The difference between an external and internal penetration test is what exactly is being tested.
Testing both is important. While making sure your external defenses are strong is critical, knowing that your internal network is as secure as possible is also imperative. Malicious actors can gain access to your internal network through exposed vulnerabilities or social engineering activities. A disgruntled employee could obtain access to information they should not have and leverage it against an organization by selling personally identifiable information or credit card information on the dark web.