NetworkWorldFusion features a debate between two authors. One writes Employees [are] the biggest threat to network security. The other says Intruders [are] the biggest threat to network security. My personal opinion is that rogue insiders have the potential to cause the most damage, but the frequency with which they appear and cause havoc is lower than people think. Outsiders, on the other hand, are frequently attacking and exploiting enterprises, but they are not often causing the sort of damage a rogue insider could.
What do you think? Which group presents the bigger risk? I decided to frame this question with respect to risk, since one can estimate risk using the equation
risk = threat X vulnerability X cost of asset (replacement) or "asset value"
On a related note, I found this October 2004 article by Anton Chuvakin to be interesting: Issues Discovering Compromised Machines. He begins by questioning the claim made by the authors of the book Exploiting Software, that "Most of the global 2000 companies are currently infiltrated by hackers. Every major financial institution not only has broken security, but hackers are actively exploiting them." While this is plausible, the level of exploitation is uncertain. Do intruders have complete control of all of these organizations, or are they contained in some manner? We will probably never see proof of this, but who knows what could happen after the latest T-Mobile disclosures.
On another related note, Microsoft security expert and employee Robert Hensing has been on a blogging tear. He is posting details of some incident responses he has done. They make for good reading.