This has some interesting musings on insider attacks and risks, for example: "... my mom is really not capable of launching an internet based attack against a F500 enterprise. However, when she was an office manager, I am reasonably sure she had the ability to do lots of bad things."
Things of that sort help keep the insider angle at the center of attention. It leads me to a scary thought sequence:
a. Is the percentage of unethical people at a major F500 company any different than the entire world? Probably not - or not by much...
b. Thus, for every million of script kiddiez, you have, say, 10 "bad apples" at your org
c. Also, your firewalls/IDS/IPS/NBA/whatever will stop 99%-100% of the above millions
d. Your defenses will probably stop NONE of the 10 "insiders" (and they know where everything is...)
So, who is the bigger risk? I bet on the "evil mom."