo calls them) that look like those assets.