Threats from the Inside
What are these threats from the inside? The threat lies in the fact that employees or internal users of a network have already crossed a majority of the network defenses, such as a firewall, an intrusion-detection system, an anti-virus solution, and possibly an email filter, among other preventive measures, and actually have authorized access to treasured corporate data and intellectual property. Depending on the employee's position within the firm, he or she may have full access to sensitive corporate information, trade secrets, client account information, patent applications, drug formulas and trial results, and so on.
Internal users are not restricted just to your employees; they can be interns, contractors, temporary staff, visitorseven the janitorial staff. Any of these people can constitute the ultimate Trojan horse. They're allowed into the firm's office buildingspast the physical security checkpoints secured by a guard and possibly biometric readers. They frequently have workstations with network accesspast the firewall and intrusion-detection system that generally monitor traffic running across the Internet. They commonly have other external connections over which they can access the company's files and recordspast access-control lists.
If your security and HR departments willingly granted such open access to a representative from a competing firm or to some unknown party, there would likely be severe repercussions (mass firings, for example). However, simply based on the fact that the individual in question is an employee or otherwise known person, such access is often allowed after simply an orientation session.
That better be one good orientation session!