From Article: http://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/insider-threats-big-problem-shouldnt-surprise/
"I was just reading the results of a Forrester study called, “Understand the State of Data Security and Privacy.” One of the big findings was that “insiders” were the top source of breaches in the last 12 months, with 36% of breaches attributed to the (often inadvertent) misuse of data by employees.
I’m not surprised by this and I doubt you are, either. After all, insiders have the most access to our critical systems and data, so it stands to reason they would be a top vector for attacks and data disclosure problems.
This Forrester report drives home the need for enterprises to monitor their systems and data for suspicious changes and activities, regardless of the source. Merely watching network traffic is not sufficient."
This is very true. Although 36% of breaches were directly attributable to employees, I would speculate that the majority of breaches are based on both the misuse of employee data by both indirect and direct means; by the employee, and by people exploiting the employee.
It seems sometimes that our number one security threat is your employee. And that is why it is very important that we segregate data. That we allow access to confidential data on a need-to-know basis. That we institute the appropriate security and preventative measures to protect systems from employees AND from neglect and incompetence.
A good first step is to invite your IT staff or consultant to perfor a SWOT (Strengths, Weaknesses, Opportunities, Threats) Analysis so we can see what weak points we have in our systems and find ways to improve. The worst thing you can do is be reactive and not proactive on something as important as the information that drives your comapny.
A breach can teach you what you are doing right or what you are doing wrong. A customer of ours was hit two weeks ago. Ironically, I was in Hawaii on my first vacation since I started the business. We have a strong competency in our team, however, and we were able to manage the breach well. We have multiple redundancies built up into all of our systems. The breach taught us where we had been lacking in our defense, and we made adjustments accordingly.
Don't leave your security to chance and the good graces of your appliances. As my friend TIm says, "Trust God, but lock the car."