What is the greatest risk to your network? It may not be the teenage hacker sitting in his room trying to figure out how to get into your network. It might just be your administrative assistant and the websites she visits, maybe even from home on her work laptop.
Case in point. A fellow Security Engineer arrived on site at a potential customer’s site to do an evaluation with them but was quickly moved down the priority ladder because earlier in the day a person had come in and infected the entire network with the GAObot.AO worm. It took most of the day and all of the customers IT resources to get the worm under wraps and even then having to recover for days.
So instead of working with a vendor to evaluate software that may have stopped this from happening in the first place, they had to spend resources and time fixing an issue that never should have happened.
When I hear people talk about insider threats it often seems that they picture someone sitting at their desk stealing company secrets and then selling them off. Or they see a sysadmin as a possible risk because he may have built in backdoors into all of their systems. I believe that the true insider threat comes from your users that don’t know any better and are unaware of all the risks they present to the company.