From entry-level employees to senior management, when people think of securing their network, they consider steps to protect from external attack and ignore or overlook threats from within the organization itself.
We don't like to think of our coworkers or friendswith whom we work, eat lunch, commiserate over tasks we dislikeas people who would hack or do anything to hurt the company. But we must come to terms with the fact that it's possible for a fellow employee to use a company-supplied Internet connection and equipment to launch an attack.
This risk is born of the fact that companies really don't know what their employees do and don't have access to, and what exactly they may be doing on the network. Added to the fact that many security threats originate internally, this should give firms enough incentive to put some of their security dollars toward internal defenses.