By comparison, the damage done by one IT person gone bad far outweighs the damage that could be done by a group of hackers. In an article presented by Computer World, the threats from privilege-laden IT employees is discussed by the security firms hired to make things right after the fact. CERT has studied insider threats since 2001, collecting information on more than 400 cases and cites the most common mistakes made by companies is inadequate vetting during the hiring process, inadequate oversight and monitoring of access privileges and overlooking of red flags in behavior.
“‘It requires not only looking at what they are doing online but also what’s happening in the workplace,’ says Cappelli. ‘People really need to understand the patterns here, the story behind the numbers.'”