When I discuss the insider threat with folks in the community, there seems to be several schools of thought. For example, some will apply a much lower risk to the insider threat, treating it as a one-off chance that an employee gets mad and does something bad out of spite. While this is a possibility, insider threats can run much deeper. We tend to pay attention to events that are in our face, such as an employee gone mad running around with WiFi DoS tools and malware-laced USB thumb drives. This would certainly catch our attention.