Insider attacks are particularly difficult to defend against. Insiders have internal knowledge of the network, and often know a system’s vulnerabilities. Even if they don’t violate security policies, they can perform authorized actions in a malicious way.
I like Common Sense Guide to Mitigating Insider Threats. It’s light reading, if you like that sort of thing. Here are the recommendations in brief: